1. Manuals
  2. Brands
  3. Allnet Manuals
  4. Wireless Router
  5. ALL1295VPN
  6. User manual

Allnet ALL1295VPN User Manual

Dual wan broadband vpn router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Dual WAN Broadband
VPN Router
ALL1295VPN
Broadband Internet Access
4-Port Switching Hub
2 WAN Ports
User's Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ALL1295VPN and is the answer not in the manual?

Questions and answers

Related Manuals for Allnet ALL1295VPN

Summary of Contents for Allnet ALL1295VPN

  • Page 1 Dual WAN Broadband VPN Router ALL1295VPN Broadband Internet Access 4-Port Switching Hub 2 WAN Ports User's Guide...

  • Page 2: Table Of Contents

    Table of Contents CHAPTER 1 INTRODUCTION ..................... 1 Dual WAN Broadband VPN Router Features..............1 Package Contents ......................3 Physical Details........................5 CHAPTER 2 INSTALLATION....................7 Requirements........................7 Procedure ........................... 7 CHAPTER 3 SETUP ........................ 9 Overview ..........................9 Configuration Program ....................10 WAN Port Configuration ....................
  • Page 3 Common VPN Situations....................73 VPN Configuration ......................75 VPN Examples ......................... 83 Certificates ........................101 CRL ..........................105 VPN Status ........................106 CHAPTER 9 MICROSOFT VPN ..................108 Overview ........................108 Server Setup........................108 User..........................109 Status Log Screen ......................111 Windows Client Setup....................

  • Page 4: Chapter 1 Introduction

    Chapter 1 Introduction This Chapter provides an overview of the Dual WAN Broadband VPN Router's features and capabilities. Congratulations on the purchase of your new Dual WAN Broadband VPN Router. The Dual WAN Broadband VPN Router is a multi-function device providing the following services: •...

  • Page 5: Advanced Internet Functions

    Broadband VPN Gateway User Guide Advanced Internet Functions • Communication Applications. Support for Internet communication applications, such as interactive Games, Telephony, and Conferencing applications, which are often difficult to use when behind a Firewall, is included. • Special Internet Applications. Applications which use non-standard connections or port numbers are normally blocked by the Firewall.

  • Page 6: Package Contents

    Introduction Security Features • Password - protected Configuration . Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings. • NAT Protection. An intrinsic side effect of NAT (Network Address Translation) tech- nology is that by allowing all LAN users to share a single IP address, the location and even the existence of each PC is hidden.
  • Page 7 Broadband VPN Gateway User Guide • CD-ROM containing the on-line manual. If any of the above items are damaged or missing, please contact your dealer immediately.

  • Page 8: Physical Details

    Introduction Physical Details Front-mounted LEDs Figure 2: Front Panel Power On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. Connect the DSL or Cable Modem here. If your modem came with a WAN ports cable, use the supplied cable.

  • Page 9: Rear Panel

    Broadband VPN Gateway User Guide Rear Panel Figure 3: Rear Panel Connect the DSL or Cable Modem here. If your modem came with a WAN port 1/2 cable, use the supplied cable. Otherwise, use a standard LAN cable. (10/100BaseT) 10/100BaseT Use standard LAN cables (RJ45 connectors) to connect your PCs to these ports.

  • Page 10: Chapter 2 Installation

    Chapter 2 Installation This Chapter covers the physical installation of the Dual WAN Broadband VPN Router. Requirements • Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors. • TCP/IP protocol must be installed on all PCs. • For Internet Access, an Internet Access account with an ISP, and a Broadband modem (usually, DSL or Cable modem).

  • Page 11: Check The Leds

    Broadband VPN Gateway User Guide 3. Connect WAN Cable Connect the Broadband modem to the WAN port on the Dual WAN Broadband VPN Router. Use the cable supplied with your Broadband modem. If no cable was supplied, use a standard LAN cable. 4.

  • Page 12: Chapter 3 Setup

    Chapter 3 Setup This Chapter provides Setup details of the Dual WAN Broadband VPN Router. Overview This chapter describes the setup procedure for: • Internet Access • LAN configuration PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Con- figuration.

  • Page 13: Configuration Program

    Broadband VPN Gateway User Guide Use the IPSec VPN features: Chapter 8: VPN (IPSec) • VPN Policies • Certificates • CRLs • VPN Status Use the Microsoft VPN feature: Chapter 9: Microsoft VPN • PPTP Server in the Dual WAN Broadband VPN Router.
  • Page 14 Setup Using UPnP If your Windows system supports UPnP, an icon for the Dual WAN Broadband VPN Router will appear in the system tray, notifying you that a new network device has been found, and offering to create a new desktop shortcut to the newly-discovered device. •...
  • Page 15 Broadband VPN Gateway User Guide Figure 5: Password Dialog • Enter admin for the User Name, and password for the Password. • These are the default values. Both the name and password can (and should) be changed, using the Admin Login screen. Once you have changed either the name or the password, you must use the current values.

  • Page 16: Home Screen

    Setup Home Screen After logging, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below. Figure 6: Home Screen...
  • Page 17 Broadband VPN Gateway User Guide Navigation & Data Input • Use the menu bar on the left of the screen, and the "Back" button on your Browser, for navigation. • Changing to another screen without clicking "Save" does NOT save any changes you may have made.

  • Page 18: Wan Port Configuration

    Setup WAN Port Configuration The WAN Port option is on the Setup menu. Figure 7: WAN Port Screen Data - WAN Port Screen WAN Port Settings Normally, this can be left at "Automatic". If the device attached to Connections the WAN Port has problems making a connection, you can select the setting required or preferred by the other device.
  • Page 19 Broadband VPN Gateway User Guide PPPoE Dial-up The User Name (or account name) provided by your ISP. User Name Password Enter the password for the login name above. Normally, there is no need to change the default name, but if your Hostname ISP requests that you use a particular Hostname, enter it here.

  • Page 20: Port Options Screen

    Setup Port Options Screen Use the Port Options link on the Setup menu. An example screen is shown below. Figure 8: Port Options Screen Data - Port Options Screen Port Options Symmetric NAT If Enabled, all requests from the same internal IP address and port to a specific destination IP address and port are mapped to a unique external source IP address and port.
  • Page 21 Broadband VPN Gateway User Guide • MTU (Maximum Transmission Unit) value should only be MTU Size changed if advised to do so by Technical Support. • Enter a value between 1 and 1500. • This device will still auto-negotiate with the remote server, to set the MTU size.

  • Page 22: Lan Port Screen

    Setup LAN Port Screen Use the LAN Port link on the main menu to reach the LAN Port screen. An example screen is shown below. Figure 9: LAN Port Screen Data - LAN Port Screen LAN IP Address IP address for the Dual WAN Broadband VPN Router, as seen from the local LAN.
  • Page 23 Broadband VPN Gateway User Guide The "Cancel" button will discard any data you have entered and reload Cancel the file from the Dual WAN Broadband VPN Router.

  • Page 24: What Dhcp Does

    Setup DHCP What DHCP Does A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request. • The client request is made when the client device starts up (boots). • The DHCP Server provides the Gateway and DNS addresses to the client, as well as allocating an IP Address.

  • Page 25: Balancing/Backup Screen

    Broadband VPN Gateway User Guide Balancing/Backup Screen Use the Balancing/Backup link on the Setup menu. An example screen is shown below. Figure 10: Balancing/Backup Screen Data - Balancing/Backup Screen Balancing/Backup There are 3 modes: 1. If Enable is selected for WAN 1, then choose Backup for WAN 2. 2.

  • Page 26: Chapter 4 Pc Configuration

    Chapter 4 PC Configuration This Chapter details the PC Configuration required on the local ("Internal") LAN. Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration Windows Clients This section describes how to configure Windows clients for Internet access via the Dual WAN Broadband VPN Router.

  • Page 27: Using Dhcp

    Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Network. You should see a screen like the following: Figure 11: Network Configuration 2. Select the TCP/IP protocol for your network card. 3. Click on the Properties button. You should then see a screen like the following. Figure 12: IP Address (Win 95) Ensure your TCP/IP settings are correct, as follows: Using DHCP...
  • Page 28 PC Configuration • On the Gateway tab, enter the Dual WAN Broadband VPN Router's IP address in the New Gateway field and click Add, as shown below. Your LAN administrator can advise you of the IP Address they assigned to the Dual WAN Broadband VPN Router. Figure 13: Gateway Tab (Win 95/98) •...
  • Page 29 Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below. Figure 15: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below. Figure 16: Windows NT4.0 - IP Address 3.

  • Page 30: Specify An Ip Address

    PC Configuration 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address, as explained below. Obtain an IP address from a DHCP Server This is the default Windows setting. Using this is recommended. By default, the Dual WAN Broadband VPN Router will act as a DHCP Server.
  • Page 31 Broadband VPN Gateway User Guide Figure 18: Windows NT4.0 - DNS...

  • Page 32: Checking Tcp/Ip Settings - Windows

    PC Configuration Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure 19: Network Configuration (Win 2000) 3.
  • Page 33 Broadband VPN Gateway User Guide 5. Ensure your TCP/IP settings are correct, as described below. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the Dual WAN Broadband VPN Router will act as a DHCP Server.

  • Page 34: Checking Tcp/Ip Settings - Windows Xp

    PC Configuration Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure 21: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4.
  • Page 35 Broadband VPN Gateway User Guide Figure 22: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the Dual WAN Broadband VPN Router will act as a DHCP Server.

  • Page 36: For Windows Xp

    PC Configuration Internet Access To configure your PCs to use the Dual WAN Broadband VPN Router for Internet access: • Ensure that the DSL modem, Cable modem, or other permanent connection is functional. • Use the following procedure to configure your Browser to access the Internet via the LAN, rather than by a Dial-up connection.

  • Page 37: Macintosh Clients

    Broadband VPN Gateway User Guide Macintosh Clients From your Macintosh, you can access the Internet via the Dual WAN Broadband VPN Router. The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up menu. 3.

  • Page 38: Chapter 5 Operation And Status

    Chapter 5 Operation and Status This Chapter details the operation of the Dual WAN Broadband VPN Router and the status screens. Operation Once both the Dual WAN Broadband VPN Router and the PCs are configured, opera- tion is automatic. However, there are some situations where additional Internet configuration may be required: •...
  • Page 39 Broadband VPN Gateway User Guide Figure 23: General Status Screen...
  • Page 40 Operation and Status Data - General Status Screen WAN1/2 Connection Method This indicates the current connection method. This IP Address is allocated by the ISP (Internet Service Pro- IP Address vider). The Subnet Mask associated with the IP Address above. Subnet Mask Gateway The IP Address of the remote Gateway or Router associated with...

  • Page 41: Port Status

    Broadband VPN Gateway User Guide Buttons Restart Restart (reboot) the Router. You will have to wait for the restart to be completed before continuing. Update the data displayed on screen. Refresh Screen Display the usage of the CPU and Memory in a sub-window. Show Status Port Status Click the "Port Status"...

  • Page 42: Event Log

    Operation and Status Event Log An example screen is shown below. Figure 25: Event Log Screen Data - Event Log Screen Event Log It displays the time when the event occurred. Time Event It describes the details of the event. It displays the IP Address of the server.

  • Page 43: Url Log

    Broadband VPN Gateway User Guide URL Log An example screen is shown below. Figure 26: URL Log Data - URL Log Internet Time It displays the time when the log occurred. Event It describes the details of the event. It displays the IP Address of the PC. Buttons Refresh Update the data shown on screen.

  • Page 44: Syslog

    Operation and Status Syslog An example screen is shown below. Figure 27: Syslog Data - Syslog Screen Syslog Select the desired options of search type. Click the “Search” button Search Type to see the logs in the following log table. It displays the time when the system log occurred.

  • Page 45: Chapter 6 Advanced Features

    Chapter 6 Advanced Features This Chapter explains when and how to use the Dual WAN Broadband VPN Router's "Advanced" Features. Overview The following advanced features are provided. • Address List • PC Database • URL Filter • Dynamic DNS • Routing •...
  • Page 46 Internet Features Data - Address List Screen Address List Address List This lists any existing entries. If you have not entered any values, this list will be empty. Select All/Cancel Use this to select/deselect all the entries in the list. Delete Button Use this button to delete the selected address list entry.

  • Page 47: Pc Database

    Broadband VPN Gateway User Guide PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It elimi- nates the need to enter IP addresses. Also, you do not need to use fixed IP addresses on your LAN.
  • Page 48 Internet Features Data - PC Database Screen This lists all current entries. Data displayed is PC Name, MAC Ad- PC List dress, IP Address and Need to Certify. Buttons Edit To Edit or modify an existing entry, select it and click the "Edit" button.

  • Page 49: Url Filter

    Broadband VPN Gateway User Guide URL Filter The URL Filter allows you to block access to undesirable Web site. An example screen is shown below. Figure 30: URL Filter Screen Data - URL Filter Screen Filter Strings Current Entries This lists any existing entries. If you have not entered any values, this list will be empty.
  • Page 50 Internet Features Buttons Delete Selected Use these buttons to delete the selected entry or all entries, as required. Items/Delete All Multiple entries can be selected by holding down the CTRL key while selecting. (On the Macintosh, hold the SHIFT key while selecting.) Use this to add the current Filter String to the site list.

  • Page 51: Dynamic Dns

    Broadband VPN Gateway User Guide Dynamic DNS This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect, which makes it difficult to connect to you.
  • Page 52 Internet Features Data - Dynamic DNS Screen WAN1/2 DDNS Service Select the desired DDNS Service provider. Web Site Button Click this button to open a new window and connect to the Web site for the selected DDNS service provider. • This message is returned by the DDNS Server DDNS Status •...

  • Page 53: Routing

    Broadband VPN Gateway User Guide Routing Overview • If you don't have other Routers or Gateways on your LAN, you can ignore the "Routing" page completely. • If the Dual WAN Broadband VPN Router is only acting as a Gateway for the local LAN segment, ignore the "Routing"...
  • Page 54 Internet Features Figure 32: Static Routing Screen Data - Static Routing Screen RIP Version Select the desired option from the drop-down list. Static Routing Static Routing This list shows all entries in the Routing Table. Table Entries • The "Properties" area shows details of the selected item in the list.

  • Page 55: Configuring Other Routers On Your Lan

    Broadband VPN Gateway User Guide • Subnet - The network address of the remote LAN segment. For Properties standard class "C" LANs, the network address is the first 3 fields of the Destination IP Address. The 4th (last) field can be left at •...
  • Page 56 Internet Features Metric Other Routers on the Local LAN Other routers on the local LAN must use the Dual WAN Broadband VPN Router's Local Router as the Default Route. The entries will be the same as the Dual WAN Broadband VPN Router's local router, with the exception of the Gateway IP Address.
  • Page 57 Broadband VPN Gateway User Guide Gateway IP Address 192.168.0.100 Interface Metric For Router A's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.0.1 (Dual WAN Broadband VPN Router's IP Address) Interface For Router B's Default Route Destination IP Address 0.0.0.0 Network Mask...

  • Page 58: Qos

    Internet Features Quality of Service (QoS) ensures better service to high-priority service. Figure 34: QoS Screen Data - QoS Screen QoS Setting QoS Method Select the desired option. • Nonuse • Classic QoS • WAN Throughput: Enter the desired data for WAN1/WAN2 limit in and limit out.
  • Page 59 Broadband VPN Gateway User Guide lated fields. • QoS Queue: It displays the queue type. • Priority: Enter the priority value (1~20) of the queue. • Reliability: Select the desired option from the drop-down list. • Speed Limit: Enter the desired values for the inbound and outbound traffic limitation.

  • Page 60: Chapter 7 Security Configuration

    Chapter 7 Security Configuration This Chapter explains the settings available via the security configuration section of the "Security" menu. Overview The following advanced configurations are provided. • Rules • Schedule • • Services • Security • • E-Mail Rules For normal operation and LAN protection, it is not necessary to use this screen. The Firewall will always block DoS (Denial of Service) attacks.
  • Page 61 Broadband VPN Gateway User Guide Figure 35: Rules Screen Data - Rules Screen Outbound/Inbound Connection The screen will update and list any current rules. If you have not Rule List defined any rules, the list will be empty. It will be "Forward" or "Block". Action To add a new rule, click the "Add"...
  • Page 62 Security Configuration Define Firewall Rule (Inbound/Outbound) Clicking the "Add" button in the Rules screen will display a screen like the example below. Figure 36: Define Firewall Rule Data - Define Firewall Rule Screen Name Enter a suitable name for this rule. Port Select the desired port as required.
  • Page 63 Broadband VPN Gateway User Guide These settings determine which traffic, based on their source IP Source IP Address address, is covered by this rule. Select the desired option: • Any - All traffic from the source port is covered by this rule. •...

  • Page 64: Schedule

    Security Configuration Schedule • Blocking will be performed during the scheduled time (between the "Begin" and "End" times.) • Two (2) separate sessions or periods can be defined. • Times must be entered using a 24 hr clock. • If the time for a particular day is blank, no action will be performed. Schedules Screen This screen is accessed by the Schedules link on the Firewall menu.

  • Page 65: Firewall -- Log

    Broadband VPN Gateway User Guide Firewall -- Log The Logs record various types of activity on the Dual WAN Broadband VPN Router. This data is useful for troubleshooting, but enabling all logs will generate a large amount of data and adversely affect performance.
  • Page 66 Security Configuration Enter the address or name for the desired Time Server. First Server Name/IP Address Second Server This is optional. Name/IP Address Syslog Enable Syslog If enabled, log data will be sent to your system log Server. Enter the IP address of your System Log Server. Syslog Server Select the logs you wish to be included in the data sent to the Include...

  • Page 67: Services

    Broadband VPN Gateway User Guide Services Services are used in defining traffic to be blocked or allowed by the Firewall Rules features. Many common Services are pre-defined, but you can also define your own services if required. To view the Services screen, select the Services link on the Firewall menu. Figure 39: Services Screen Data - Services Screen Available Services...
  • Page 68 Security Configuration field. If the "Type" (above) is TCP, UDP, or TCP/UDP, this field can be End Port used to enter the end of range of port numbers. This can be left blank if not required.

  • Page 69: Security

    Broadband VPN Gateway User Guide Security This screen allows you to set Firewall and other security-related options. Figure 40: Security Screen Data - Security Screen Firewall The ICMP protocol is used by the "ping" and "trace route" programs, Echo ICMP on and by network monitoring and diagnostic programs.
  • Page 70 Security Configuration If enabled, PCs on the LAN can use VPN software to connect to Allow VPN pass- remote clients via the Internet connection. The protocols supported through are: • IPSec IPSec protocol is used to establish a secure connection, and is widely used by VPN (Virtual Private Networking) programs.

  • Page 71: Dmz

    Broadband VPN Gateway User Guide This feature, if enabled, allows the DMZ computer or computers on your LAN to be exposed to all users on the Internet. • This allows almost any application to be used on the "DMZ PC". •...

  • Page 72: E-Mail

    Security Configuration E-Mail Figure 42: E-Mail Screen Data - E-Mail Screen E-Mail Alert Send E-Mail alert If enabled, an E-Mail will be sent immediately if a DoS (Denial immediately under of Service) attack is detected. If enabled, the E-mail address attack information must be provided.
  • Page 73 Broadband VPN Gateway User Guide Select the desired option for sending the log by E-mail. Send • When the log is full - The time is not fixed. The log will be sent when the log is full, which will depend on the volume of traffic.

  • Page 74: Chapter 8 Vpn (Ipsec)

    Chapter 8 VPN (IPSec) This Chapter describes the VPN capabilities and configuration required for common situations. Overview This section describes the VPN (Virtual Private Network) support provided by your Dual WAN Broadband VPN Router. A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network - typically the Internet.
  • Page 75 Broadband VPN Gateway User Guide When using IKE, there are 2 phases to establishing the VPN tunnel: • Phase I is the negotiation and establishment up of the IKE connection. • Phase II is the negotiation and establishment up of the IPsec connection. Because the IKE and IPsec connections are separate, they have different SAs (security associa- tions).

  • Page 76: Common Vpn Situations

    Microsoft VPN Common VPN Situations VPN Pass-through Figure 43: VPN Pass-through Here, a PC on the LAN behind the Router/Gateway is using VPN software, but the Router/Gateway is NOT acting as a VPN endpoint. It is only allowing the VPN connection. •...

  • Page 77: Connecting 2 Lans Via Vpn

    Broadband VPN Gateway User Guide Connecting 2 LANs via VPN Figure 45: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. • The 2 LANs MUST use different IP address ranges. •...

  • Page 78: Vpn Configuration

    Microsoft VPN VPN Configuration This section covers the configuration required on the Dual WAN Broadband VPN Router when using Manual Key Exchange (Manual Policies) or IKE (Automatic Policies). Details of using Certificates are covered in a later section. Policies Screen To view this screen, select Policies from the VPN menu.
  • Page 79 Broadband VPN Gateway User Guide To Edit or modify an existing policy, select it and click the "Edit" Edit button. The order in which policies are listed is only important if you have Move multiple polices for the same remote site. In that case, the first matching policy is used.

  • Page 80: Adding A New Policy

    Microsoft VPN Adding a New Policy To create a new VPN Policy, click the Add New Policy button on the Policies screen. Figure 47: VPN Wizard - Start Screen...
  • Page 81 Broadband VPN Gateway User Guide General Settings Enter a suitable name. This name is not supplied to the remote Policy Name VPN. It is used only to help you manage the policies. Enable or disable the policy as required. For each remote VPN, Enable Policy only 1 policy can be enabled at any time.
  • Page 82 Microsoft VPN • Any - no additional data is required. Any IP address is accept- Remote IP Address able. • For outgoing connections, this allows any PC on the LAN to use the VPN tunnel. • For incoming connections, this allows any PC using the remote endpoint to access any PC on your LAN.
  • Page 83 Broadband VPN Gateway User Guide • Each SPI should be at least 3 characters. ESP Encryption ESP (Encapsulating Security Payload) provides security for the payload (data) sent through the VPN tunnel. Generally, you will want to enable both Encryption and Authentication. Key - In / Key - Out •...
  • Page 84 Microsoft VPN This setting must match the "Remote ID Type" on the remote VPN. Local ID Type Select the desired option, and enter the required data in the "Local Identity Data" field. • WAN IP Address - This is the most common method. If selected, no input is required.
  • Page 85 Broadband VPN Gateway User Guide If enabled, PFS (Perfect Forward Security) enhances security by IKE PFS changing the IPsec key at regular intervals, and ensuring that each key has no relationship to the previous key. Thus, breaking 1 key will not assist in breaking the next key. This setting should match the remote endpoint.

  • Page 86: Vpn Examples

    Microsoft VPN VPN Examples This section describes some examples of using the Dual WAN Broadband VPN Router in common VPN situations. Example 1: Connecting 2 Dual WAN Broadband VPN Routers In this example, 2 LANs are connected via VPN. Figure 48: Connecting 2 Dual WAN Broadband VPN Routers Note •...
  • Page 87 Broadband VPN Gateway User Guide IKE Authentication Pre-shared Key Pre-shared Key Certificates are not widely method used. Pre-shared Key Xxxxxxxxxx Xxxxxxxxxx Must match IKE Authentication Must match algorithm IKE Encryption Must match IKE Exchange Main Mode Main Mode Must match mode DH Group Group 1 (768 bit)
  • Page 88 Microsoft VPN Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to the Dual WAN Broadband VPN Router and gains access to the local LAN. Figure 49: Windows 2000/XP Client to Dual WAN Broadband VPN Router To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.
  • Page 89 Broadband VPN Gateway User Guide DH Group Group 1 (768 bit) Must match client PC IKE SA Life time 28800 Does not have to match client PC. Shorter period will be used. IKE PFS Disable Must match client PC IPSec SA Parameters IPSec SA Life time 28800 Do not have to match.
  • Page 90 Microsoft VPN Figure 51: Windows 2000/XP - Policy Properties • Note that no rules are in use. Two 2 rules are required - incoming and outgoing. • The outgoing rule will be added first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" to view the screen below. Figure 52: IP Filter List 7.
  • Page 91 Broadband VPN Gateway User Guide Figure 53: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address. • Since this is the outgoing filter, the Source IP address is "My IP address" and the Destination IP address is the address range used on the remote LAN. •...
  • Page 92 Microsoft VPN Figure 55: New Rule Properties: Filter Action 11. Select Require Security, then click the "Edit" button, to view the Require Security Proper- ties screen. Figure 56: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add".
  • Page 93 Broadband VPN Gateway User Guide Figure 57: Modify Security Method 13. On the resulting screen (above), select High [ESP] then click "OK" to save your changes and return to the Require Security Properties screen. Figure 58: Require Security Properties 14. Ensure the following settings are correct, then click "OK" to return to the Filter Action tab of the Edit Rule Properties screen.
  • Page 94 Microsoft VPN 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address. Enter the WAN (Internet) IP address of the Dual WAN Broadband VPN Router, as shown below. Figure 59: Tunnel Setting 16. Click the Authentication Methods tab, then click the "Edit" to see the screen like the example below.
  • Page 95 Broadband VPN Gateway User Guide 19. Click "Close" to return to the DUT to Win2K properties screen. The "To DUT" filter should now be listed, as shown below. Figure 61: Windows 2000/XP Client to Dual WAN Broadband VPN Router 20. To add the second (incoming) rule, click "Add". For the name, enter "To Win2K", then click "Add".
  • Page 96 Microsoft VPN Figure 63: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Close". Figure 64: Filter List 23. Ensure the "To Win2K" filter is selected, then click the Filter Action tab.
  • Page 97 Broadband VPN Gateway User Guide Figure 65: Filter Action 24. Select Require Security, then click "Edit". On the Require Security Methods screen below, select Negotiate security. Figure 66: Security Methods 25. Click the "Add" button. On the resulting Modify Security Method screen below, select High [ESP].
  • Page 98 Microsoft VPN Figure 67: Modify Security Method 26. Click "OK" to save your changes, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the WAN (Internet) IP address of this PC (172.16.9.10 in this example).
  • Page 99 Broadband VPN Gateway User Guide Figure 69: Authentication Method 29. Select Use this string to protect the key exchange (preshared key), then enter your pre- shared key in the field provided. 30. Click "OK" to save your settings, then "Close" to return to the DUT to Win2K Properties screen.
  • Page 100 Microsoft VPN Figure 71: Properties - General Tab 32. Click the "Advanced" button to see the screen below. Figure 72: Key Exchange Settings 33. Click the "Methods" button to see the screen below.
  • Page 101 Broadband VPN Gateway User Guide Figure 73: Key Exchange Security Methods 34. Select the first entry, and click the "Edit" button to see the following screen. Figure 74: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm, "3DES" for Encryption algorithm, and "Low(1)" for the Diffie-Hellman Group.
  • Page 102 Microsoft VPN Example 3: Windows 2000 Server to VPN Gateway In this example, a Windows 2000 Server connects to the Dual WAN Broadband VPN Router. Users on each LAN can then gain access to the remote LAN. Figure 76: Dual WAN Broadband VPN Router to Windows 2000 Server Dual WAN Broadband VPN Router Configuration This is the same as for the client setup earlier, with the exception of the IP address range for the remote endpoint.
  • Page 103 Broadband VPN Gateway User Guide Windows 2000 Server Configuration Configuration is the same as for Example 2: Windows 2000/XP Client to except for specify- ing the Source and Destination addresses for the "Filter Properties". Instead, for both IP Filters, the Filter Properties- Addressing should be completed as follows. Figure 77: Windows 2000 Server - Addressing •...

  • Page 104: Certificates

    Microsoft VPN Certificates Certificates are used to authenticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificate to itself. This Certificate is required in order to validate communication with the CA.
  • Page 105 Broadband VPN Gateway User Guide Figure 79: Add Trusted Certificate 3. Click the "Browse" button, and locate the certificate file on your PC 4. Select the file. The name will appear in the "Certificate File" field. 5. Click "Upload" to upload the certificate file to the Dual WAN Broadband VPN Router. 6.
  • Page 106 Microsoft VPN The date on which the Certificate expires. You should renew the Expiration Time Certificate before it expires. Use this button to delete a Self Certificate. Select the checkbox in the Delete button Delete column for any Certificates you wish to delete, then click the "Delete"...
  • Page 107 Broadband VPN Gateway User Guide Enter a name which helps to identify this particular certifi- Name cate. This name is only for your reference, it is not visible to other people. This is the name which other organizations will see as the Subject Holder (owner) of this Certificate.

  • Page 108: Crl

    Microsoft VPN 6. Click Finish to return to the Self Certificates screen. Your request will be listed under Self Certificate Requests. 7. Apply for a Certificate: • Connect to the CA's web site. • Start the Self Certificate request procedure. •...

  • Page 109: Vpn Status

    Broadband VPN Gateway User Guide Figure 84: Certificate Revocation Lists 3. Click the "Add New CRL" button. You will see a screen like the following: Figure 85: Upload CRL 4. Upload the CRL file: • Click the "Browse" button, and locate the CRL file on your PC •...
  • Page 110 Microsoft VPN Data - VPN Status Screen VPN Status Policy Name The name of the VPN Policy which triggered this VPN connection. Each SA (Security Association) has a unique SPI. For manual keys, this SPI is specified by user input. If using IKE, the SPI is generated by the IKE negotiation process.

  • Page 111: Chapter 9 Microsoft Vpn

    Chapter 9 Microsoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. Overview Microsoft VPN uses the Microsoft VPN Adapter which is provided in recent versions of Windows. This feature can be used to provide remote access to your LAN by individual PCs. This method provides an alternative to using IPSec VPN, which is described in the previous chapter.

  • Page 112: User

    Microsoft VPN Data - VPN Adapter Screen PPTP Service Use this checkbox to enable or disable this feature as required. Enable PPTP To allow connection by remote Windows clients, you must enable this feature, and enter the client details (on the Clients screen) to allow them to login to this Server.
  • Page 113 Broadband VPN Gateway User Guide Data - User Screen Existing Users User List All existing users are listed. If you have not added any users, this list will be empty. When a user is selected, their details are displayed in the Properties panel.

  • Page 114: Status Log Screen

    Microsoft VPN Status Log Screen The Status Log screen is accessed by selecting the Status Log option on the VPN (PPTP) menu. Figure 89: Status Log Screen Data - Status Log Screen Status Log Status This indicates whether or not the PPTP (VPN) Server is enabled. This indicates the number of remote clients currently logged into the Current Connec- PPTP (VPN) Server.

  • Page 115: Windows Client Setup

    Broadband VPN Gateway User Guide Windows Client Setup To connect to the PPTP (VPN) Server in the VPN Broadband Gateway: • The Microsoft VPN feature in the VPN Broadband Gateway must be enabled and config- ured, as described in the previous section. •...
  • Page 116 Microsoft VPN 5. Click "Finish" to exit the Wizard. The new entry will now be listed in "Dial-up Networking". If necessary, you can change the settings for this connection by right-clicking on it, and select- ing Properties. To force all outgoing traffic to be sent via VPN, enable the setting This is the default Internet connection on the Dialing tab.

  • Page 117: Windows 2000

    Broadband VPN Gateway User Guide Windows 2000 Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open "Network Connections", and start the "New Connection" Wizard. Figure 92: Windows 2000 Network Connection 2. Select the VPN option ("Connect to a private network through the Internet"), as shown above, and click Next.
  • Page 118 Microsoft VPN Figure 94: Windows 2000 VPN Host 4. On the screen above, enter the Domain Name or Internet IP address of the Dual WAN Broadband VPN Router you wish to connect to. Click Next to continue. Figure 95: Windows 2000 Connection Availability 5.
  • Page 119 Broadband VPN Gateway User Guide Figure 96: Windows 2000 Finish Wizard 6. Enter a suitable name, and click "Finish" to save and exit. Setup is now complete. To establish a connection: 1. Right-click the connection in "Network Connections", and select "Connect". 2.
  • Page 120 Microsoft VPN Windows XP Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network Connections (Start-Settings-Network Connections), and start the New Connection Wizard. Figure 97: Windows XP Network Connection Type 2. Select the option "Connect to the network at my workplace", as shown above, and click Next.
  • Page 121 Broadband VPN Gateway User Guide Figure 99: Windows XP Connection Name 4. Enter a suitable name for this connection. Click Next to continue. Figure 100: Windows XP Public Network 5. On the screen above, select "Do not dial the initial connection". Click Next to continue.
  • Page 122 Microsoft VPN 6. On the screen above, enter the Domain Name or Internet IP address of the Dual WAN Broadband VPN Router you wish to connect to. Click Next to continue. Figure 102: Windows XP Connection Availability 7. Choose whether to allow this connection for everyone, or only for yourself, as required. Click Next to continue.

  • Page 123: Chapter 10 Other Features & Settings

    Chapter 10 Other Features & Settings This Chapter explains the screens and settings available via the "Other" menu. Overview Normally, it is not necessary to use these screens, or change any settings. These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users.

  • Page 124: Diagnostics

    Other Features and Settings Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These activities can be useful in solving network problems. An example Diagnostics screen is shown below. Figure 103: Diagnostics Screen Data - Diagnostics Screen Ping Ping This IP Enter the IP address you wish to ping.
  • Page 125 Broadband VPN Gateway User Guide After entering the Domain name/URL, click this button to start the Search Button "DNS Search" procedure. The results will be displayed in the DNS Search Result pane.

  • Page 126: Password Screen

    Other Features and Settings Password Screen The password screen allows you to assign a password to the Dual WAN Broadband VPN Router. Figure 104: Account Management Screen Data - Account Management Screen Password User Name It displays the current existing user names. User Rights It describes the rights of the current user.
  • Page 127 Broadband VPN Gateway User Guide Figure 105: Password Dialog • Leave the "User Name" blank. • Enter the password for the Dual WAN Broadband VPN Router, as set on the Password screen above.

  • Page 128: Web Management

    Other Features and Settings Web Management Web Management allows you to connect to this interface via the Internet, using your Web browser. Figure 106: Web Management Screen Data - Web Management Screen Settings Web Management Select WAN1, WAN2 or LAN to allow administration/management via the Internet.
  • Page 129 Broadband VPN Gateway User Guide Enter a port number between 1024 and 65535. The default for HTTP Internal Port connections is port 80, and for HTTPS port 443. Using either of Number these is NOT recommended. The port number must be specified in your Browser when you connect, as explained above.

  • Page 130: Firmware Upgrade

    Other Features and Settings Firmware Upgrade Use this screen to upgrade your Dual WAN Broadband VPN Router's firmware. • You must download the required firmware file, and store it on your PC. • During the upgrade process, all existing Internet connections will be terminated. •...

  • Page 131: Backup/Restore

    Broadband VPN Gateway User Guide Backup/Restore This feature allows you to backup (download) the current settings from the Dual WAN Broad- band VPN Router, and save them to a file on your PC. You can restore a previously-downloaded configuration file to the Dual WAN Broadband VPN Router, by uploading it to the Dual WAN Broadband VPN Router.
  • Page 132 Other Features and Settings Enable the Restore the default language if required. Clicking the Default Configu- Factory Defaults button will reset the Dual WAN Broadband VPN ration Router to its factory default settings. WARNING ! This will delete ALL of the existing settings.

  • Page 133: Appendix A Troubleshooting

    Appendix A Troubleshooting This Appendix covers the most likely problems and their solutions. Overview This chapter covers some common problems that may be encountered while using the Dual WAN Broadband VPN Router and some possible solutions to them. If you follow the sug- gested steps and the Dual WAN Broadband VPN Router still does not function properly, contact your dealer for further advice.
  • Page 134 Appendix A - Troubleshooting • If the Dual WAN Broadband VPN Router is configured correctly, check your Internet connection (DSL/Cable modem etc) to see that it is working correctly. Problem 2: Some applications do not run properly when using the Dual WAN Broadband VPN Router.

  • Page 135: Appendix B Specifications

    Appendix B Specifications Dual WAN Broadband VPN Router Model Dual WAN Broadband VPN Router Dimensions 235mm(W) * 147mm(D) * 33mm(H) Operating Temperature 0° C to 40° C Storage Temperature -10° C to 70° C Network Protocol: TCP/IP Network Interface: 6 Ethernet: 4 * 10/100BaseT (RJ45) LAN connection 2 * 10/100BaseT (RJ45) for WAN LEDs...

  • Page 136: Ce Marking Warning

    Appendix B - Specifications FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body. This device complies with Part 15 of the FCC Rules.
  • Page 137 The conformity to the above directive is indicated by the CE sign on the device. The ALLNET ALL1295VPN Dual WAN Broadband VPN Router conforms to the Euro- pean Directives 89/336/EEC. This equipment meets the following conformance...

Table of Contents