Accton Technology Edge-Core VR-200, User Manual

Page 1: ......

Page 2: ...tton 7 Physical Setup of the Router 9 Set the Router on a desktop or other flat secure surface 9 Rack Mounting the Router 9 Wall Mounting the Router 9 Connecting the 16 Port Multi WAN VPN Router to your Network 10 3 How To Manage 12 Login 12 Sitemap 12 Home 13 System Information 13 Port Statistics 14 General Setting Status 15 Advanced Setting Status 16 Firewall Setting Status 16 VPN Setting Status...

Page 3: ... 52 MAC Clone 54 DHCP 56 Setup 56 Status 58 Tool 60 SNMP 60 Diagnostic 61 Restart 63 Factory Default 64 Firmware Upgrade 65 Setting Backup 66 Port Management 67 Port Setup 67 Port Status 69 Firewall 70 General 70 Access Rules 72 Content Filter 77 VPN 80 Summary 80 Gateway to Gateway 84 Client to Gateway 99 VPN Pass Through 115 Log 116 System Log 116 System Statistics 119 ...

Page 4: ...VR 200 16 Port Multi WAN VPN Router iii Logout 120 ...

Page 5: ......

Page 6: ...exibility In addition with multi WNA ports the device can have backup WAN interfaces 16 Port Multi WAN VPN Router can choose Intelligent Balancer Auto Mode which can compute automatically the maximum Bandwidth of all WAN ports to balance the traffic for multi WAN management and this feature enhances the robustness It also supports CoS Class of Service which is able to automatically classify and tu...

Page 7: ...il servers etc The VPN in this product provides the security for transferring important data It supports up to 200 VPN tunnels and 2 Group VPNs Group VPN feature facilitates the setup and it s not necessary for network administrators to individually configure remote VPN clients The product implements the Authentication Header AH and Encapsulating Security Payload ESP protocols that provides anti r...

Page 8: ...idth z Maximum Bandwidth z Priority for certain Service z Port based QoS Firewall Security z Firewall Throughput up to 100 Mbps Uni directional z Stateful Packet Inspection Firewall z IP filtering allows you to configure IP address filters z Port filtering allows you to configure TCP UDP port filters z Denial of Service DoS prevention z Firewall detection Ping of Death SYN Flooding Land attack IP ...

Page 9: ...Ns support z Friendly VPN Tunnel Management z IKE Pre Shared keys z IPSec Encryption DES 3DES AES z IPSec Authentication MD5 SHA1 z Support PMTU z DPD detection z View log Networking z Concurrent Sessions up to 70 000 z Dedicated DMZ z DHCP Client Server dynamic IP static IP support z TCP IP z IP Routing z PPPoE z NAT with popular ALG support ...

Page 10: ...mic DNS z ARP z ICMP z FTP TFTP z Password protected configuration or management sessions for web access Network Management z Comprehensive web based management and policy setting z Firmware upgrade through Web browser z SNMP v1 v2c z Monitoring Logging and Alarms of system activities z Locate and configure all device with the same subnet ...

Page 11: ...425 533MHz SDRAM z 64 Mbytes SDRAM Flash ROM z 16 Mbytes Flash Internal Power z Input AC100 240 0 8A Output DC3 3V 5A EMI EMC z FCC Class A CE Class A Operation Requirement z Operating Temp 0ºC to 40ºC 32ºF to 104ºF z Storage Temp 0ºC to 70ºC 32ºF to 158ºF z Operating Humidity 10 to 85 Non Condensing z Storage Humidity 5 to 90 Non Condensing Dimensions z 13 x 9 x 1 75 330 2mm x 228 6mmx44 45mm ...

Page 12: ...up Ethernet Link z Blinking When the port is sending or receiving data Speed Yellow z Yellow On 100Mbps z Yellow Off 10Mbps WAN Green z Green On Configurable as WAN Port z Green Off Configurable as LAN Port Connect Green z Green On Ethernet Link and obtain IP address z Green Off Not Active Reset Button Action Description Push button for 4 seconds z Warm Reset z DIAG LED Orange Blinking slowly ...

Page 13: ...VR 200 16 Port Multi WAN VPN Router 8 Push button for 10 seconds z Factory Default z DIAG LED Orange Blinking fast ...

Page 14: ...The Router comes with two brackets and eight screws for mount with a 19 inch rack The attached brackets are shown as below Line up the bracket holes with the holes located on the Router s sides Attach the mounting brackets using the included screws four on each side of the Router When the brackets are attached to the Router you can rack mount it Attach the Router to the rack using two screws on ea...

Page 15: ...m After the nails are secured on the wall you can wall mount it Connecting the 16 Port Multi WAN VPN Router to your Network The figures describe the integration of the 16 Port Multi WAN VPN Router into the network Figure1 Multi WAN Figure2 DMZ ...

Page 16: ...Set up LAN connection LAN port can be connected to a hub switch or a computer directly z Set up DMZ port It can be connected to the public servers such as Web and Mail servers Connect the power cord into a power outlet and the power port on the rear panel of 16 Port Multi WAN VPN Router and the 16 Port Multi WAN VPN Router runs a series of self diagnostic tests to check for proper operation ...

Page 17: ...n z Enter User Name and Password in the blank area and then click OK z The Router s default User Name and Password is admin when you first power up the Router Sitemap Click Sitemap button to view the sitemap Click the tab in sitemap and it will link to the page ...

Page 18: ... current version number of the firmware installed on this unit z CPU The type of the 16 Port Multi WAN VPN Router processor It is Intel IXP425 z DRAM The size of DRAM on the board It is 64MB z Flash The size of Flash on the board It is 16MB z System active time The length of time in Days Hours and Minutes that the 16 Port Multi WAN VPN Router is active z Current Time It shows current time There is...

Page 19: ... can see the Port information In Summary table it shows the setting of the port selected by users such as Type Link Status up or down Port Activity Port Enabled Priority High or Normal Speed Status 10Mbps or 100Mbps Duplex Status half or full Auto negotiation Enabled or Disabled In Statistics table it shows the port receive transmit packet count packet byte count and Port Packet Error Count of the...

Page 20: ... shows two buttons Release and Renew Users can click Release button to release the IP that users have already got and click Renew button to update the DHCP Lease Time or get a new IP When users select PPPoE or PPTP and it shows Connect Disconnect z DMZ IP It shows the current DMZ IP Address of the Router and hyperlinks to DMZ in Genera Setting page z Default Gateway WAN1 4 It shows all Gateway Add...

Page 21: ...the Working Mode Gateway or Router and hyperlinks to Dynamic Routing in Advanced Setting page z DDNS It shows the status Enable Disable and hyperlinks to DDNS in Advanced Setting page Firewall Setting Status z SPI Stateful Packet Inspection It shows the status On Off and hyperlinks to the General in Firewall page z DoS Deny of Service It shows the status On Off and hyperlinks to the General in Fir...

Page 22: ...ement in Firewall page VPN Setting Status z VPN Summary It hyperlinks to VPN page z Tunnel s Used It shows the number of Tunnels Used z Tunnel s Available It shows the number of Tunnels Available z Current Connected The Group Name of GroupVPN1 users It shows the number of users z Current Connected The Group Name of GroupVPN2 users It shows the number of users z If GroupVPN is disabled it will show...

Page 23: ...set up the mail server but the log has not been shown due to Log Queue Length and Log Time Threshold settings it shows E mail settings have been configured If you have set up the mail server and the log has been sent to the mail server it shows E mail settings have been configured and sent out normally If you have set up the mail server and log can not be sent to mail sever successfully it shows E...

Page 24: ...be used in most network settings without changing any of the values Some users will need to enter additional information in order to connect to the Internet through an ISP Internet Service Provider or broadband DSL cable modem carrier Configure Configure Host Name Domain Name Enter a host and domain name for the Router Some ISPs Internet Service Providers may require these names as identification ...

Page 25: ... IP address and 255 255 255 0 for the Subnet Mask WAN Setting Please choose how many WAN ports you prefer to use Default value is 4 Users can choose from 2 4 and the interface in the following table will be changed automatically according to your WAN number setting here Click the Edit in Config column to edit the WAN settings of the selected WAN port The default of Connection Type will be Obtain a...

Page 26: ...tings for the change or cancel the settings Make sure the network configuration match with the settings It shows Undefined in Connection Type if users have not edited the WAN settings of the selected WAN port Click Edit in Config column to edit WAN setting z Interface The WAN port number that user is editing is shown here z WAN Connection Type There are four WAN connection types WAN Connection ...

Page 27: ...ign these values includes DNS Server automatically Or users can check the box of Use the Following DNS Server Addresses and enter the specific DNS Server IP Multiple DNS IP Settings are common In most cases the first available DNS entry is used Static IP If you have specified WAN IP Address Subnet Mask Default Gateway Address and DNS Server select Static IP You can get this information from your I...

Page 28: ...ger than the Max Idle Time setting If you select Keep Alive option the Router will keep the connection alive by sending out a few data packets at Redial Period so your Internet service thinks that the connection is still alive PPTP Point to Point Tunneling Protocol Fill in blanks for the specified WAN IP Address Subnet Mask and Default Gateway Address which the PPTP server s IP that resides in the...

Page 29: ...o your changes or click the Back button to previous page Before choosing the following WAN Connection Type please choose the Multi WAN DMZ Setting first DMZ Setting In order to allow such services 16 Port Multi WAN VPN Router comes with a special DMZ port which is used for setting up public servers The DMZ sits between the local network and the Internet Servers on the DMZ are publicly accessible b...

Page 30: ...ble Internet IP address The Internet Service Provider used to connect the network to the Internet should be able to provide these addresses as well as information on setting up public Internet servers Click Edit in Config column to edit DMZ setting z Interface DMZ z Specify DMZ IP Address Enter the DMZ IP Address and Subnet Mask ...

Page 31: ...he Back button to previous page Multi WAN There are two functions provided for users Intelligent Balancer Auto Mode and IP Group By Users Intelligent Balancer Auto Mode All WAN ports will be Auto Mode 16 Port Multi WAN VPN Router will compute automatically the maximum Bandwidth of all WAN ports by using Weighted Round Robin to balance the traffic ...

Page 32: ...he network connection status of ISP by pinging Default Gateway ISP Host Remote Host and DNS Lookup Host If you check this Detection you have to choose at least one option from the following four items 1 Default Gateway If you check this item the Router will ping the default gateway first 2 ISP Host After pinging Default Gateway the Router will ping ISP Host Retry timeout later The ISP Host is prov...

Page 33: ...ils to inform users that the ISP connection is disconnected 2 Remove the Connection This WAN Interface will be suspended when the network connection to ISP is not active The traffic on this WAN will be dispatched to the other WAN port Once ISP returns to connect the traffic will be dispatched back Protocol Binding 16 Port Multi WAN VPN Router supports the Protocol Binding functionality It allows u...

Page 34: ...nagement button to add new Service and enter the Service Name Protocol and Port Range z Source IP Enter your Source IP address The default value is Zero If you select all service in the service and enter zero in Source IP all packets will go through this specific WAN port without going through other WAN ports z Destination IP Enter your Destination IP address z Enable If users click check box the ...

Page 35: ...Group By Users IP Group By Users enables the administrator to define traffic into different priority levels or classes of service CoS It can ensure the bandwidth and higher priority for the specific IP or important users and the IP Group users do not need to share the bandwidth with lower classification users who are with Intelligent Balancer mode If specified IP group users have chosen services t...

Page 36: ... reserves at least one WAN port for non IP Group Users and WAN1 will always use Intelligent Balancer mode When IP Group By Users is selected click the Edit button in Config column to configure the selected Interface Users can edit per WAN port individually If users set IP Group for the selected WAN port it will show Dispatched by Users in Mode column of selected WAN port If users did not set IP Gr...

Page 37: ...vided by ISP enter the Max Bandwidth of Upstream and Downstream for WAN1 WAN4 provided by ISP z Network Service Detection This tool can detect the network connection status of ISP by pinging Default Gateway ISP Host Remote Host and DNS Lookup Host If you check this Detection you have to choose at least one option from the following ...

Page 38: ...System Log The Router will generate the System Log when ping fails to inform users that the ISP connection is disconnected 2 Remove the Connection This WAN Interface will be suspended when the network connection to ISP is not active The traffic on this WAN will be dispatched to the other WAN port Once ISP returns to connect the traffic will be dispatched back IP Group z Service Select the Service ...

Page 39: ...ick the Cancel button to undo the changes or click Back button to return to previous page Quality of Service QoS 16 Port VPN Router provides specific service and IP address to transfer important data 16 port VPN Router provides QoS for users to transmit packets through WAN ports QoS includes tow two types of functionality One of the functionality is Rate Control for guarantee minimum bandwidth and...

Page 40: ... Before configuring the QoS please enter the max upstream and downstream bandwidth rates of each WAN ports into the following table Rate Control 16 Port VPN Router provides specific service and IP address to transfer sensitive data through WAN ports with guarantee bandwidth ...

Page 41: ...xample enter 700 in the square box and the specific service will not exceed 700kbps z Bandwidth sharing There are two options Share bandwidth with total IP addresses and Assign bandwidth for each IP address When selecting Share bandwidth with total IP addresses the IP address range you enter will share the min and max rates you enter above When selecting Assign bandwidth for each IP address anyone...

Page 42: ...ve the QoS settings click the Cancel button to undo the changes Priority 16 Port VPN Router provides specific service transferring sensitive data through WAN ports with three different types of priorities They are high middle and low priorities The default is middle priority ...

Page 43: ... 10 Services in the high priority list will share 60 of total system bandwidth and the low priority list will share 10 of total bandwidth Services that are not included in the list will share the middle priority 30 z Enable If users click on the square box the settings will be enabled Otherwise users are only adding the services to the list but not enabling them z Add to list icon Click this icon ...

Page 44: ...n to undo the changes Password The Router s default password is admin and it is strongly recommended that you change the Router s password If you leave the password filed blank all users on your network will be able to access the Router simply by entering the unit s IP address into their web browser s location window ...

Page 45: ...st be less than 15 characters long and it cannot contain any spaces z Confirm New Password Re enter the password for confirmation Click the Apply button to save the Password settings or click the Cancel button to undo the changes Time 16 Port Multi WAN VPN Router uses the time settings to time stamp log events to automatically update the Content Filter List and for other internal purposes Set the ...

Page 46: ...6 Port Multi WAN VPN Router 41 is Greenwich Mean Time Manually Enter the Hours Minutes Seconds Month Day and Year Click the Apply button to save the Time settings or click the Cancel button to undo the changes ...

Page 47: ... 0 will deactivate DMZ Host Click the Apply button to save the DMZ Host setting or click the Cancel button to undo the changes Forwarding Port forwarding can be used to set up public services on your network When users from the Internet make certain requests on your network the Router can forward those requests to computers equipped to handle the requests If for example you set the port number 80 ...

Page 48: ... an Internet server For added security Internet users will be able to communicate with the server but they will not actually be connected The packets will simply be forwarded through the Router Port Range Forwarding 1 Select the Service from the pull down menu 2 If the Service you need is not listed in menu please click the Service Management button to add new Service and enter the Protocol and Po...

Page 49: ...3 Enter the IP Address of the server that you want the Internet users to access Then enable the entry 4 Click the Add to List button and configure as many entries as you would like You can also Delete the selected application Port Triggering ...

Page 50: ...ate incoming port in this table The Router will forward the incoming packets to the LAN host 1 Enter the range of port numbers and enter the application name and enter the incoming port range 2 You can click the Add to List button to add Port Triggering or Delete selected application Click the Apply button to save the Forwarding settings click the Cancel button to undo your changes click the Show ...

Page 51: ... Protocol and External Port and Internal Port and then Add to list and save settings Otherwise there will be no entry in Service menu 2 Enter the Host Name or IP Address of the server that you want the Internet users to access and then enable the entry 3 Click the Add to List button and configure as many entries as you would like The maximum entry is 30 You can also delete the selected application...

Page 52: ...t determines the route that the network packets take based on the fewest number of hops between the source and the destination The RIP protocol regularly broadcasts routing information to other routers on the network z Working Mode Select Gateway mode if your Router is hosting your network s connection to the Internet Select Router mode if the Router exists on a network with other routers includin...

Page 53: ...etwork The static routing function determines the path that data follows over your network before and after it passes through the Router You can use static routing to allow different IP domain users to access the Internet through this device This is an advanced feature Please proceed with caution This Router is also capable of dynamic routing see the Dynamic Routing tab In many cases it is better ...

Page 54: ...sk Enter the Subnet Mask used on the destination LAN IP domain For Class C IP domain the Subnet Mask is 255 255 255 0 z Default Gateway If this Router is used to connect your network to the Internet then your Gateway IP is the Router s IP Address If you have another router handling your network s Internet connection enter the IP Address of that router instead z Enter Hop Count max 15 This value gi...

Page 55: ...ncel button to undo your changes or click the Show Routing Table button to view the current routing table One to One NAT One to One NAT creates a relationship which maps valid external addresses to internal addresses hidden by NAT Machines with an internal address may be accessed at the corresponding external valid IP address Creating this relationship between internal and external addresses is do...

Page 56: ...rom the Internet However with One to One NAT the machines with the internal IP addresses of 192 168 168 2 to 192 168 168 15 may be accessed at the corresponding external IP address Note The 16 Port Multi WAN VPN Router WAN IP NAT Public Address may not be included in a range z Enable One to One NAT If you check the box One to One NAT will be enabled z Private Range Begin Enter the beginning IP add...

Page 57: ...e a Range Length of 1 Note One to One NAT does change the way the firewall functions work Access to machines on the LAN from the Internet will be allowed and the local IP will be exposed to the internet unless Network Access Rules are set You can click Add to List button or Delete selected range Click the Apply button to save the settings or click the Cancel button to undo your changes DDNS DDNS D...

Page 58: ...er is editing is shown here z DDNS Service The DDNS feature is disabled by default To enable this feature you can choose DynDNS org or 3322 org from the pull down menu and enter the Username Password and Host Name of the account you set up with DynDNS org or 3322 org z Internet IP Address The Router s current Internet IP Address is displayed here Because it is dynamic this will change z Status Whe...

Page 59: ...equire that you register a MAC address This clones your network adapter s MAC address onto the Cable DSL Firewall Router and prevents you from having to call your ISP to change the registered MAC address to the Cable DSL Firewall Router s MAC address The Cable DSL Firewall Router s MAC address is a 12 digit code assigned to a unique piece of hardware for identification like a social security numbe...

Page 60: ...er 55 Input the MAC Address to User Defined WAN MAC Address field or select MAC Address from this PC Click Apply to save the MAC Cloning settings or click the Cancel button to undo your changes or click the Back button to previous page ...

Page 61: ...a DHCP Dynamic Host Configuration Protocol server on your network A DHCP server assigns available IP addresses to each computer on your network automatically If you choose to enable the DHCP server option you must configure all of the PCs on your LAN to connect to a DHCP server ...

Page 62: ...e time assigned if the computer DHCP client requests one The range is 5 43 200 Minutes Range Start End Enter a starting IP address and ending IP address to make a range to assign dynamic IP address The default range is 100 149 Static IP The administrator can assign the Static IP for the specific client based on this user s MAC address Enter the Static IP Address and MAC Address and then click the ...

Page 63: ... Apply button to save the DHCP settings or click the Cancel button to undo the changes Status A Status page is available to review DHCP Server Status The DHCP Server Status reports the IP of DHCP Server the number of Dynamic IP Used Static IP Used DHCP Available and Total Client Table shows the current DHCP Client information You will see the related information ...

Page 64: ...Host Name IP Address MAC Address and Leased Time of all network clients using the DHCP server Clicking Trash Can button to delete the line and the IP Address of Client Host got will be released or clicking Refresh button to refresh the Client Table ...

Page 65: ... WAN VPN Router and receive notification of any critical events as they occur on the network The 16 Port Multi WAN VPN Router supports SNMP v1 v2c and all relevant Management Information Base II MIBII groups The appliance replies to SNMP Get commands for MIBII via any interface and supports a custom MIB for generating trap messages To configure SNMP type in the necessary information in the followi...

Page 66: ...name for a group or community of administrators who can view SNMP data The default value is Public z Community Name Create a name for a group or community of administrators who can receive SNMP traps A name must be entered z Trap Community Name Type the Trap Community Name which is the password sent with each trap to the SNMP manager z Send SNMP Trap to Enter the IP or Domain Name in this filed an...

Page 67: ...e result will be Address Resolving Failed 16 Port Multi WAN VPN Router will then query the DNS server and display the result at the bottom of the screen Note The IP address of the DNS server must be entered in the General Settings page for the Name Lookup feature to function Ping The Ping test bounces a packet off a machine on the Internet back to the sender This test shows if 16 Port Multi WAN VP...

Page 68: ...mpleted a message showing the results will be displayed at the bottom of the Web browser window The results include Status Test succeeded Failed Packets transmitted received loss and Round Trip Time Minimum Maximum and Average Note Ping requires an IP address 16 Port Multi WAN VPN Router s DNS Name Lookup tool may be used to find the IP address of a host Restart ...

Page 69: ...rt Multi WAN VPN Router provides Active Firmware and Backup Firmware and users can choose the firmware version for the router to restart with The default is Active Firmware Version Factory Default The Factory Default button can be used to clear all of your configuration information and restore 16 Port Multi WAN VPN Router to its factory state Only use this feature if you wish to discard all other ...

Page 70: ...WAN VPN Router 65 Firmware Upgrade Users can use the following download function to download the new version of firmware into computer in advance and then select the file Finally click the Firmware Upgrade Right Now button ...

Page 71: ...Settings button After you have selected the file click the Import button This process may take up to a minute You will then need to restart your 16 Port Multi WAN VPN Router in order for the changes to take effect Export Configuration File When you click the Export button your browser will bring up a dialog asking you where you would like to store your preferences file This file will be called con...

Page 72: ...and Auto Negotiation Port Setup Basic Per Port Config Please choose how many WAN ports you prefer to use Default value is 4 Users can choose from 2 4 On both of General setting page and Port Management page users can choose the number of WAN ports If users have set up the number of WAN ports on General Setting page the number of WAN ports here will be consistent with the settings on General ...

Page 73: ... the box the port will be disabled It is a per port setting z Priority Select High or Normal for Port based QoS Quality of Service QoS is used to maximize a network s performance and this setting allows you to prioritize performance on 16 ports z Speed Users can manually config the per port speed as 10Mbps or 100Mbps z Duplex Users can manually config the per port duplex as half duplex or full dup...

Page 74: ... selected by users such as Type Interface Link Status up or down Port Activity Enabled or Disabled Priority High or Normal Speed Status 10Mbps or 100Mbps Duplex Status half or full Auto negotiation on or off In Statistics table it will show the port receive transmit packet count packet byte count and Port Packet Error Count of the selected port Click Refresh button to refresh the port status ...

Page 75: ...fic Internet users from accessing the internal servers You can set up different packet filters for different users that are located on internal LAN side or external WAN side based on their IP addresses or their network Port number z Firewall The default is enabled If users disable the Firewall function SPI DoS Block WAN Request will be disabled Remote Management will be enabled and Access Rules an...

Page 76: ... port 80 or port 8080 for remote management z Multicast Pass Through IP Multicasting occurs when a single data transmission is sent to multiple recipients at the same time Using this feature the Router allows IP multicast packets to be forwarded to the appropriate computers z MTU Maximum Transmission Unit This feature specifies the largest packet size permitted for network transmission It is recom...

Page 77: ... the box is checked users can enter the web sites or IP address in Trusted Domain field and the Router will not check the Java ActiveX Cookies in the Trusted Domain s Click the Apply button to save the Firewall settings or click the Cancel button to undo your changes Access Rules Network Access Rules evaluate network traffic s Source IP address Destination IP address and IP protocol type to decide...

Page 78: ...can be created to override the above 16 Port Multi WAN VPN Router default rules but there are four additional default rules that will be always active and custom rule can not override the four rules HTTP service from LAN side to 16 Port Multi WAN VPN Router is always allowed DHCP service from LAN side is always allowed DNS service from LAN side is always allowed Ping service from LAN side to 16 Po...

Page 79: ...n the table and you can choose the Priority for each custom rule Click the Edit button to Edit the rule and click the Trash Can icon to delete the rule Click Add New Rule button to add new Access Rules or click the Restore to Default Rules button to restore to the default rules and all custom rules will be deleted ...

Page 80: ...utton depending on the intent of the rule z Service Select the service from the Service pull down menu If the service you need is not listed in the menu click the Service Management button to add new Service Enter Service Name Protocol and Port Range and click Add to list and then click Apply button ...

Page 81: ...nerated by WAN port number settings on General Setting or Port Management page z Source IP Select Any Single or Range and enter IP Address for single and range z Destination IP Select Any Single or Range and enter IP Address for single and range Scheduling Apply this rule time parameter Select the time range and the day of the week for this rule to be enforced The default condition for any new rul...

Page 82: ...uter will forbid web access to sites on the Forbidden Domains list Scheduling The Time of Day feature allows you to define specific times when Content Filtering is enforced For example you could configure the 16 Port Multi WAN VPN Router to filter employee Internet access during normal business hours but allow unrestricted access at night and on weekends ...

Page 83: ...elected Content Filtering is enforced at all times z From When selected Content Filtering is enforced during the time and days specified Enter the time period in 24 hour format and select the day of the week that Content Filtering is enforced Website Blocking by Keywords ...

Page 84: ... specific times when Content Filtering is enforced For example you could configure the 16 Port Multi WAN VPN Router to filter employee Internet access during normal business hours but allow unrestricted access at night and on weekends Apply this rule z Always When selected Content Filtering is enforced at all times z From When selected Content Filtering is enforced during the time and days specifi...

Page 85: ...VPN Router 80 VPN Summary The VPN Summary displays the Summary Tunnel Status and GroupVPN Status Summary It shows the number of Tunnel s Used and Tunnel s Available 16 Port Multi WAN VPN Router supports up to 200 tunnels Detail ...

Page 86: ...s on the top to save export or print the details of VPN Summary Tunnel Status Add New Tunnel Add Gateway to Gateway Tunnel or Add Client to Gateway Tunnel Gateway to Gateway The following figure illustrates the Gateway to Gateway tunnel a tunnel created between two VPN Routers When click Add Now it will show Gateway to Gateway page ...

Page 87: ...and entries per page You can click Previous page and Next page button to jump to the tunnel that you want to see You can also enter the page number into Jump to page directly and choose the item number that you want to see per page 3 5 10 20 All z Tunnel No It shows the used Tunnel No 1 200 and the tunnels defined in GroupVPN are also included z Name It shows the Tunnel Name that you enter in Gate...

Page 88: ...z Remote Group It shows the IP and subnet of Remote Group z Remote Gateway It shows the IP of Remote Gateway z Tunnel Test Click the Connect button to verify the tunnel status The test result will be updated in Status z Configure Edit and Delete If you click Edit button it will link to the original setup page You can change the settings If you click all settings of this tunnel will be deleted and ...

Page 89: ...p z Remote Client It shows the number of Remote Client of this GroupVPN z Remote Clients Status If you click the Detail List button it shows the details of Group Name IP address and Connection Time of this Group VPN z Configure Edit and Delete If you click Edit button it will link to the original setup page and you can change the settings If you click all settings of this tunnel will be deleted an...

Page 90: ...s will be generated by WAN port number settings on General Setting or Port Management page z Enable Check the box to enable VPN Local Group Setup Local Security Gateway Type There are five types They are IP Only IP Domain Name FQDN Authentication IP E mail Addr USER FQDN Authentication Dynamic IP Domain Name FQDN Authentication Dynamic IP E mail Addr USER FQDN Authentication The type of Local Secu...

Page 91: ...P and FQDN must be same with the Remote Security Gateway type of the remote VPN device and the same IP and FQDN can be only for one tunnel connection 3 IP E mail Addr USER FQDN Authentication If you select this type enter the E mail address and IP address will come out automatically 4 Dynamic IP Domain Name FQDN Authentication If the Local Security Gateway is with a dynamic IP you can select this ...

Page 92: ...curity Gateway requests to create a tunnel with 16 Port Multi WAN VPN Router the 16 Port Multi WAN VPN Router will work as a responder If you select this type just enter the E mail address for Authentication Local Security Group Type Select the local LAN user s behind the router that can use this VPN tunnel Local Security Group Type may be a single IP address or a Subnet The Local Secure Group mus...

Page 93: ...ype There are five types They are IP Only IP Domain Name FQDN Authentication IP E mail Addr USER FQDN Authentication Dynamic IP Domain Name FQDN Authentication Dynamic IP E mail Addr USER FQDN Authentication The type of Remote Security Gateway should match with the Local Security Gateway Type of VPN devices in the other end of tunnel 1 IP Only If you select IP Only only the specific IP Address tha...

Page 94: ...tication If you select this type enter the FQDN Fully Qualified Domain Name and IP address of the VPN device at the other end of the tunnel The FQDN is the host name and domain name for a specific computer on the Internet for example vpn myvpnserver com The IP and FQDN must be same with the Local Gateway of the remote VPN device and the same IP and FQDN can be only for one tunnel connection If you...

Page 95: ...te client by DNS Resolved and IP address of remote client will be displayed in the Tunnel Status of Summary page 4 Dynamic IP Domain Name FQDN Authentication If you select this type the Remote Security Gateway will be a dynamic IP so you do not need to enter the IP address When the Remote Security Gateway requests to create a tunnel with 16 Port Multi WAN VPN Router the 16 Port Multi WAN VPN Route...

Page 96: ...work as a responder If you select this type just enter the E mail address for Authentication Remote Security Group Type Select the Remote Security Group that behind the above Remote Gateway Type you chose that can use this VPN tunnel Remote Security Group Type may be a single IP address a Subnet or an IP range 1 IP Address If you select IP Address only the remote computer with the specific IP Addr...

Page 97: ...e are two Keying Modes of key management Manual and IKE with Preshared Key automatic Manual z Keying Mode If you select Manual it allows you to generate the key yourself and no key negotiation is needed Basically manual key management is used in small static environments or for troubleshooting purposes Both sides must use the same Key Management method z Incoming Outgoing SPI Security Parameter In...

Page 98: ...s more secure and both sides must use the same Authentication method z Encryption Key This field specifies a key used to encrypt and decrypt IP traffic and the Encryption Key is generated by users themselves The hexadecimal value is acceptable in this field Both sides must use the same Encryption Key If DES is selected the Encryption Key is 16 bit If users do not fill up to 16 bit this filed will ...

Page 99: ...its Group 2 is 1 024 bits and Group 5 is 1 536 bits If network speed is preferred select Group 1 If network security is preferred select Group 5 z Phase 1 Encryption There are three methods of encryption DES 3DES and AES The Encryption method determines the length of the key used to encrypt decrypt ESP packets DES is 56 bit encryption and 3DES is 168 bit encryption In addition AES includes three t...

Page 100: ... chose If Perfect Forward Secrecy is disabled there is no need to set up the Phase 2 DH Group since no new key would be generated and the key of Phase 2 will be same with the key in Phase 1 z Phase 2 Encryption Phase 2 is used to create one or more IPSec SAs which are then used to key IPSec sessions There are three methods of encryption DES 3DES and AES The Encryption method determines the length ...

Page 101: ...ter and hexadecimal values are acceptable in this field e g My_ 123 or 4d795f40313233 The maximum entry of this field is 30 digit Both sides must use the same Pre shared Key It s recommended to change Preshared keys regularly to maximize VPN security Clink the Apply button to save the settings or click the Cancel button to undo the changes Advanced For most users the settings on the VPN page shoul...

Page 102: ...keep up the connection of IPSec tunnels Whenever a connection is dropped and detected it will be re established immediately z AH Hash Algorithm AH Authentication Header protocol describe the packet format and the default standards for packet structure With the use of AH as the security protocol protected is extended forward into IP header to verify the integrity of the entire packet by use of port...

Page 103: ...VR 200 16 Port Multi WAN VPN Router 98 default Interval is 10 sec Click the Apply button when you finish the settings or click the Cancel button to undo the changes ...

Page 104: ... VPN clients Tunnel z Tunnel No The tunnel no will be generated automatically from 1 200 z Tunnel Name Once the tunnel is enabled enter the Tunnel Name field Such as Sales Name This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel z Interface Select the Interface from the pull down menu When Multi WAN is enabled there will be four...

Page 105: ...of tunnel 1 IP Only If you select IP Only only the specific IP Address will be able to access the tunnel The WAN IP of 16 Port Multi WAN VPN Router will come out in this filed automatically and you do not need to enter 2 IP Domain Name FQDN Authentication If you select this type enter the FQDN Fully Qualified Domain Name and IP address will come out automatically The FQDN is the host name and doma...

Page 106: ...r If you select this type just enter the Domain Name for Authentication and the Domain Name must be same with the Remote Security Gateway of the remote VPN device The same Domain Name can be only for one tunnel connection and users can t use the same Domain Name to create a new tunnel connection 5 Dynamic IP E mail Addr USER FQDN Authentication If the Local Security Gateway is with a dynamic IP yo...

Page 107: ...y the computer with the specific IP Address that you enter will be able to access the tunnel The default IP is 192 168 1 0 2 Subnet If you select Subnet which is the default this will allow all computers on the local subnet to access the tunnel Enter the IP Address and the Subnet Mask The default IP is 192 168 1 0 and default Subnet Mask is 255 255 255 192 Remote Client Setup Remote Client In Tunn...

Page 108: ...t IP address from drop down menu If you do not know the static IP address of remote client but the domain name of remote client is known you can select IP by DNS Resolved and enter the real domain name on the Internet This device will get the IP address of remote client by DNS Resolved and IP address of remote client will be displayed in the Tunnel Status of Summary page 2 IP Domain Name FQDN Auth...

Page 109: ...played in the Tunnel Status of Summary page 3 IP E mail Addr USER FQDN Authentication If you select this type enter the E mail address and IP address of the VPN device at the other end of the tunnel If you know the static IP address of remote client select IP address from drop down menu If you do not know the static IP address of remote client but the domain name of remote client is known you can ...

Page 110: ...tication and the Domain Name must be same with the Local Gateway of the remote VPN device The same Domain Name can be only for one tunnel connection and users cannot use the same Domain Name to create a new tunnel connection 5 Dynamic IP E mail Addr USER FQDN Authentication If you select this type the Remote Security Gateway will be a dynamic IP so you do not need to enter the IP address When the ...

Page 111: ...s WAN1 WAN4 The options of WAN ports will be generated by WAN port number settings on General Setting or Port Management page z Enable Check the box to enable GroupVPN Local Group Setup Local Security Group Type In Group VPN condition Select the local LAN user s behind the router that can use this VPN tunnel Local Security Group Type may be a single IP address a Subnet or an IP range The Local Sec...

Page 112: ...ult Subnet Mask is 255 255 255 0 Remote Client Setup Remote Client In VPN Group condition There are three types of Remote Client Domain Name FQDN E mail Address USER FQDN and Microsoft XP 2000 VPN Client 1 Domain Name FQDN Fully Qualified Domain Name If you select FQDN enter the FQDN of the Remote Client When the Remote Client requests to create a tunnel with 16 Port Multi WAN VPN Router the 16 Po...

Page 113: ...Aggressive mode and FQDN USER FQDN ID options IPSec Setup The settings of both Tunnel and Group VPN in Client To Gateway mode are the same In order for any encryption to occur the two ends of the tunnel must agree on the type of encryption and the way the data will be decrypted This is done by sharing a key to the encryption code There are two Keying Modes of key management Manual and IKE with Pre...

Page 114: ... of the tunnel and vice versa z Encryption There are two methods of encryption DES and 3DES The Encryption method determines the length of the key used to encrypt decrypt ESP packets DES is 56 bit encryption and 3DES is 168 bit encryption 3DES is recommended because it is more secure and both sides must use the same Encryption method z Authentication There are two methods of authentication MD5 and...

Page 115: ...o not fill up to 32 bit this filed will be filled up to 32 bit automatically by 0 If SHA1 is selected the Authentication Key is 40 bit If users do not fill up to 40 bit this filed will be filled up to 40 bit automatically by 0 IKE with Preshared Key z Keying Mode IKE with Preshared Key automatic IKE is an Internet Key Exchange protocol that is used to negotiate key material for SA Security Associa...

Page 116: ...secure z Phase 1 SA Life Time This field allows you to configure the length of time a VPN tunnel is active in Phase 1 The default value is 28 800 seconds z Perfect Forward Secrecy If PFS is enabled IKE Phase 2 negotiation will generate a new key material for IP traffic encryption and authentication If PFS is enabled a hacker using brute force to break encryption keys is not able to obtain other or...

Page 117: ...s a 160 bit digest If users enable the AH Hash Algorithm in Advanced it s recommended to select Null to disable authentication of the ESP packets in Phase 2 for most users but both sides must use the same setting z Phase 2 SA Life Time This field allows you to configure the length of time a VPN tunnel is active in Phase 2 The default value is 3 600 seconds z Preshared Key The character and hexadec...

Page 118: ... IP Payload Compression is a protocol to reduce the size of IP datagrams If Compress is enabled 16 Port Multi WAN VPN Router will propose compression when initiating a connection If the responders reject this propose 16 Port Multi WAN VPN Router will not implement the compression When 16 Port Multi WAN VPN Router works as a responder 16 Port Multi WAN VPN Router will always accept compression even...

Page 119: ...raffic to pass through the VPN tunnel By default the Router blocks these broadcasts z Dead Peer Detection DPD When DPD is enabled 16 port VPN Router will send the periodic HELLO ACK messages to prove the tunnel liveliness when both peers of VPN tunnel provide DPD mechanism Once a dead peer is detected it will disconnect the tunnel so the connection can be re established The Interval is the number ...

Page 120: ... Pass Through is enabled by default z PPTP Pass Through Point to Point Tunneling Protocol PPTP Pass Through is the method used to enable VPN sessions PPTP Pass Through is enabled by default z L2TP Pass Through Layer 2 Tunneling Protocol L2TP Pass Through is the method used to enable VPN sessions L2TP Pass Through is enabled by default Click the Apply button when you finish the VPN Pass Through set...

Page 121: ...Router can send a detailed log to an external Syslog server Syslog is an industry standard protocol used to capture information about network activity The 16 Port Multi WAN VPN Router Syslog captures all log activities and include every connection source and destination IP address IP service and number of bytes transferred Enter the Syslog server name or IP address in the Syslog Server field Resta...

Page 122: ...is field blank if you do not want to receive copies of your log information z Log Queue Length entries The default is 50 entries 16 Port Multi WAN VPN Router will e mail log when Log entries is over 50 z Log Time Threshold minutes The default is 10 minutes 16 Port Multi WAN VPN Router will e mail log every 10 minutes 16 Port Multi WAN VPN Router will e mail log when meet any one of Log Queue Lengt...

Page 123: ...ystem Log Once you press this button the new window will pop up the Log and user can choose ALL System Log Access Log Firewall Log and VPN Log Outgoing Log Table Once you press this button the new window will pop up and show you the outgoing packet information including LAN IP Destination URL IP and Service Port number Incoming Log Table Once you press this button the new window will pop up and sh...

Page 124: ...C Address Subnet Mask Default Gateway Received Packets Sent Packets Total Packets Received Bytes Sent Bytes Total Bytes Error Packets Received and Dropped Packets Received for LAN DMZ and WAN ports Users can click Next page to see the system statistics on next page or click Previous page to see the system statistics on previous page when the number of WAN port is 3 4 Click the Refresh button to up...

Page 125: ...ocated on the lower right corner of the Web Interface This button will terminate the management session and the Authentication window will be displayed You will need to re enter your User Name and Password to login and continue to manage the 16 Port Multi WAN VPN Router ...