background image

OVERVIEW

 

Cellular Router Firewall 

DOC_DEV_IPL-C_User guide_A

 

Page 11

 

VPN 

Client or server IPSEC  or OpenVPN 
Encryption AES256 3DES 
Certificate X509 or preshared key 
16 VPNs maximum of the same type (OpenVPN or IPSec)

 

Firewall 

Stateful packet inspection (50 rules) 
Deny of service filter 
Source & destination IP address & port number  filter 
Remote users filter

 

Logs 

Date and time stamped logs 

 

Remote access server (RAS) 

User list 

 25 users 

Connection 

PPTP / L2TP-IPSec / Open VPN / HTTPS 
Login & password 

Certificate X509 

M2Me 

VPN Compliant  with the M2Me_Secure VPN client 

Compliant with the  M2Me_Connect mediation service 

Alarms 

1 input : emails or SM (cellular models) 

 

Serial interfaces 

Data rate 

1200 to 115200 kb/s parity N / E / O 

Gateway 

Raw client & server - Modbus master & slave 
Multicast  - Telnet  - Unitelway 

USB 

1 USB host port 
PPP client over the usb interface 

 

IP router

 

Ethernet

 

10/100 BT – 2 or 4 switched ports

 

IP router

 

Static routes – RIP V2

 

IP address  
translation 

 

Source IP @ translation (NAT) 
Destination  IP @ translation (DNAT) 

Port forwarding

 

DHCP

 

LAN interface : Fixed IP @ or 

DHCP client or DHCP server 

 

 
 

 

Summary of Contents for IPL-C

Page 1: ...Cellular Router Firewall DOC_DEV_IPL C_User guide_A IPL C Cellular Router Firewall _________________ USER GUIDE ...

Page 2: ......

Page 3: ... C cellular router is designed and manufactured by ETIC TELECOM 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL 33 0 4 76 04 20 05 FAX 33 0 4 76 04 20 01 E mail hotline etictelecom com web www etictelecom com ...

Page 4: ......

Page 5: ...tons 15 1 3 Connectors 16 1 4 IPL C 400 or IPL CW 400 router WiFi option 19 1 5 IPL C 220 ou IPL CW 220 router WiFi option 20 1 6 IPL C 230 or IPL CW 230 router WiFi option 21 1 7 IPL C 260 ou IPL CW 260 router WiFi option 22 1 8 IPL C 261 or IPL CW 261 router WiFi option 23 2 DIN rail mounting 24 3 Cooling 24 4 Supply voltage 25 5 Digital input and output 25 6 RS232 25 7 RS485 connection IPL C 22...

Page 6: ...olling the conformance of the connection 31 PREPARING THE SETUP 33 1 First setup 33 2 Protecting the access to the administration web server 33 3 HTTPS set up modifications through the WAN interface 34 4 Recovering the factory LAN IP address 34 5 Restoring the factory set up 34 6 Saving or restoring a set of parameters 35 7 Configuration steps 36 MAINTENANCE 37 1 Diagnostic 37 1 1 Logs 37 1 2 Netw...

Page 7: ... Electromagnetic compatibility and Radio spectrum Matters Part 1 General requirements EN301489 7 Electromagnetic compatibility and Radio spectrum Matters Part 7 Specific conditions for mobile and portable radio and ancillary equipment of digital cellular radio EN61000 6 2 Ed 2001 Immunity EN60100 4 2 Electrostatic Discharge EN60100 4 3 Radiated Immunity EN60100 4 4 EFT Burst Immunity EN60100 4 5 S...

Page 8: ...GPRS EDGE XY HG 4G 3G GPRS EDGE XY LE Firewall SPI VPN IPSEC OpenVPN 16 tunnels au total 25 remote users PPTP L2TP IPSec OpenVPN HTTPS Serial gateway Raw TCP UDP Telnet Modbus Unitelway Ethernet 10 100 BT 4 2 2 2 2 RS232 1 2 RS485 1 RS422 isolated 1 RS485 isolated 1 USB 1 1 1 1 1 NAT Port forwarding SNMP DNS DHCP server on the LAN inteface Digital input for alarm email 1 1 1 1 1 HTTPS HTML SSH con...

Page 9: ... point 2 4 or 5 GHz Firewall SPI VPN IPSEC OpenVPN 16 tunnels au total 25 remote users PPTP L2TP IPSec OpenVPN HTTPS Serial gateway Raw TCP UDP Telnet Modbus Unitelway Ethernet 10 100 BT 4 2 2 2 2 RS232 1 2 RS485 1 RS422 isolated 1 RS485 isolated 1 USB 1 1 1 1 1 NAT Port forwarding SNMP DNS DHCP server on the LAN inteface Digital input for alarm email 1 1 1 1 1 HTTPS HTML SSH configuration Option ...

Page 10: ...ellular network Type 4G 3G GPRS EDGE RF connector SMA female Models LE LS LA HG LTE 4G Europe USA Asia UMTS 3G Yes 1 Yes 1 Yes 1 Yes 2 GPRS EDGE Yes 3 Yes 3 Yes 3 Yes 3 1 850 900 1900 2100 MHz 2 850 900 1700 1900 2100 MHz 3 850 900 1800 1900 MHz Ethernet routage IP Ethernet 10 100 BT Détection de débit 10 ou 100 Mb s et de câble croisé Routeur Connexions distantes Routes statiques RIP V2 Translati...

Page 11: ...ion PPTP L2TP IPSec Open VPN HTTPS Login password Certificate X509 M2Me VPN Compliant with the M2Me_Secure VPN client Compliant with the M2Me_Connect mediation service Alarms 1 input emails or SM cellular models Serial interfaces Data rate 1200 to 115200 kb s parity N E O Gateway Raw client server Modbus master slave Multicast Telnet Unitelway USB 1 USB host port PPP client over the usb interface ...

Page 12: ...d 4G 3G GPRS EDGE IP router an IP router to route IP packets and set VPNs with other routers through the Internet a remote access server RAS to provide a secure access to the LAN for remote users a stateful inspection firewall to filter the IP traffic a WiFi client or access point and a serial gateway 4 1 Applications That features in the same product make the IPL C a top level solution for remote...

Page 13: ...PC or a smartphone Firewall The firewall protects against the sophisticated attacks coming from the Internet It is also able to filter IP frames between the WAN interface or any VPN interface on one hand and the LAN interface on the other hand VRRP redundancy VRRP makes possible to use two routers shaping a redundant solution DNS server DNS makes it possible to assign Internet names to devices or ...

Page 14: ...interface is the main WAN interface but the Ethernet interface of the RJ45 Nr1 or the WiFi interface when it is used as a client can be used as a WAN interface Only one interface can be used at the same time cellular Ethernet port 1 WiFi LAN interface The LAN interface consists of Ethernet ports optionally a WiFi interface when it is used as an access point and serial interfaces Firewall The firew...

Page 15: ...ower up Flashing red The factory configuration and the default IP address 192 168 0 128 are selected The current configuration is deleted Front panel push button Pressing the front panel PB led Function During 5 seconds 3 flashes The hotline of ETICTELECOM is authorised to connect remotely to the router administration server within a 1 hour delay During 10 seconds 5 flashes A remote user is author...

Page 16: ...2 In Entrée TOR 3 F Dgital output 4 F Digital output RJ45 Ethernet Position Name Description 1 Tx Emission polarity 2 Tx Emission polarity 3 Rx Reception polarity 4 N C 5 N C 6 Rx Reception polarity 7 N C 8 N C WiFi Antenna connector Network Type Observation WiFi RP SMA female Celular Antenna connector Network Type Observation Cellular SMA female 2 positions RS485 screw block Position Signal Funct...

Page 17: ...6 IN Clear to send 8 RTS 105 OUT Request to send Out Signal provided by the router RJ45 RS232 DTE interface Pos Signal Fonction RJ45 1 CD 109 OUT Carrier detect 2 RD 104 OUT Data Reception 3 TD 103 IN Data Emission 4 DTR 108 IN Data terminal ready 5 SG 102 Ground 6 DSR 107 OUT Data set ready 7 RTS 105 IN Request to send 8 CTS 106 OUT Clear to send Out Signal provided by the router 2 positions RS48...

Page 18: ...on RS422 signal OFF OFF The two 470 Ohm polarisation R are disabled on the reception RS422 signal SW3 SW4 ON ON The 120 Ohm termination R is enabled on the reception RS422 signal OFF OFF The 120 Ohm termination R is disabled on the reception RS422 signal 2 positions RS485 screw block IPL C 261 IPL CW 261 Position Signal Signal 1 Com Common 2 B RS485 polarity B 3 A RS485 polarity A Micro switches R...

Page 19: ... the cellular ntwk Cellular signal level Cel Off Cellular interface disabled 1 flash Faint not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal See detail further cellular network connection VPN Off No VPN has been enabled Flashnig VPN processing Green One VPN at least is established WiFi connection WiFi Off WiFi Interface not enabled Green WiFi Interface enabled WiFi Signal q...

Page 20: ...abled 1 flash Faint not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal See detail further cellular network connection VPN Off No VPN has been enabled Flashnig VPN processing Green One VPN at least is established WiFi connection WiFi Off WiFi Interface not enabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 flash ...

Page 21: ...e disabled 1 flash Faint not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal See detail further cellular network connection VPN Off No VPN has been enabled Flashnig VPN processing Green One VPN at least is established WiFi connection WiFi Off WiFi Interface not enabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 f...

Page 22: ...e disabled 1 flash Faint not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal See detail further cellular network connection VPN Off No VPN has been enabled Flashnig VPN processing Green One VPN at least is established WiFi connection WiFi Off WiFi Interface not enabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 f...

Page 23: ...e disabled 1 flash Faint not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal See detail further cellular network connection VPN Off No VPN has been enabled Flashnig VPN processing Green One VPN at least is established WiFi connection WiFi Off WiFi Interface not enabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 f...

Page 24: ... Router Firewall 2 DIN rail mounting Mounting the unit on the 35 mm horizontal DIN rail Removing the unit from the DIN rail 3 Cooling To avoid obstructing the airflow around the unit the spacing must be at least 25 mm above and below and 10 mm left and right ...

Page 25: ...gital input and output To check that the input and the output are correctly wired select Diagnostic Hardware Input Output The status of the input is displayed and the output can be switched ON or OF 6 RS232 The RS232 cable must be shorter than 10 meters Cables can be provided to connect the product to DTE and DCE as follows RS232 cables L 1m Code User connector Cable function CAB592 SubD 9 male To...

Page 26: ...vided on the front panel 2 positions screw block It is not isolated Long RS485 line or high data rate if the RS485 line is longer than10 meters or if the data rate is greater than 19200 b s it is necessary to connect one 120 Ohm matching resistor at each end of the line and two 390 Ohm polarisation resistors at one of the two extremities of the line ...

Page 27: ...that the TX TX line of the IPL router must be connected to the RX RX of all the other devices of the bus The polarisation and termination resistors can be selected with DIP switches The polarisation resistors must be enabled by one device of the bus The termination resistor must be enabled with SW3 SW4 when the router is located at the extremity of the bus Up to 16 devices can be connected to the ...

Page 28: ...mination resistors can be selected with DIP switches The polarisation résistors must be enabled by one device of the bus The termination resistor must be enabled with SW3 SW4 when the router is located at the extremity of the bus Up to 16 devices can be connected to the bus We recommend to use a shielded cable and twisted pairs If the line is exposed to lightning we recommend to protect the router...

Page 29: ... level information parameters or diagnostic menu To carry out that control use mandatorily a SIM card subscribed with the mobile service provider selected for the router RAS Remark The IPL router itself provides the reception level information in two ways A reception level led indicator The diagnostic menu of the administration web server of the router 10 2 Cellular antenna We provide a complete c...

Page 30: ...ill take care to subscribe to a service authorizing the right volume of data per month MB month and to check the price of the MB exceeding the limit of the subscription plan if it exists The subscription must be preferably signed in the country where the machine is supposed to be installed to avoid roaming costs 10 5 Installing the SIM card The router provides two SIM card holders If you use only ...

Page 31: ...ive an answer Network response delay to a PING request The response delay must be better than 500 ms If the delay is longer than one second it means the network is overloaded or that the signal level is weak If the connection is not conform change the position of the antenna or select an alternative service like UMTS instead of LTE for instance Cellular network reception level Led Reception level ...

Page 32: ......

Page 33: ...n to the PC an IP in accordance with the router RAS IP address For the first configuration assign for instance 192 168 0 127 to the PC Step 2 Connect the PC directly to the LAN interface of the router RAS Step 3 Launch the HTML browser http 192 168 0 128 2 Protecting the access to the administration web server Select Set up Security Administration rights Enter an administration identifier and pass...

Page 34: ...Remark the port No used to access to the administration web server with HTTPS is 4433 Example https 192 168 38 191 4433 4 Recovering the factory LAN IP address Press the rear panel push button The OPERATION led indicator will flash The factory IP address 192 168 0 128 will be restored but the current configuration remains active 5 Restoring the factory set up If firewall rules have been created fi...

Page 35: ...igurations table Assign a name for the current set of parameters configuration name field and click the Save button The updated Configurations table is displayed with an additional line To save a stored set of parameters as an editable file Select the set of parameters name in the Configurations table Click the Export to the PC button The set_of_parameters txt file is created To import an editable...

Page 36: ...se to proceed as follows Cellular interface setup LAN interface setup VPNs setup Routing and IP address translation functions setup Remote users connections the user list and the access rights setup Serial or USB gateway setup Firewall setup For detail about the configuration refer to the IPL routers setup manual reference 90 234 09 ...

Page 37: ...connections the VPN connections disconnections theremote users connections disconnections The router starts OpenVPN IPSec Logs These logs registers the detail of the VPN connections Advanced logs That logs registers details about the following events ADSL events M2Me RIP DHCP VRRP Telnet gateway Alarm emails The filter checkbox allow to display particular classes of events ...

Page 38: ...on Status IP address and remote IP address Reception level WiFi interface Wifi mode client or base station Connection status SSID RF Frequency To display the M2Me page Select The Diagnostic Network status M2Me menu The M2Me page summarizes the current status of the M2Me connection and also displays the M2Me logs To display the remote users page Select The Diagnostic Network status Remote users men...

Page 39: ...ta rate etc number of characters received or sent Number of TCP frames or UDP datagrams received or sent Number of TCP connections enabled The View link displays a window which shows the hexadecimal received and transmitted traffic over each serial COM port It can be a great help for trouble shooting 1 4 Ping tool Select the Diagnostic Tool Ping menu Enter the PING destination IP address 1 5 WiFi ...

Page 40: ...succeed for instance if the connection fails the ETIC router restarts with the current firmware Once the firmware update has been carried out the ETIC router restores the previous current set of parameters To update the firmware Select Maintenance Firmware update menu Click the Select the firmware file button Click Upgrade now When the firmware is updated the product automatically reboots ...

Page 41: ......

Page 42: ...ETIC TELECOM 13 chemin du vieux Chêne 38240 Meylan France contact etictelecom com ...

Reviews: