background image

HotBrick Network Solutions 

6: VPN Configuration 

Overview 

       Virtual Private Network (VPN), is a connection between two end points. It allows private data to 
be sent securely over a public network, such as Internet. VPN establishes a private network that can 
send data securely between two networks. We call this is by creating a “tunnel”. A VPN tunnel 
connects the two PCs or networks 

 

 

Planning the VPN 

When planning your VPN, you must make following choices first. 

1.  If the remote end were a network, the two-endpoint network must have different LAN IP address 

ranges. If the remote endpoint is a single PC running a VPN client, its destination address must 
be a single IP address, with subnet mask of 255.255.255.255 

2.  Will you be using the Internet Key Exchange (IKE) setup, or Manual Keying, in which you must 

specify each phase of the connection. 

3.  What encryption level you are going to use (DES or 3DES)? 

 

 

Note:

 The VPN 800/2 Firewall Router uses industry standard VPN protocol. However, due to 

variations in how manufactures interpret these standard, many VPN products are not interoperable. 
Although the VPN 800/2 Firewall Router can interoperate with many other VPN products. It is not 
possible for VPN 800/2 Firewall Router to provide specific technical support for every other product. 

Page 50 

Summary of Contents for VPN 800/2

Page 1: ...Dual WAN Firewall Router VPN 800 2 User s Guide HotBrick Network Solutions ...

Page 2: ......

Page 3: ...ost IP Setup 25 Virtual Server 28 Custom Virtual Server 30 Special Application 32 Dynamic DNS 34 Multi DMZ 37 UPnP 39 NAT 40 Advanced Features 41 5 SECURITY MANAGEMENT 44 Overview 44 Block URL 44 Access Filter 46 Session Limit 48 System Filter Exception 49 6 VPN CONFIGURATION 50 Overview 50 IPSec Global Setting 51 Policy Setup 53 7 QOS CONFIGURATION 58 Overview 58 QoS Setup 58 Policy Configuration...

Page 4: ...em Status 71 WAN Status 74 NAT Status 75 APPENDIX A SPECIFICATIONS 77 APPENDIX B WINDOWS TCP IP SETUP 78 Overview 78 TCP IP Settings 78 APPENDIX C TROUBLESHOOTING 84 Overview 84 General Problems 84 Internet Access 84 Copyright 2004 All Rights Reserved Document Version 1 4 All trademarks and trade names are the properties of their respective owners ii ...

Page 5: ...Router by sharing one 1 or two 2 Broadband modems and connections High Performance Dual Modem Support The VPN 800 2 Firewall Router has two 2 WAN ports allowing connection of two 2 Broadband modems This gives twice the bandwidth of a single modem Flexible configuration allows each port to use a different type of modem and connection method Also you can determine how the Internet traffic is shared ...

Page 6: ...ked For each IP address allocated by your ISP a separate DMZ PC can be specified So if your ISP has given you multiple IP addresses you can have multiple DMZ PCs Each DMZ PC has unrestricted 2 way Internet access providing the ability to run programs that are otherwise incompatible with NAT routers like the Load Balancer Access Filter The network Administrator can use the Access Filter to gain fin...

Page 7: ...ists it can also optionally be configured via the Internet Password protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings HTTP Firmware Upgrade and backup The web management feature allows you to use HTTP upgrade new firmware and backup system configuration from local or even from remote site As long as you...

Page 8: ... Router Operation of the Front Panel LEDs is as follows LAN LED 100M Green 10M Yellow ON The corresponding LAN port is using 100BaseT OFF No physical connection ON The corresponding LAN port is using 10BaseT OFF No physical connection WAN LED Green 100M Yellow 10M Flash Active Status LED WAN Status LAN Status Green Flash WAN Active Yellow Error Green Flash LAN Active Yellow Error Blinking Data in ...

Page 9: ...ations of LEDs as shown below LED Action Condition WAN LAN Status LEDs flash alternatively Firmware Download in progress WAN LAN LEDs flash concurrently MAC address not assigned Caution To re plug the VPN 800 2 Firewall Router it should be apart from unplug time more than 20 seconds Page 5 ...

Page 10: ... 2 Firewall Router is unusable and you wish to restore it by downloading new firmware Follow this procedure 1 Power On the VPN 800 2 Firewall Router 2 Use the supplied Windows utility or a TFTP client program applies the new firmware If using the supplied Windows TFTP program the screen will look like the following example Figure 1 4 Windows TFTP utility VPN F 800 2 Firewall Router Enter the name ...

Page 11: ...form three 3 other operations Save the current configuration settings to your PC use the Upload button Restore a previously saved configuration file to the VPN 800 2 Firewall Router use the Download button VPN 800 2 Firewall Router to its default values use the Set to Default button Page 7 ...

Page 12: ...SP Network cables Use standard 10 100BaseT network UTP cables with RJ45 connectors TCP IP network protocol must be installed on all PCs Procedure 1 Configuring the VPN 800 2 Firewall Router for your LAN 1 Use a standard LAN cable to connect your PC to any Hub port on the VPN 800 2 Firewall Router 2 Connect the power cord and power up the VPN 800 2 Firewall Router Only use the power cord provided u...

Page 13: ...re your PC to use an IP address within the range 192 168 1 2 to 192 168 1 254 with a Network Mask of 255 255 255 0 See Appendix B Windows TCP IP Setup for details Check that the VPN 800 2 Firewall Router is properly installed LAN connection is OK and it is powered ON 8 After the login you will then see the Admin Password screen as shown below Assign a password by entering it in the Password and Ve...

Page 14: ... your LAN Settings LAN DHCP LAN IP Configuration IP address for the VPN 800 2 Firewall Router as seen from the local LAN Use the default value unless the address is already in use or your LAN is using a different IP address range In the latter case enter an unused IP Address from within the range used by your LAN Subnet Mask The default value 255 255 255 0 is standard for small class C networks Fo...

Page 15: ...ilable ARP Proxy Enable this ONLY if the LAN port has an IP address in the same address range as the WAN port s This means that all PCs using this Gateway must have valid fixed external Internet IP addresses If enabled enter the IP address range used on your LAN LAN Any IP Setup By default is disabled If you enable LAN any IP that means no matter what static IP address hold on the client your PC T...

Page 16: ...another hub Any LAN port on the VPN 800 2 Firewall Router will automatically act as an Uplink port when required 4 Power Up Power on the Cable or DSL modem or modems Connect the supplied power cord to the VPN 800 2 Firewall Router and power up 5 Check the LEDs The Power LED should be ON The WAN Link LED should be ON if the corresponding WAN port is connected to a broadband modem The Error LED will...

Page 17: ...lect this if you have connected a broadband modem to this port Disable Select this if there is no broadband modem connected to this port Backup Use this if you have a broadband modem on each port and wish to normally use only one Select Enable for the primary port and Backup for the secondary port The Backup port will only be used if the primary port fails Page 13 ...

Page 18: ...ter the Username and Password provided by your ISP If using PPTP enable the PPTP Connection checkbox and enter the IP address of the PPTP server Host name Optional For PPPoE This field is used by a Host to uniquely associate an access concentrator to a particular Host request Note There are additional PPPoE PPTP options on the Port Options screen To use multiple PPPoE sessions on either port confi...

Page 19: ...Windows TCP IP Setup Internet Access To configure your PCs to use the VPN 800 2 Firewall Router for Internet access follow this procedure For Windows 9x 2000 1 Select Start Menu Settings Control Panel Internet Options 2 Select the Connection tab and click the Setup button 3 Select I want to set up my Internet connection manually or I want to connect through a local area network LAN and click Next ...

Page 20: ...ave the Phone Number blank Click Save then OK Configuration is now complete Before clicking Sign On always ensure that you are using the VPN 800 2 Firewall Router location Macintosh Clients From your Macintosh you can access the Internet via the VPN 800 2 Firewall Router The procedure is as follows 1 Open the TCP IP Control Panel 2 Select Ethernet from the Connect via pop up menu 3 Select Using DH...

Page 21: ... your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to your version of Linux and X windows shell 1 Start your X Windows client 2 Select Control Panel Network 3 Select the Interface entry for your Network card Normally this will be called eth0 4 Click the Edit button set the protocol to DHCP and save this data 5 To apply your changes...

Page 22: ... if you are using both WAN ports It allows you to determine the proportion of WAN traffic sent through each port Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WAN ports It can also be used to manually connect or disconnect a PPPoE session Otherwise this screen can be ignored Advanced PPTP setup is required if using the PPTP connection method Port Optio...

Page 23: ...s determines how often an Echo request is sent to the PPPoE server The Echo request is used to determine if the connection is still valid Normally there is no need to change the default value Echo Retry The number of time the Echo request will be sent if there is no response to the first request Normally there is no need to change the default value Transparent Bridge Option Bridge Mode If set to E...

Page 24: ...is only operational if using Internet connections on both WAN ports Figure 3 2 Load Balance These settings are only functional if using both WAN ports If using both WAN ports these settings determine the proportion of traffic sent over each port Page 20 ...

Page 25: ... to be sent over WAN 1 If one WAN port connection has greater bandwidth than the other the one with the greater bandwidth should be given a higher percentage of traffic than the other Click the Update button to save your changes NAT Statistics This section displays the current data about WAN 1 and WAN 2 You can use this information to help you fine tune the settings above Interface Statistics This...

Page 26: ...displayed in the WAN IP Account section Session MTU The Maximum Transfer Unit for PPPoE packets data Leave it as default unless the ISP offers different PPPoE packets data size WAN IP Account User Name Enter the PPPoE user name assigned by your ISP Password Enter the PPPoE password assigned by your ISP Verify Password Re enter the PPPoE password assigned by your ISP IP Address If you have a fixed ...

Page 27: ...work Solutions Action Use the Connect and Disconnect buttons to establish or terminate a connection on this session if required Connection Status This displays the current connection status for each session Page 23 ...

Page 28: ... user name login name assigned by your ISP Password The PPTP password associated with the User Name above This is assigned by your ISP and used to login to the PPTP Server Verify Password Re enter the PPTP password assigned by your ISP Server IP Address Enter the IP address of the PPTP Server as provided by your ISP Static IP Address If you have a fixed IP address enter if here Otherwise this fiel...

Page 29: ...AN You wish to use the Access Filter feature This requires that each PC be identified by using the Host IP Setup screen You wish to have different Block URL settings for different PCs This requires that each PC be identified by using the Host IP Setup screen You do not have to use the Host IP feature to apply the same Block URL settings to all PCs You wish to reserve a particular LAN IP address fo...

Page 30: ...hould use the Hostname computer name defined on the Host itself MAC Address Also called Physical Address or Network Adapter Address Enter the MAC address of this host Select Group Select the group you wish to put this host into Reserve in DHCP Select Enable to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this obtain an IP address ...

Page 31: ...AN1 port is disconnected your packets will automatically go to WAN2 if WAN2 is alive Select WAN Port Select PPPoE session If the setting above is Enable select the desired Port and Session Otherwise ignore these settings Note Multiple PPPoE sessions are defined on the Advanced PPPoE screen Buttons Add Use this to add a new entry to the database using the data shown on screen Delete Click this to d...

Page 32: ...es these problems and allows Internet users to connect to your servers as illustrated below Figure 4 2 Virtual Servers Note that in this illustration both Internet users are connecting to the same IP Address but using different protocols Connecting to the Virtual Servers Once configured anyone on the Internet can connect to your Virtual Servers They must use the VPN 800 2 Firewall Router s Interne...

Page 33: ...ns org Figure 4 3 Virtual Server Settings Virtual Server Enable Use this to Enable or Disable each Virtual server as required Server Type Select the desired Server type If the type of Server you wish to use is not listed use the Custom Virtual Server screen to define your own type Virtual Server LAN IP Address Enter the IP address of the PC on your LAN which is running the required Server software...

Page 34: ...sting entry select it and then click the Select button The screen will update with data for the selected entry Custom Server Configuration This data defines the Custom Virtual Server Server Name Enter a suitable name for this server State Use this to Enable or Disable the server as required Server IP Enter the IP address of the PC on you LAN which is running the required Server software Each PC sh...

Page 35: ...sed for incoming traffic to this Server If only a single port is required enter it in both fields Interface Binding This selection allows severs binding WAN1 port or WAN2 port or even both WAN1 and WAN2 ports together Buttons Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry Cancel Cancel any changes you have made...

Page 36: ...ic from the client PC viewpoint Figure 4 5 Special Applications Settings Special Applications Select Special Application Name Select Name Item This lists any special applications which are currently defined If adding a new Special Application ignore this list Just enter your data in the Special Application Configuration section and click the Add button To edit an existing entry select it from this...

Page 37: ... the application server for data you receive If the application uses a single port number enter it in both fields Buttons Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry Cancel Cancel any changes you have made since the last save operation Special Application List This shows details of all Special Applications w...

Page 38: ...is available at http www hotbrick dns4biz com hotbrick php3 TZO at http www tzo com 3322 is available in China at http www 3322 org Standard client available at http www dyndns org Other sites may offer the same service but can not be guaranteed to work To use the Dynamic DNS feature 1 Register for the service from your preferred service provider 2 Follow the service provider s procedure to have a...

Page 39: ... your DNS service is hosted on dedicated high end servers with 24 7 Monitoring to ensure the highest possible availability reliability TZO Select this to use the TZO service www tzo com You must configure the TZO section of this screen Standard Client Select this to use the standard service from www dyndns org or other provider You must configure the Standard Client section of this screen 3322 in ...

Page 40: ... immediately Additional Setting These options are available if using the standard client Enable Wildcard If selected traffic sent to sub domains of your Domain name will also be forwarded to you Enable backup MX If enabled you must enter the Mail Exchanger address below Mail Exchanger If the setting above is enabled enter the address of the backup Mail Exchanger Page 36 ...

Page 41: ...ith that WAN port IP address Any traffic sent to that IP address will be forwarded to the specified PC allowing unrestricted 2 way communication between the DMZ PC and other Internet users or Servers Note The DMZ PC is effectively outside the Firewall making it more vulnerable to attacks For this reason you should only enable the DMZ feature when required Figure 4 7 Multi DMZ Page 37 ...

Page 42: ...or Dynamic IP WAN Select the desired WAN port Session Select DHCP if the IP address on this WAN port is dynamically assigned You can only select assign one 1 Private LAN IP address to each port If using multi session PPPoE select the desired PPPoE session These sessions are defined on the Advanced PPPoE screen You can assign one 1 one 1 Private LAN IP address to each PPPoE session Private IP Addre...

Page 43: ...rked devices and services Figure 4 8 UPnP Settings UPnP UPnP Option If you Enable UPnP then this two wan router will become one of the entire local network You can find out there is an icon show up on network neighborhood on the window XP OS Every time you add a new network device with port mapping The new network device will appear on the mapping list Page 39 ...

Page 44: ... default is 300 UDP Timeout Enter the desired value to use on both WAN ports The default is 120 TCP Window Limit Enter the desired value to use on both WAN ports The default is 0 no limit TCP MSS Limit Enter the required MSS Maximum Segment Size to use on both WAN ports The default is 0 no limit Disable Port Translation If some packets whose port number cannot be translated for special application...

Page 45: ...xternal Filters Configuration These settings determine whether or not the VPN 800 2 Firewall Router should respond to ICMP ping requests received from the WAN port Interface Binding Use these to ensure that certain traffic is sent by a particular WAN port and thereby a particular ISP account These settings are only useful if using both WAN ports Protocol Port Binding This allows you binding WAN1 o...

Page 46: ...When a client program in your computer contacts a remote server for services such as POP IMAP SMTP that remote server sends back a query to the Ident server running in many systems listening for these queries on port 113 This means that port 113 is often probed by attackers as a rich source of your personal information By default it is Disable External Filters Configuration These settings determin...

Page 47: ...om Destination IP IP address of destination which packets are sent to Subnet Mask With subnet mask other than 255 255 255 255 you can make an IP sub network as your destination Protocol Select the protocol used by the traffic you wish to configure Port Range Enter the beginning and end of the port range used by the traffic you wish to configure If only a single port is used enter the port number i...

Page 48: ...il alert to the administrator If the device detect new sessions that is exceed the maximum sampling time Block URL This feature allows you to block access to undesirable Web sites You can block by URL IP address or Keyword You can also have different blocking settings for different groups of PCs In operation every URL is searched to see if it matches or contains any of the URL or keywords entered ...

Page 49: ...tions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen If you wish to apply different restrictions on different Groups select the desired Group and click the Select button The screen will update with data for the selected Group Block Internet Access Enable Disable Use this to Enable or Disable each setting as required Block UR...

Page 50: ...another group on the Host IP screen Figure 5 2 Access Filter Settings Block URL Setup Access Group Select Group This allows you have different access rights for different Groups of PCs If you want the same restrictions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen If you wish to apply different restrictions on different Gro...

Page 51: ...oup will not be able to use any services which are checked ICMP Filters IF you enable ICMP Filters function that mean it will block ICMP packets from local host send to remote site User defined Ports to Block This section is optional It allows you to define your own filters if required For each filter the following information is required Name Enter a meaningful name for this filter TPC UDP Packet...

Page 52: ...400 mil sec Maximum of Total New session If the number of new sessions for system exceed the maximum in the Sampling Time Any new sessions in the system will be dropped Default 65535 session sec Maximum of New Sessions for Host If the number of new sessions for the host exceeds the maximum in the sampling time Any new session of the host will be dropped Default session sec Maximum of Dropped New S...

Page 53: ...The check box can allow you enable or disable firewall exception Interface You can select LAN WAN1 WAN2 or ALL interfaces to be process by the system protocol stack If you enable check box Protocol There are six protocols UDP TCP ICMP GRE ESP AH to choose to let the packets directly process by the system protocol stack Foreign Port Range Select foreign port number range directly process by system ...

Page 54: ...IP address ranges If the remote endpoint is a single PC running a VPN client its destination address must be a single IP address with subnet mask of 255 255 255 255 2 Will you be using the Internet Key Exchange IKE setup or Manual Keying in which you must specify each phase of the connection 3 What encryption level you are going to use DES or 3DES Note The VPN 800 2 Firewall Router uses industry s...

Page 55: ...HotBrick Network Solutions IPSec Global Setting Figure 6 1 IPSec Global Setting Page 51 ...

Page 56: ...vailable DES 3DES and AES Phase 1 Authentication Method There are two authentication available MD5 and SHA1 Secure Hash Algorithm Phase 1 SA Life Time By default the Security Association lifetime is 28800 Sec Maxtime to complete phase 1 The aim of phase 1 is to authenticate and establish a secure tunnel which will protect further IKE negotiation The maximum time default is 30 sec Maxtime to comple...

Page 57: ...HotBrick Network Solutions Policy Setup Policy Setup Figure 6 2 Policy Setup Page 53 ...

Page 58: ... entries identify the private network on this VPN router the hosts of which can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN LAN to LAN connection Remote Security Network These entries identify the private network on the remote peer VPN router whose hosts can use the LAN to LAN connection You can choose a single IP address the subne...

Page 59: ...e Mode is another way of accomplishing a phase one exchange It is faster and simpler than main mode but does not provide identity protection for the negotiating nodes Perfect Forward Secrecy PFS If PFS is enable IKE phase 2 negotiation will generate a new key material for IP traffic encryption authentication Preshared Key This field is to authenticate the remote IKE peer Key Lifetime This is speci...

Page 60: ...rrent tunnel attribute that you just setup Dead Peer Detection If you like to utilize one of the wan port as a backup or plan failover function you can enable Dead Peer Detection function Check Method You can either choose ICMP Heartbeat detecting the remote site VPN tunnel if it is alive or not Page 56 ...

Page 61: ...P padding Allow Full ECN Enable will allow full Explicit Congestion Notification ECN ECN is a standard proposed by the IETF that will cut down on network congestion and routers dropping packets Copy DF Flag When an IP packet is encapsulated as payload inside another IP packet some of the outer header fields can be newly written and others are determined by the inner header Among these fields is th...

Page 62: ...s the high quality of network service Because it will classify outgoing packets based on some policies defined by users make some real time applications to get better response or performance QoS Setup The following web page management are guiding you how to setup QoS and make QoS work Figure 7 1 QoS Setup Page 58 ...

Page 63: ...eld in the IP packet header designed to contain values indicating how each packet should be handled in the network If you choose enable then it will enable this function to process IP Type of Service field Overwrite policy priority Choose yes to set the priority of TOS field in IP packet overwrite the priority defined in policy configuration Policy Configuration When you use QoS you must define so...

Page 64: ...e Address Define the source address of packets here It has two types like IP address or MAC address If you select IP address you can define IP address range otherwise define up to four MAC addresses Destination Address Define the destination address of packets here The explanation is as the same as above Protocol Type The field defines traffic packet type i e IP TCP and UDP Source Port Define the ...

Page 65: ...log Upgrade Firmware This chapter contains details of the configuration and use of each of these features SNMP This section is only useful if you have SNMP Simple Network Management Protocol software on your PC If you have SNMP software you can use a standard MIB II file with the VPN 800 2 Firewall Router Figure 8 1 SNMP Page 61 ...

Page 66: ... the IP address of any targets PCs running SNMP software to which you want traps to be sent All traps are level 1 Email Alert This feature will send a warning Email inform system administrator that one of the WAN ports was disconnected Email Alert You can choose to enable or disable it to send a warning email Email Sender Address It is an email address which will send the warning email Email SMTP ...

Page 67: ...you are enabled email alert For example mail domain com Email SMTP server user name This is the user name of email sender for authentication optional Email SMTP server password This is the user password Email SMTP Server Address is an email sever a warning email will be sent to If you are enabled email alert For example mail domain com Email Recipient Address It is an email address a warning email...

Page 68: ...Syslog Configuration allow you where to send system information to other machine or not There are up to three machines you can choose to send your system log Message Status Messages send only keep when keep send message checked Currently we keep last 100 messages in the RAM area they will clear when reboot or power off Figure 8 3 Syslog Page 64 ...

Page 69: ...an enable or disable each server temporarily Port If your syslog server does not use the default port you can change it Log Priority For Modules The syslog messages are divided into 8 levels from Emergency to Debug level The lower level the less messages will be generated Emergency is the lowest priority level and Debug is the highest one SNTP Configuration Time Zone You can setup system up time u...

Page 70: ...he desired password re enter it in the Verify Password field then save it When you connect to the Load Balancer with your Browser you will be prompted for the password when you connect as shown below Figure 8 5 Password Dialog Enter Admin for the User Name Enter the password for the VPN 800 2 Firewall Router as set on the Admin Password screen above Page 66 ...

Page 71: ...em configuration by press save button of Save System Configuration It will save the system configuration for you Notice You have to refresh the browser after you saved the system configuration file You also can do firmware upgrade by input the correct password and the file name of your firmware Remember do not Reset or Restart the device while update new firmware because it may cause system to cra...

Page 72: ...isabled This setting is on the LAN DHCP screen Your DHCP Server must be configured to provide the VPN 800 2 Firewall Router s LAN IP address as the Default Gateway Your DHCP Server must provide correct DNS addresses to the PCs Routing This section is only relevant if your LAN has other Routers or Gateways If you don t have other Routers or Gateways on your LAN you can ignore the Routing page compl...

Page 73: ...ess of the Gateway or Router which the VPN 800 2 Firewall Router must use to communicate with the destination above NOT the router attached to the remote segment Interface Select the correct interface usually LAN The WAN interface is only available if NAT Network Address Translation is disabled Metric The number of hops routers to pass through to reach the remote LAN segment The shortest path will...

Page 74: ...255 0 Gateway IP Address 192 168 1 100 Interface LAN Metric 2 Entry 2 Segment 2 Destination IP Address 192 168 3 0 Network Mask 255 255 255 0 Standard Class C Gateway IP Address 192 168 1 100 Interface LAN Metric 3 For Router A s Default Route Destination IP Address 0 0 0 0 Network Mask 0 0 0 0 Gateway IP Address 192 168 1 1 Metric 2 For Router B s Default Route Destination IP Address 0 0 0 0 Netw...

Page 75: ... the PCs are configured operation is automatic However there are some situations where additional Internet configuration may be required Refer to Chapter 4 Advanced Features for further details System Status Use the System Status link on the main menu to view this screen Figure 10 1 System Status Page 71 ...

Page 76: ...LAN IP Address of the VPN 800 2 Firewall Router Subnet Mask The Network Mask Subnet Mask for the IP Address above MAC Address The MAC physical address of the VPN 800 2 Firewall Router as seen from the local LAN DHCP Server The status of the DHCP Server function either Enabled or Disabled Device Information Firmware Version Version of the Firmware currently installed NAT Status of the NAT feature e...

Page 77: ...w for details Restore Factory Defaults When the Restore Factory Defaults button on the Status screen above is clicked the following screen is displayed Figure 10 2 Restore Factory Defaults If the Restore Default Value button on this screen is clicked ALL of your settings will be erased The default IP address password and ALL other settings will be restored to the factory default values The DCHP se...

Page 78: ...tatus This will display either Connected or Not Connected Default Loading Share The default traffic loading between the WAN ports Current Loading Share The current traffic loading between the WAN ports Current Loading The number of sessions Bytes and Packets currently being processed on each port Current Bandwidth The current Download and Upload speeds on each WAN port Check NAT Detail will displa...

Page 79: ...Subnet Mask for the IP Address above Active WAN IP Info There is one 1 row for each active connection For each connection the following data is shown IP Address The WAN Internet IP Address of the VPN 800 2 Firewall Router Mask Address The Network Mask Subnet Mask for the IP Address above NAT Timeouts This displays the current timeout values for TCP and UDP connections TCP Prosperity This displays ...

Page 80: ... Internet to Local traffic NAT Connections This displays the current number of active connections For further details click the View Connection list button Errors Statistics are displayed for Checksum errors number of retries and number of bad packets Misc This displays the total IP packets and reserved address Page 76 ...

Page 81: ... for WAN LEDs 8 LAN 2 WAN 2 Status 1 Power Power Input AC 115V 230V 0 5A FCC Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation CE Marking Warning This is a Class B product In a ...

Page 82: ... PC boots For all non Server versions of Windows the default TCP IP setting is to act as a DHCP client If you wish to check your TCP IP settings the procedure is described in the following sections If your LAN has a Router the LAN Administrator must re configure the Router itself Checking TCP IP Settings Windows 9x ME 1 Select Control Panel Network You should see a screen like the following Figure...

Page 83: ...ddress If your PC is already configured check with your network administrator before making the following changes If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK On the Gateway tab enter the VPN 800 2 Firewall Router s IP address in the New Gateway field and click Add as shown below Your LAN ...

Page 84: ...ck Add Figure B 4 DNS Tab Win 95 98 Checking TCP IP Settings Windows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Figure B 5 Network Configuration Win 2000 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like th...

Page 85: ...ing a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter the VPN 800 2 Firewall Router s IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the VPN 800 2 Firewall Router If the DNS Server fields are empty select Use t...

Page 86: ...nnection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following Figure B 7 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Page 82 ...

Page 87: ...sing a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter the VPN 800 2 Firewall Router s IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the VPN 800 2 Firewall Router If the DNS Server fields are empty select Use ...

Page 88: ...with the VPN 800 2 Firewall Router s default IP Address of 192 168 1 1 Also the Network Mask should be set to 255 255 255 0 to match the VPN 800 2 Firewall Router In Windows you can check these settings by using Control Panel Network to check the Properties for the TCP IP protocol Internet Access Problem 1 When I enter a URL or IP address I get a time out error Solution 1 A number of things could ...

Page 89: ...ent Use the Special Applications feature to allow the use of Internet applications which do not function correctly If this does solve the problem you can use the DMZ function This should work with most applications but It is a security risk since the firewall is disabled for the DMZ PC Only one 1 PC can use this feature Page 85 ...

Reviews: