KTI Networks KWG-400, User Manual

Page 1: ...1 11 1g g W Wi ir re el le es ss s S Se ec cu ur ri it ty y R Ro ou ut te er r User Guide ...

Page 2: ...f this equipment does cause harmful interference to radio or television reception which is found by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures ü Reorient or relocate the receiving antenna ü Increase the separation between the equipment or device ü Connect the equipment to an outlet other than the receiver s ü ...

Page 3: ...ion to notify any person or organization In no event will the manufacturer be liable for direct indirect special incidental or consequential damages arising out of the use or inability to use this product or documentation even if advised of the possibility of such damages This document contains materials protected by copyright All rights are reserved No part of this manual may be reproduced or tra...

Page 4: ...lications 2 Chapter 5 Management 2 Chapter 6 Macintosh Setup 2 Chapter 7 Trouble Shooting 2 Conventions 2 CHAPTER 1 GETTING TO KNOW YOUR ADVANCED WIRELESS 11G ROUTER 3 1 1 ABOUT THE 11G WIRELESS SECURITY ROUTER 3 Ethernet Fast Ethernet 3 Wireless LAN 3 1 2 CONTENTS OF THE 11G WIRELESS SECURITY ROUTER PACKAGE 4 1 3 FEATURES OF THE 11G WIRELESS SECURITY ROUTER 4 CHAPTER 2 HARDWARE INSTALLATION SETUP...

Page 5: ...IRELESS 46 4 13 DDNS 48 CHAPTER 5 MANAGEMENT 50 5 1 DEVICE ADMINISTRATION SETTINGS 50 5 2 STATUS MONITOR 53 5 3 LOG 54 5 4 BACKUP RESTORE 55 5 5 UPGRADE FIRMWARE 56 5 6 DIAGNOSTIC PING TRACERT 57 Ping 57 Tracert 58 CHAPTER 6 MACINTOSHSETUP 59 6 1 HARDWARE CONNECTIONS 59 6 2 COMPUTER NETWORK CONFIGURATION 59 6 2 1 Dynamic IP Addressing using DHCP Server 59 6 2 2 Manual Configuration of Fixed IP Add...

Page 6: ...NDIX C CONFIGURING IPSEC BETWEEN A MICROSOFT WINDOWS 2000 OR XP PC AND BROADBAND VPN ROUTER 68 C 1 ENVIRONMENT 68 C 2 STEPS IN WINDOWS 2000 XP 68 C 2 1 Create IPSec Policy 68 C 2 2 Build 2 Filter Lists WinXPàBroadband VPN Router and Broadband VPN RouteràWinXP 69 C 2 3 Configure Individual Rule of 2 Tunnels 72 C 2 4 Assign New IPsec Policy 81 APPENDIX D GLOSSARY 83 ...

Page 7: ...ovides natural firewall protecting your network from access by outside users but also extends your LAN connection Users on the LAN can share a single account of Internet access by having this device connect to a DSL Cable modem This Firewall Router allows up to 253 users on the Ethernet LAN simultaneously but makes IP configuration simple and easy Configured as a DHCP server the Advanced Wireless ...

Page 8: ...anced Wireless 11g Router Chapter 6 Macintosh Setup This Chapter provides instructions on how to set up your Macintosh computers in your network Chapter 7 Trouble Shooting This chapter describes any potential problems you may encounter and the suggested remedies Conventions The following explains the conventions used throughout this document Italics New words terms or special emphasis E g Getting ...

Page 9: ...3u standard a high speed version of Ethernet with 100Mbps transmission rate Wireless LAN Wireless Local Area Network systems WLANs transmit and receive data through the air by using radio frequency RF This offers some advantages like mobility ease of installation and scalability over traditional wired systems Mobility WLANs combine data connectivity with user mobility This provides users with acce...

Page 10: ... Internet at the same time by providing maximum Internet utilization to multiple users sharing a single public IP Address ü Allows users on Ethernet LAN and Wireless LAN to transfer data to each other through wireless to wire bridge ü Provides wireless access roaming best access point selection loading balance network traffic filtering included in wireless roaming function ü Provides 64bits 128bit...

Page 11: ...resses ü Allow administrators to block specific internalusers from accessing specified applications or services ü Allows external Internet users to access information from the internal target host by setting the Virtual Server ü Provides unrestricted two way communication between one PC on your LAN and certain Internet services such as conferencing video and gaming applications ü Enhances routing ...

Page 12: ...into the RJ45 Ethernet jack on your ADSL or Cable modem 2 Connect a PC which must have an Ethernet NIC Network Interface Card installed to one of the LAN Ports 3 Connect the external power supply to the Advanced Wireless 11g Router 4 The Reset button is used to reboot and re initialize the device press once quickly or for clearing configuration settings back to factory default values press for lon...

Page 13: ...gh this port 2 3 System Requirements and Setup To connect to the Internet an external ADSL or Cable modem and an Internet access account from an ISP is required In order to operate with the Advanced Wireless 11g Router each PC that is to be connected to the Advanced Wireless 11g Router should have the following things installed 1 Ethernet NIC Network Interface Card a 10Base T or 10 100Base T TX Et...

Page 14: ...Configuration tab Note For Windows 2000 Windows XP Setting Click the Local Area Connection icon on the lower right hand side of your desktop screen In the Local Area Connection Status window click the Properties button then your Network window will appear ...

Page 15: ...rotocol has already been installed onto your computer s Ethernet card Note that TCP IP Protocol can be installed for a computer s Dial Up Adapter as well as for the Ethernet card If yes go to step 7 If no click the Add button 3 Double click Protocol in the Select Network Component Type or highlight Protocol then click Add ...

Page 16: ...nstall TCP IP 5 After a few seconds you will be returned to the Network window The TCP IP Protocol should now be on the list of installed network components see 2 above 6 Click the Properties button The TCP IP Properties window consists of several tabs Choose the IP Address tab 7 Select Obtain an IP address automatically Click OK Restart your PC to complete the TCP IP installation ...

Page 17: ...ltiple users To set up computers with fixed IP Addresses go to the IP Address tab of the TCP IP Properties window as shown above Select Specify an IP address and enter 192 168 1 in the IP Address location where is a number between 2 and 254 used by the Advanced Wireless 11g Router to identify each computer and the default Subnet Mask 255 255 255 0 Note that no two computer on the same LAN can have...

Page 18: ...DNS IP Address obtained from your ISP in the Server Search Order location Then click the Add button Click on the Gateway tab and enter the Advanced Wireless 11g Router s default gateway value 192 168 1 1 in the New gateway field then click Add Botton Click OK Restart your PC to complete the TCP IP installation ...

Page 19: ...ur ISP Provided by some ISPs Host Name Domain Name IP address given by ISP Obtain IP Address automatically Static IP IP Address Subnet Mask Default Gateway DNS Server Primary DNS Server Secondary DNS Server Third PPP authentication PPPoE PPTP Login Name Password ________________ 3 2 Web based User Interface Your Advanced Wireless 11g Router is designed to use a Web based User Interface for configu...

Page 20: ...ll see when you access the Utility If the router has already been successfully installed and set up this screen s values will already be properly configured Host Name This entry is required by certain ISPs Domain Name This entry is required by certain ISPs Time Zone Select the time zone of your location from the drop down list ...

Page 21: ...same channel or the channel usage is automatic when a connection between client and access point are made WEP As the acronym for Wired Equivalent Privacy WEP is an encryption mechanismused to protect your wireless data communications WEP uses a combination of 64 bit 128 bit keys to encrypt data that is transmitted betweenall points in a wireless network to insure data security To code decode the d...

Page 22: ... Which connection type you need to choose may differ from ISPs as well as the service you applied for It depends on your ISP s assignment If you are unsure which connection type you currently use contact your ISP to obtain the correct information Obtain IP automatically It is the default option for the router If your ISP automatically assign a IP address and other values to the Advanced Wireless 1...

Page 23: ...ed by some ISPs It is a cost effective way for a user to access this connection type If your ISP provides PPPoE connectivity you should choose this item from the drop down list Note that if you select PPPoE please remove any existing PPPoE application on any PCs on your LAN User Name Enter the user name your ISP provides you Password Enter the password your ISP provides you Connect on demand It is...

Page 24: ...e user name your ISP provides you Password Enter the password your ISP provides you RAS Plan Choose the connection method that you want to use Connect on demand It is a utility used to trigger the RAS session when there is a packet being sent through the WAN port while it is on disconnected situation Check the radio button to make this function active and then you must enter the number of minutes ...

Page 25: ...u an Alcatel Speed TouchTM modem it is suggested that you enter the 10 0 0 138 in this column User Name Enter the user name provided by your ISP Password Enter the password provided by your ISP Connect on demand It is a utility used to trigger the PPTP session when there is packet being sent through the WAN port while it is on disconnected situation Check the radio button to make this function act...

Page 26: ...e radio button to make this function active and then you must enter the number of minutes you wish the network to remain idle before disconnection occurs in the Max Idle Time location Keep Alive This function keeps your HBS connection enable even if it remains idle However in some situation HBS session cannot be established immediately after disconnection This is because the system on the ISP s si...

Page 27: ...tiated by your LAN PCs Web Filter This feature provides options allowing you to filter any potential risk contained in some web technologies by individually checking Allow or Deny Web proxy is a server your device will connect to when you access any web site Setting web proxy can speed up access time but also can create other potential security issue For example if you configure the Wireless Secur...

Page 28: ...s Cancel Click this button if you are not satisfied with the settings in this page before clicking Apply 4 2 VPN Settings This page allows you to set configuration for Virtual Private Network Please choose Advanced VPN to get into the following screen Select Tunnel Entry When you wish to establish a Tunnel to transfer securitydata or informationbetween specific points you must first select a Tunne...

Page 29: ...ses 192 168 1 xxx will be able to access the tunnel When the Subnet setting is selected the default values of 0 should remain in theIP and Mask fields 2 IP Address 8 Selecting this item allows only the specific PC with the IP address you enter in the IP field to the tunnel Refer to the above figure as an example Only the PC with IP Address 192 168 1 101 will have the access from the local side of ...

Page 30: ...s selected the Router accepts remote requests from any IP address such as mobile users or telecommunications device using dynamic IP address Note that the router cannot initial VPN connection when Any is selected as Remote Security Group Remote Security Gateway Define the end point of VPN tunnel in the other side The remote VPN tunnel end point can be another VPN Router a VPN Server or a host with...

Page 31: ...tion functionby selecting Disable Key Management In addition to use the same encryption type both side of VPN tunnel should also share the same encryption Key This is necessary for proper encryption security and allows the encryption to function correctly By using the Key Management drop down list you can choose two of two methods to set the Encryption Key key Auto IKE or Manual Auto IKE With Auto...

Page 32: ... both ends of the VPN tunnel click the Connect button to initiate the VPN tunnel Once a connection is established the word Connected should appear under Status if the connection is successful Should the word Disconnected appear it is an indication that a problem exists preventing the successful creation of the tunnel In this case you should firstly ensure that your wiring is surely connected Next ...

Page 33: ...ncryption Select either DES or 3DES from the drop down list 3DES is default as it is the more secure option Authentication Select either MD5 or SHA from the drop down list SHA default as it is the more secure option Group Two Diffie Hellman Groups can be selected from the drop down list 768 bit and 1024 bit Diffie Hellman is a technique that uses public and private key for encryption and decryptio...

Page 34: ...eep the connection alive for a period of time Unauthorized IP Blocking Check the box will allows to block unauthorized IP addresses for a specified period of time after a specific number of IKE failures Entered the time period and failure level in the fields indicated Apply Click this button after making any changes for activating the settings Cancel Click this button to exit the screen without sa...

Page 35: ...User Guide 29 Ø Creating a tunnel between VPN router and VPN client with dynamic IP Address Once you are satisfied that your settings are correct click the Apply button Click the Cancel button to exit the screen without saving any ...

Page 36: ... DHCP option to Disable Starting IP Address Enter a numerical value from 2 to 254 for the DHCP server to start at when assigning IP Addresses Number of Users Enter the maximum number of PCs that you want the DHCP server to assign IP Addresses to with the absolute maximum being 253 Client Lease Time Enter the number of time that DHCP clients The PCs on LAN side can use the IP Addresses assigned by ...

Page 37: ...ate each other by name Enter the IP address of WINS server and it will be assigned to DHCP clients DHCP Clients Table Click the DHCP Clients Table button to show current DHCP client information Apply Click this button after making any changes for activating the settings Cancel Click this button if you are not satisfied with the settings in this page before clicking Apply 4 4 Web Control This featu...

Page 38: ... satisfied with the settings in this page before clicking Apply 4 5 ToD Control This feature allows you to limit connection availability according to a nominated time schedule Control Type Select the control type from the drop down list and make this function active Select Block Outbound to restrict the connection to the Internet from your LAN Select Block Inbound to restrict any external connecti...

Page 39: ...ol the access limitation should be assigned fixed IP Addresses Packet Filter Select the number of policy rules you want to configure There are up to 20 rules you can set Note that these rules are sequencied Rule 1 has higher priority than Rule 2 and so forth Name For each rule you can enter up to 15 characters to identify it Control Type Select Allow to limit users computers access to specific app...

Page 40: ...and their IP addresses matching in the IP Address field will be allowed blocked for certain applications Protocol Select the protocol type as ICMP TCP or UDP from the drop down list If you are not sure which one to choose select All Port Number Enter the range of port numbers that are used by the applications you wish to be blocked For example port 80 usually is used as destination port number whe...

Page 41: ...k computer server configured with a fixed IP Address Although the internal service addresses are not directly accessible to the external user the Wireless Security Router is able to identify the service requested by the service port number and redirects the request to the appropriate internal IP Address server To use this application it is recommended you use a fixed Public IP Address from your IS...

Page 42: ...t be able to access FTP server you set in the LAN side Setting FTP server at passive mode will be necessary Enable Disable Click to enable disable passive FTP function FTP Port Enter the port number 1024 that the FTP server will use as data connection port number The client side should select passive mode and use the same port number entered here Server IP Address Enter the appropriate IP Addresse...

Page 43: ... C Program Files Quake III Arena quake3 exe set net_port 27660 27661 second player Telnet Server TCP 23 Web Server TCP 80 UPnP Forwarding UPnP Universal Plug and Play is a standard introduced from Microsoft and UPnP Forum for interoperability Currently this function supported by this device allows you to set virtual server from Windows OS that supports UPnP such as Windows XP ...

Page 44: ...d IP Address In the One Page Setup screen ensure the Private IP Address is set to the Router s default setting of 192 168 1 1 If a fixed Public IP Address is to be used select Specify an IP address and enter the IP Address and other necessary information provided by your ISP UPnP Control Application Name UPnP has ten pre setting forwarding rules which are well known applications You can enter any ...

Page 45: ...re IP Address Enter the appropriate IP Addresses of the service computers in the Redirect IP Address locations Enable Check to make this forwarding setting active Apply Click this button after making any changes for activating the settings Cancel Click this button if you are not satisfied with the settings in this page before clicking Apply Example If the service port number 80 80 representing an ...

Page 46: ... it will allow the inbound packets with the Incoming Port Numbers that you set in the next column to pass through the Wireless Security Router Incoming Port Range Enter the port number or range numbers the inbound packets carry Apply Click this button after making any changes for activating the settings Cancel Click this button if you are not satisfied with the settings in this page before clickin...

Page 47: ...ress from your ISP Note that in order to provide unrestricted access the Firewall provided by the Wireless Security Router to protect this port is disabled thus creating a potentially serious security risk It is recommended that this application is disabled when it is not in use by entering 0 in the DMZ Host field The Multi DMZ allows you to map the public IP addresses to your LAN PCs should you g...

Page 48: ...dress and other necessary information provided by your ISP Click the DMZ Host option in the Advanced Menu and enter the fixed IP Address of the Exposed Host PC in the DMZ Host IP Address location Remember entering 0 will disable this application Multi DMZ 1 Enter the valid public IP address in WAN IP column Next enter the private IP address of the PC that you wish to map to in LAN IP field Up to f...

Page 49: ...sed by older routers Newer routers should use RIP 2 RIP 1 Compatible servers to broadcast RIP 1 and multicast RIP 2 RX From the drop down list select one of the routing information types RIP 1 or RIP 2 to enable the RX receive function Show Routing Table Click this button after clicking Apply to see current routing information Apply Click this button after making any changes for activating the set...

Page 50: ...eless Security Router through another router destination LAN Up to 20 route entries may be input into the Wireless Security Router The diagram below gives an example of the physical connections required to use Static Routing In the above diagram PC2 in LAN 2 is connected to the Wireless Security Router via another router while PC1 in LAN 1 is connected to the Wireless Security Router directly With...

Page 51: ...to the destination LAN For the above example enter 192 168 1 2 in the Default Gateway field Hop Count Enter the number of hops required between the LANs to be connected The Hop Count represents the cost of the routing transmission The default value is 1 Interface Choose LAN if the Destination LAN is on your Router s LAN side and choose WAN if the Destination LAN is on the Router s WAN side Show Ro...

Page 52: ... Active MAC Table shows the MAC addresses of wireless clients which have the same ESSID and WEP key with Wireless Security Router When the MAC Filter function is disabled the background color is gray Click the Active MAC Table button will display all MAC addresses of wireless nodes on your WLAN If the MAC Filter function is enabled and the MAC addresses showing in this table have been entered into...

Page 53: ...n t be blocked The MAC address entered here should be 12 continue alphanumeric digits without in between Click Apply to save these changes Beacon Interval It s the signal sent periodically by wireless access point to provide synchronization among the stations in wireless LAN RTS Threshold RTS packet is use to account for potential hidden stations This feature allows you to set the size of RTS pack...

Page 54: ...ly remember this numbering system so a system that allocate domain name such as www dyndns org provides an easier method If you type 66 37 215 53 or www dyndns org in the web browser s address bar the browser will show the same web page This is because both methods relate to the same web server The Domain Name Servers used to manage the Internet will translate www dyndns org into the IP Address 66...

Page 55: ...ll also issue you with a password Enter the detail in the Password field Host Name DynDNS org will provide you with a Host Name Enter this name in the Host Name field Your IP Address It displays the IP Address currently assigned by your ISP Status This displays the current status of the DDNS function Apply Click this button after making any changes for activating the settings Update After clicking...

Page 56: ... DHCP Addressing 5 1 Device Administration Settings This feature allows the administrator to manage the Wireless Security Router by setting certain parameters For security reasons it is strongly recommended that you set Passwords and so that only authorized persons are able to magage this Wireless Security Router If the Password is left blank all users on your network can access this router simply...

Page 57: ...ess than 64 characters long and without any special characters or spaces SNMP Function As with the Password SNMP community allows authorized persons to access this router through the SNMP Management tool The Wireless Security Router provides three fields to enter these communities The default words Public and Private are well known communities that allow authorized persons who know the IP Address ...

Page 58: ...ed requests from WAN side IPSec Pass Through Check the Enable to allow the IPSec packets to pass through the Wireless Security Router if there is LAN PC using IPSec for data communication with other Internet device PPTP Pass Through Check the Enable to allow the PPTP packets to pass through the Wireless Security Router if there is LAN PC using PPTP for data communication with other Internet device...

Page 59: ... you make a disconnection here Connect on demand will not function until the connection button is clicked Note that Login won t show any information if you selected Obtain IP automatically or Static IP on the OnePage Setup page Internet This section shows the IP settings status of the router as seen by external users of the Internet If you selected Get IP Address Automatically PPPoE or PPTP in the...

Page 60: ...y in the OnePage Setup Intranet This section displays the current Private IP Address and Subnet Mask of the router as seen by usersof your internal network DHCP Clients Table If the router is setup to act as a DHCP server the LAN side IP Address distribution table will appear by clicking this button 5 3 Log The Log application provides the administrator with the ability to trace Internet connectio...

Page 61: ... cannot be sent to the address above Log Schedule Select from the drop down list that when you wish the alert e mail will be send When Log is Full The alert e mail will be sent when log space is full They are about 30 entries Hourly The alert e mail will be sent by each hour Daily The alert e mail will be sent by each day at midnight Weekly The alert e mail will be sent by each week When this item...

Page 62: ...de Firmware This setting page allows you to upgrade the latest version firmware to keep your router up to date Before you upgrade the firmware you have to get the latest firmware and save it on the PC you use to configure the router Browse Browse To select a file to upgrade you have to enter path of the latest firmware you saved on the PC You can choose Browse to view the folders and select the fi...

Page 63: ...y selecting Router s private IP Address or from the WAN side by selecting Router s WAN IP Address Destination IP Enter the IP Address of destination device you want to ping If Router s LAN IP address is selected as Source IP you only can ping LAN side device and vice versa Packet Number Enter the packet numbers you wish to use to ping the destination device The maximum numbers are four Packet Size...

Page 64: ...ill show the numbers of sending packet numbers of packet receiving and the average return time Tracert Tracert Host Enter the IP Address of destination device that you wish to trace the route between Router and that device Trace Message The result shows the routing information between Router and destination device Tracert Click Tracert to start this test ...

Page 65: ...dy has TCP IP installed You may manually configure your computer with a fixed IP Address or have an IP Address dynamically assigned to it by the Advanced Wireless 11g Router s DHCP server 6 2 1 Dynamic IP Addressing using DHCP Server 1 From the Apple menu select Control Panel and click on TCP IP 2 In the TCP IP A New Name For Your Configuration window select Ethernet in the Connect via location fr...

Page 66: ...tings see Chapter 4 Advanced Applications 6 4 Adding Advanced Wireless 11g Router to Existing Network If the Advanced Wireless 11g Router is to be added to an existing Macintosh computer network the computers will have to be configured to connect to the Internet via the Advanced Wireless 11g Router 1 From the Apple menu select Control Panel and click on TCP IP 2 From the File menu select Configura...

Page 67: ...11g Wireless Security Router User Guide 61 Close the window 5 Click Confirm TCP IP is now configured for manual IP Addressing 6 Configure your Advanced Wireless 11g Router see 5 3 above ...

Page 68: ... 11g Router s default IP address of 192 168 1 1 3 3 Check also the Subnet Mask is set to 255 255 255 0 Q The DIAG LED stays lit The DIAG LED should light up when the device is first powered up to indicate it is checking for proper operation After a few seconds the LED should go off If it stays lit the device is experiencing a problem Please contact your dealer Q Why can t I configure the Advanced ...

Page 69: ...e ISPs such as Home require that their host name be specifically configured into your computer before you cansurf their local web pages If you are unable to access your ISP s home page enter your ISP s Domain Name into the OnePage Setup 3 3 to enable all computers in your LAN access to it If you only want to allow computers to access these home pages open the TCP IP Properties window 2 4 on these ...

Page 70: ...tatus Monitor 4 7 Q I get a time out error when I enter a URL or IP address A Check whether other computers work If they do ensure the computer s IP settings are correct IP Address Subnet Mask Gateway IP Address and DNS 3 3 Then check whether the Advanced Wireless 11g Router s settings are correct 3 3 ...

Page 71: ...Mb Ethernet Yes the Advanced Wireless 11g Router supports both 10Mb 100Mb Ethernet on the LAN side Q What is NAT and what is it used for The Network Address Translation NAT Protocol translates multiple IP Addresses on a private LAN into a single public IP Address that is accessible to the Internet NAT not only provides the basis for multiple IP Address sharing but also adds to the LAN s security s...

Page 72: ...SP If you want more E mail accounts you should contact your ISP or you can browse the Internet to apply for a free E mail account Q Can Internet users access LAN computers Advanced Wireless 11g Router uses NAT to router all in out packets All external users can only see the IP of the Advanced Wireless 11g Router but cannot access LAN computers The LAN computers are well protected with the Advanced...

Page 73: ...s and one uplink port on LAN Wireless access point Management Web based UI Management LED Display Power DIAG Enable Activity for Wireless interface Link Activity for both WAN and LAN port s Environment Operation Temperature 0 40 degrees C 32 104 degrees F Storage Temperature 20 60 degrees C 4 140 degrees F Humidity Operating 10 85 non condensing Storage 5 90 non condensing Dimension 122 L x 175 W ...

Page 74: ...Q257225 Basic IPSec Troubleshooting in Windows 2000 http support microsoft com support kb articles Q257 2 25 asp C 1 Environment Windows XP or Windows 2000 IP Address 140 111 1 2 Note ISP provided IP Address this is only an example Subnet Mask 255 255 255 0 Broadband VPN Router WAN IP Address 140 111 1 1 Note ISP provided IP Address this is only an example Subnet Mask 255 255 255 0 LAN IP Address ...

Page 75: ...t button 5 Click the Finishbutton making sure the Edit check box is checked C 2 2 Build 2 Filter Lists WinXPà Broadband VPN Router and Broadband VPN Routerà WinXP Filter List 1 WinXPà Broadband VPN Router 1 In the to_VPNRouter Properties deselect the Use Add Wizard check box and then click Add button to create a new rule ...

Page 76: ...appropriate name XPà Broadband VPN Router for the filter list deselect the Use Add Wizard check box and then click Add button 4 In the Source address area click My IP Address 5 In the Destination address field select A specific IP Subnet and fill in the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 ...

Page 77: ...nXP or Close for Win2000 button on the IP Filter List Window Filter List 2 Broadband VPN Routerà WinXP 1 On the IP Filter List tab click the Add button 2 Type an appropriate name Broadband VPN Routerà XP for the filter list click to clear the Use Add Wizard check box and then click Add 3 In the Source address area click A specific IP Subnet and fill in the IP ...

Page 78: ...tination address area click My IP Address 5 If you want to type a description for your filter click the Description tab 6 Click OK and then click OK C 2 3 Configure Individual Rule of 2 Tunnels Tunnel 1 WinXPà Broadband VPN Router 1 From the IP Filter List tab click the filter list XPà Broadband VPN Router ...

Page 79: ...the filter action Require Security and click the Edit button 3 Check that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPsec check box 4 Select the Session key Perfect Forward Secrecy PFS and remember to check ...

Page 80: ... PFS option on the Broadband VPN Router and then click the OK button 5 From the Authentication Methods tab click the Edit button 6 Change the authentication method to Use this string preshared key enter the string Test and then click the OK button ...

Page 81: ...Authentication method preference order Click the OK button to continue 7 From the Tunnel Setting tab click The tunnel endpoint is specified by this IP Address box and then type the WAN IP Address 140 111 1 1 Note ISP provided IP Address this is only an example of the Broadband VPN Router ...

Page 82: ...11g Wireless Security Router User Guide 76 8 Fromthe Connection Type tab select All network connections and then click the OK or Close button to finish this rule ...

Page 83: ... Tunnel 2 Broadband VPN Routerà WinXP 1 In the to_VPNRouter Properties deselect the Use Add Wizard check box and then click the Add button to create the second IP Filter 2 On the IP Filter List tab click the filter list Broadband VPN Routerà XP ...

Page 84: ...From the Filter Action tab click the filter action Require Security 4 From the Authentication Methods tab click the Edit button 5 Change the authentication method to Use this string preshared key enter the string Test and then click the OK button ...

Page 85: ...Preshared key will be displayed in Authentication method preference order Click the OK button to continue 6 From the Tunnel Setting tab click The tunnel endpoint is specified by this IP Address box and then type the Windows 2000 XP IP Address 140 111 1 2 ...

Page 86: ...11g Wireless Security Router User Guide 80 7 From the Connection Type tab select All network connections and then click the OK for WinXP or Close for Win2000 button to finish ...

Page 87: ...the Rules tab click the OK button to back to the secpol screen C 2 4 Assign New IPsec Policy 1 In the IP Security Policies on Local ComputerMMC snap in right click policy named to_VPNRouter and then click Assign A green arrow appears in the folder icon ...

Page 88: ...11g Wireless Security Router User Guide 82 ...

Page 89: ... Subscriber Line ADSL as it s name indicates is an asymmetrical data trasmission technology with higher traffic rate downstream and lower traffic rate upstream ADSL technology satisfies the bandwidth requirements of applications which demand asymmetric traffic such as web surfing file downloads and telecommuting Bandwidth The amount of data that can be transmitted in a fixed amount of time Browser...

Page 90: ...t it can no longer function normally For example a hacker may use fake IP addresses to accumulate numerious connections to flood the server he wants to attack DDNS DDNS is an acronym for Dynamic Domain Name Service It helps map the domain name of a host which has a dynamic public IP address to the IP address that is allocated each time the ISP assigns a new IP address DNS Short for Domain Name Ser...

Page 91: ...etwork to take advantage of sharing the wired networks resources such as files printers and Internet access IP Address An identifier for a computer or device on a TCP IP network Networks using the TCP IP Protocol route messages based on the IP Address of the destination The format of an IP address is a 32 bit numeric address written as four numbers separated by periods Each number can be from zero...

Page 92: ...Challenge Handshake Authentication Protocol Most ISPs use either one for user identification If your ISP doesn t support these two protocols contact your ISP for an authentication script PPP Short for Point to Point Protocol a communications protocol for transmitting information over standard telephone lines between devices from different manufacturers PPPoE Short for PPP over Ethernet relying on ...

Page 93: ... on the Internet to connect and exchange streams of data VPN VPN is an acronym for Virtual Private Network Via access control and encryption VPN brings the same security to data transmission through the Internet as if it being transmitted through a private network It not only takes advantage of economies of scale but also ensures high level security while the packet is sent over the large public n...