Planet Networking & Communication IVR-100, User Manual

Page 1: ...Industrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 1 Industrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 ...

Page 2: ...that may have occurred Information in this User s Manual is subject to change without notice and does not represent a commitment on the part of PLANET PLANET assumes no responsibility for any inaccuracies that may be contained in this User s Manual PLANET makes no commitment to update or keep current the information in this User s Manual and reserves the right to make improvements and or changes t...

Page 3: ...health as a result of the presence of hazardous substances in electrical and electronic equipment end users of electrical and electronic equipment should understand the meaning of the crossed out wheeled bin symbol Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately Trademarks The PLANET logo is a trademark of PLANET Technology This documentation may refer t...

Page 4: ...t Alarm Contact 19 2 1 5 Dimensions 21 2 2 Hardware Installation 22 2 2 1 DIN rail Mounting 22 2 2 2 Wall Mount Plate Mounting 23 2 2 4 Side Wall Mount Plate Mounting 25 Chapter 3 Preparation 26 3 1 Requirements 26 3 2 Setting TCP IP on your PC 26 3 2 1 Windows 7 8 26 3 2 2 Windows 10 30 3 3 Planet Smart Discovery Utility 33 Chapter 4 Web based Management 35 4 1 Introduction 35 4 2 Logging in to t...

Page 5: ... 1 Firewall 61 4 6 2 MAC Filtering 63 4 6 3 IP Filtering 64 4 6 4 Web Filtering 65 4 6 5 Port Forwarding 66 4 6 6 DMZ 67 4 7 VPN 68 4 7 1 IPSec 69 4 7 2 GRE 74 4 7 3 PPTP Server 76 4 7 4 L2TP Server 80 4 7 5 SSL VPN 85 4 7 6 VPN Connection 86 4 8 Maintenance 87 4 8 1 Administrator 87 4 8 2 Date and Time 88 4 8 3 Saving Restoring Configuration 89 4 8 4 Upgrading Firmware 90 4 8 5 Reboot Reset 90 4 ...

Page 6: ...mary concern for the enterprises To fulfill this demand PLANET has launched the IVR 100 Industrial VPN Security Gateway an all in one appliance that carries several main categories across your industrial network security deployments Cyber security SPI firewall security protection policy auditing Content Filtering VPN Tunnel and VLAN and easy management Setup Wizard QoS and Dashboard Furthermore it...

Page 7: ...ides complete data security and privacy for accessing and exchanging most sensitive data built in IPSec VPN function with DES 3DES AES encryption and MD5 SHA 1 SHA 256 SHA 384 SHA 512 authentication and GRE SSL PPTP and L2TP server mechanism The full VPN capability in the IVR 100 makes the connection solidly secure more flexible and more capable The IVR 100 supports many popular security features ...

Page 8: ...aged via any management software based on the standard SNMP protocol Improving Network Efficiency The IVR 100 has link redundancy content filtering and many more functions to make the entire network system perform better It is applicable to the small scale sector from 10 to 50 people using a compact industrial design with five Gigabit ports WAN LAN The IVR 100 s economical price with complete cabl...

Page 9: ...tem To facilitate transportation and industrial level applications the IVR 100 provides an integrated power solution with a wide range of voltages 9 48V DC for worldwide operability It also provides dual redundant reversible polarity 9 48V DC power supply inputs for high availability applications ...

Page 10: ...gh level of immunity against electromagnetic interference and heavy electrical surges typical of environments found on plant floors or in curb side traffic control cabinets The IVR 100 can operate stably under temperature range from 40 to 75 degrees C which enables the users to conveniently apply the device in almost any location of the network The IVR 100 is also equipped with a compact IP30 stan...

Page 11: ...fferent divisions With IPSec GRE PPTP L2TP SSL VPN solutions the IVR 100 provides secured data communication for branches vendors and mobile workers with a flexible way to connect back to the headquarters The IVR 100 connects dual WANs with up to two different ISPs It creates a stable and qualified VPN connection for many important applications such as VoIP video conferencing and data transmission...

Page 12: ...lt alarm for power input failure DC redundant power with reverse polarity protection 40 to 75 degrees C operating temperature IP Routing Feature Static Route Dynamic Route RIPv1 v2 Firewall Security Stateful Packet Inspection SPI firewall Blocks DoS DDoS attack Content filtering MAC IP filtering Blocks SYN ICMP flooding VPN Features IPSec Host to Host GRE PPTP server L2TP SSL Open VPN Max Connecti...

Page 13: ...ver NTP client MAC address clone DDNS PLANET DDNS PLANET Easy DDNS DynDNS and No IP Cybersecurity Others Setup wizard Dashboard for real time system overview Supported access by HTTP or HTTPS Auto reboot Configuration backup and restoration via remote USB port Firmware upgrade via remote USB port Event message logging to remote syslog server PLANET Smart Discovery utility UNI NMS supported ...

Page 14: ...on DIN rail wall mount or side wall mount design Connector Removable 6 pin terminal block Pin 1 2 for Power 1 Pin 3 4 for power fault alarm Pin 5 6 for Power 2 Alarm One relay output for power failure Alarm relay current carry ability 1A 24V AC Power Requirements 9 48V AC 1A max Power Consumption 9W max Weight 0 53kg Dimensions W x D x H 135 x 87 8 x 50 mm ESD Protection 6KV DC Software Management...

Page 15: ...PLANET Smart Discovery utility UNI NMS supported VPN VPN Function IPSec Host to Host GRE PPTP server L2TP SSL Open VPN VPN Tunnels Max 60 VPN Throughput Max 100Mbps VPN concurrent users Max 60 Encryption Methods DES 3DES AES or AES 128 192 256 encrypting Authentication Methods MD5 SHA 1 SHA 256 SHA 384 SHA 512 authentication algorithm Standards Conformance Regulatory Compliance CE FCC Stability Te...

Page 16: ... Specifications Operating Temperature 40 75 degrees C Relative Humidity 5 95 non condensing Storage Temperature 40 85 degrees C Relative Humidity 5 95 non condensing Standard Accessories Packet Contents IVR 100 x 1 Quick Installation Guide x 1 Wall mount Kit x 1 Dust Cap x 5 ...

Page 17: ...indicate that the port is successfully connecting to the network at 1000Mbps Off to indicate that the port is successfully connecting to the network at 10Mbps or 100Mbps Ports USB Port USB 3 0 port for system configuration backup and restoration Reset Button Power on the device and press the reset button for less than 5 seconds to reboot it or over 5 seconds to restore it to factory default settin...

Page 18: ...ock connector within two DC power inputs 2 1 3 Wiring the Power Inputs The 6 contact terminal block connector on the top panel of Industrial Gateway is used for two DC redundant power inputs Please follow the steps below to insert the power wire 1 Insert positive and negative DC power wires into contacts 1 and 2 for POWER 1 or 5 and 6 for POWER 2 ...

Page 19: ...erminal block should be in the range from 12 to 24 AWG 2 1 4 Wiring the Fault Alarm Contact The fault alarm contacts are in the middle of the terminal block connector as the picture shows below Inserting the wires the Industrial Gateway will detect the fault status of the power failure and then forms an open circuit The following illustration shows an application example for wiring the fault alarm...

Page 20: ...ndustrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 20 1 The wire gauge for the terminal block should be in the range between 12 and 24 AWG 2 Alarm relay circuit accepts up to 24V max 1A currents ...

Page 21: ...Industrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 21 2 1 5 Dimensions ...

Page 22: ...Gateway DIN rail mounting wall mounting and side wall mounting Basic knowledge of networking is assumed Please read the following sections and perform the procedures in the order being presented The device shown on this chapter is just a representation of the said device 2 2 1 DIN rail Mounting Step 1 Lightly slide the DIN rail into the track Step 2 Check whether the DIN rail is tightly on the tra...

Page 23: ...the cable to the LAN port of ISP network device such as a modem If there is only one line connected to the outer network in your network environment it is suggested that you use WAN port port 5 Step 5 Power on the device When the device receives power the Power LED should remain solid Green 2 2 2 Wall Mount Plate Mounting To install the Industrial Gateway on the wall please follow the instructions...

Page 24: ...hook holes at the corners of the wall mount plate to hang the Industrial Gateway on the wall Step 4 To remove the wall mount plate reverse the steps above Step 5 Proceed with Steps 3 4 and 5 in Section 2 2 1 DIN rail Mounting to connect the network cabling and power on the device ...

Page 25: ...the screws to remove the DIN rail Step 2 Place the wall mount plate on the side panel and use the screwdriver to screw the wall mount plate tightly on the Industrial Gateway Step 3 Use the hook holes at the corners of the wall mount plate to hang the Industrial Gateway on the wall Step 4 To remove the wall mount plate reverse the steps above Step 5 Proceed with Steps 3 4 and 5 in Section 2 2 1 DIN...

Page 26: ...r directly to ISP 2 Suggested operating systems Windows 7 8 10 3 Recommended web browsers IE Firefox Chrome 3 2 Setting TCP IP on your PC The default IP address of the VPN Gateway is 192 168 1 1 and the DHCP Server is on Please set the IP address of the connected PC as DHCP client and the PC will get IP address automatically from the VPN Gateway Please refer to the following to set the IP address ...

Page 27: ...Industrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 27 2 Click Change adapter settings 3 Right click on the Local Area Connection and select Properties ...

Page 28: ...Industrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 28 4 Select Internet Protocol Version 4 TCP IPv4 and click Properties or directly double click on Internet Protocol Version 4 TCP IPv4 ...

Page 29: ...Industrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 29 5 Select Use the following IP address and Obtain DNS server address automatically and then click the OK button ...

Page 30: ...PN Security Gateway IVR 100 30 3 2 2 Windows 10 If you are using Windows 10 please refer to the following 1 In the search box on the taskbar type View network connections and then select View network connections at the top of the list ...

Page 31: ...T VPN Security Gateway IVR 100 31 2 Right click on the Local Area Connection and select Properties 3 Select Internet Protocol Version 4 TCP IPv4 and click Properties or directly double click on Internet Protocol Version 4 TCP IPv4 ...

Page 32: ...Industrial 5 Port 10 100 1000T VPN Security Gateway IVR 100 32 4 Select Use the following IP address and Obtain DNS server address automatically and then click the OK button ...

Page 33: ...ng the Planet Smart Discovery Utility 1 Download the Planet Smart Discovery Utility in administrator PC 2 Run this utility as the following screen appears Figure 3 1 6 Planet Smart Discovery Utility Screen If there are two LAN cards or above in the same administrator PC choose a different LAN card by using the Select Adapter tool 3 Press the Refresh button for the currently connected devices in th...

Page 34: ... The functions of the 3 buttons above are shown below Update Device use current setting on one single device Update Multi use current setting on choose multi devices Update All use current setting on whole devices in the list The same functions mentioned above also can be found in Option tools bar 3 To click the Control Packet Force Broadcast function it allows you to assign a new setting value to...

Page 35: ...o the same hub switch and then launch a browser to link the management interface address which is set to http 192 168 1 1 by default The DHCP server of the VPN Gateway is enabled Therefore the LAN PC will get IP from the VPN Gateway If user needs to set IP address of LAN PC manually please set the IP address within the range between 192 168 1 2 and 192 168 1 254 inclusively and assigned the subnet...

Page 36: ...e displays the web panel main menu function menu and the main information in the center Figure 4 1 Main Web Page Web Panel The web panel displays an image of the device s ports as shown in Figure 4 2 Figure 4 2 Web Panel Object Icon Function Ethernet port To indicate the port without the RJ45 plug in To indicate network data is sending or receiving ...

Page 37: ...ure 4 3 Function Menu Object Description System Provides System information of the Gateway Network Provides WAN LAN and network configuration of the Gateway Security Provides Firewall and security configuration of the Gateway VPN Provides VPN configuration of the Gateway Maintenance Provides firmware upgrade and setting file restore backup configuration of the Gateway Figure 4 4 Function Button Ob...

Page 38: ...nitor system Figure 4 5 System Menu Object Description Wizard The Wizard will guide the user to configuring the Gateway easily and quickly Dashboard The overview of system information includes connection port and system status Status Display the status of the system LAN and WAN Statistics Display statistics information of network traffic of LAN and WAN Connection Status Display the DHCP client tab...

Page 39: ...via Setup Wizard as shown in Figure 4 6 Figure 4 6 Setup Wizard Step 1 LAN Interface Set up the IP Address and Subnet Mask for the LAN interface as shown in Figure 4 7 Figure 4 7 Setup Wizard LAN Configuration Object Description IP Address Enter the IP address of your Gateway The default is 192 168 1 1 Subnet Mask An address code that determines the size of the network Normally use 255 255 255 0 a...

Page 40: ...CP users are 101 which mean the Gateway will provide DHCP client with IP address from 192 168 1 100 to 192 168 1 200 when the start IP address is 192 168 1 100 Next Press this button to the next step Cancel Press this button to undo any changes made locally and revert to previously saved values Step 2 WAN Interface The Gateway supports two access modes on the WAN side shown in Figure 4 8 Figure 4 ...

Page 41: ...ur ISP Each IP address entered in the fields must be in the appropriate IP form which are four octets separated by a dot x x x x The Gateway will not accept the IP address if it is not in this format The setup is shown in Figure 4 10 Figure 4 10 WAN Interface Setup Static IP Setup Object Description IP Address Enter the IP address assigned by your ISP Netmask Enter the Netmask assigned by your ISP...

Page 42: ...button to undo any changes made locally and revert to previously saved values Mode 2 DHCP Client Select DHCP Client to obtain IP Address information automatically from your ISP The setup is shown in Figure 4 11 Figure 4 11 WAN Interface Setup DHCP Setup Step 3 Security Setting Set up the Security Settings as shown in Figure 4 12 Figure 4 12 Setup Wizard Security Setting ...

Page 43: ...ignal on the Internet There are two normal attack ways which hackers like to use Ping of Death and Smurf attack The default configuration is disabled Block WAN Ping Enable the function to allow the Ping access from the Internet network The default configuration is disabled Remote Management Enable the function to allow the web server access of the Gateway from the Internet network The default conf...

Page 44: ... 5 Port 10 100 1000T VPN Security Gateway IVR 100 44 Figure 4 13 Setup Wizard Setup Completed Object Description Finish Press this button to save and apply changes Previous Press this button for the previous step ...

Page 45: ...g connection port and system status as shown in Figure 4 14 Figure 4 14 Dashboard WAN LAN Connection Status Object Description The status means WAN is connected to Internet and LAN is connected The status means WAN is disconnected to Internet and LAN is connected The status means WAN is connected to Internet and LAN is disconnected Port Status ...

Page 46: ...thernet port is in use Ethernet port is not in use USB port is in use USB port is not in use System Information Object Description CPU Display the CPU loading Memory Display the memory usage 4 4 3 Status This page displays system information as shown in Figure 4 15 Figure 4 15 Status ...

Page 47: ... 4 Statistics This page displays the number of packets that pass through the Gateway on the WAN and LAN The statistics are shown in Figure 4 16 Figure 4 16 Statistics 4 4 5 Connection Status The page will show the DHCP Table and ARP Table Figure 4 17 Connection Status ...

Page 48: ...rite Community Allows entering characters for SNMP Read Write Community of the Gateway System Name Allows entering characters for system name of the Gateway System Location Allows entering characters for system location of the Gateway System Contact Allows entering characters for system contact of the Gateway Apply Settings Press this button to save and apply changes Cancel Changes Press this butt...

Page 49: ... 4 19 Figure 4 19 Network Menu Object Description WAN Setup Allows setting WAN interface WAN Advanced Allows setting WAN Advanced settings LAN Setup Allows setting LAN interface Routing Allows setting Route IPv6 Allows setting IPv6 WAN interface DHCP Allows setting DHCP Server DDNS Allows setting DDNS and PLANET DDNS MAC Address Clone Allows setting WAN MAC Address Clone ...

Page 50: ...ss Type for the Internet and fill out the correct parameters from your local ISP in the fields which appear below Static Select Static IP Address if all the Internet ports IP information is provided to you by your ISP Internet Service Provider You will need to enter the IP address Netmask Gateway and DNS Server provided to you by your ISP Each IP address entered in the fields must be in the approp...

Page 51: ...m your ISP WAN IP whether obtained automatically or specified manually should NOT be on the same IP net segment as the LAN IP otherwise the Gateway will not work properly In case of emergency press the hardware based Reset button 4 5 2 WAN Advanced This page is used to configure the advanced parameters for Internet area network which connects to the WAN port of your Gateway as shown in Figure 4 21...

Page 52: ...nk up The recommended value is 8 default Detect Link Down Threshold Set the times for detecting link down The recommended value is 3 default Custom Detect Host The host is used to check whether the internet connection is alive or not 4 5 3 LAN Setup This page is used to configure the parameters for local area network which connects to the LAN port of your Gateway as shown in Figure 4 22 Here you m...

Page 53: ... a remote router or other network gateway that the local router is configured to recognize For each IP address the routing table additionally stores a network mask and other data that specifies the destination IP address ranges that remote device will accept Object Description Type There are two types Host and Net When the Net type is selected user does not need to input the Gateway Destination Th...

Page 54: ...n 4 5 5 WAN IPv6 Setting This page is used to configure parameter for IPv6 internet network which connects to WAN port of the Gateway as shown in Figure 4 25 It allows you to enable IPv6 function and set up the parameters of the Gateway s WAN In this setting you may change WAN connection type and other settings Figure 4 25 IPv6 WAN setup Object Description Connection Type Select IPv6 WAN type eith...

Page 55: ...lt the DHCP Server is enabled meaning the Gateway will assign IP addresses to the DHCP clients automatically If user needs to disable the function please set it as disable Start IP Address By default the start IP address is 192 168 1 100 Please do not set it to the same IP address of the Gateway Maximum DHCP Users By default the maximum DHCP users are 101 meaning the Gateway will provide DHCP clie...

Page 56: ...R 100 56 Object Description Lease Time Set the time for using one assigned IP After the lease time the DHCP client will need to get new IP addresses from the Gateway Default is 1440 minutes Domain Name Input a domain name for the Gateway Default is Planet ...

Page 57: ... DDNS services One is PLANET DDNS and the other is PLANET Easy DDNS as shown in Figure 4 27 PLANET DDNS For example you ve just installed a PLANET IP camera with dynamic IP like 210 66 155 93 in the network You can name this device as Mycam1 and register a domain as Mycam1 planetddns com at PLANET DDNS http www planetddns com Thus you don t need to memorize the exact IP address but just the URL li...

Page 58: ...at please first register with the DDNS service and set up the domain name of your choice to begin using it Easy DDNS When the PLANET DDNS service is activated user is able to select to enable or disable Easy DDNS When this function is enabled DDNS hostname will appear automatically User doesn t go to http www planetddns com to apply for a new account User Name The user name is used to log into DDN...

Page 59: ...5 8 MAC Address Clone Clone or change the MAC address of the WAN interface The setup is shown in Figure 4 28 Figure 4 28 MAC Address Clone Object Description Clone WAN MAC Set the function as enable or disable MAC Address Input a MAC Address such as A8 F7 E0 00 06 62 ...

Page 60: ...29 Please refer to the following sections for the details Figure 4 29 Security menu Object Description Firewall Allows setting DoS Denial of Service protection as enable MAC Filtering Allows setting MAC Filtering IP Filtering Allows setting IP Filtering Web Filtering Allows setting Web Filtering Port Range Forwarding Allows setting Port Forwarding DMZ Allows setting DMZ ...

Page 61: ... Firewall The SPI Firewall prevents attack and improper access to network resources The default configuration is enabled Block SYN Flood SYN Flood is a popular attack way DoS and DDoS are TCP protocols Hackers like using this method to make a fake connection that involves the CPU memory and so on The default configuration is enabled Block FIN Flood If the function is enabled when the number of the...

Page 62: ...ack The default configuration is disabled IP TearDrop If the function is enabled the Gateway will block Teardrop attack that is targeting on TCP IP fragmentation reassembly codes Ping Of Death If the function is enabled the Gateway will block Ping of Death attack that aims to disrupt a targeted machine by sending a packet larger than the maximum allowable size causing the target machine to freeze ...

Page 63: ...he function is enabled the Gateway will block traffic of the MAC address on the list Interface Select the function works on LAN WAN or both If you want to block a LAN device s MAC address please select LAN vice versa MAC Address Input a MAC address you want to control such as A8 F7 E0 00 06 62 Add When you input a MAC address please click the Add button to add it into the list Remove If you want t...

Page 64: ...ure 4 32 IP Filtering Object Description IP Filtering Set the function as enable or disable Add IP Filtering Rule Go to the Add Filtering Rule page to add a new rule Figure 4 33 IP Filter Rule Setting Object Description Enable Set the rule as enable or disable Source IP Address Input the IP address of LAN user such as PC or laptop which you want to control Anywhere of source IP Address Check the b...

Page 65: ...CP UDP or all If you are unsure please leave it to the default all protocol 4 6 4 Web Filtering Web filtering is used to deny LAN users from accessing the internet as shown in Figure 4 34 Block those URLs which contain keywords listed below Figure 4 34 Web Filtering Object Description Web Filtering Set the function as enable or disable Add Web Filtering Rule Go to the Add Web Filtering Rule page t...

Page 66: ...orwarding Object Description Port Forwarding Set the function as enable or disable Add Port Forwarding Rule Go to the Add Port Forwarding Rule page to add a new rule Figure 4 37 Port Forwarding Rule Setting Object Description Rule Name Enter any words for recognition Protocol Select the protocol type TCP UDP or both If you are unsure please leave it to the default both protocols External Service P...

Page 67: ...unauthorized access to its local private network as shown in Figure 4 38 Typically the DMZ host contains devices accessible to Internet traffic such as Web HTTP servers FTP servers SMTP e mail servers and DNS servers Figure 4 38 DMZ Object Description DMZ Set the function as enable or disable If the DMZ function is enabled it means that you set up DMZ at a particular computer to be exposed to the ...

Page 68: ...he enterprise to utilize the Internet as a means of transferring data across the network it forms one of the most effective and secure options for enterprises to adopt in comparison to other methods The Maintenance menu provides the following features for managing the system as Figure 4 39 is shown below Figure 4 39 VPN Menu Object Description IPsec Allows setting IPsec function GRE Allows setting...

Page 69: ...It allows users to have an encrypted network session by standard IKE Internet Key Exchange We strongly encourage you to use IPSec only if you need to because of interoperability purposes When IPSec lifetime is specified the device can randomly refresh and identify forged IKE s during the IPSec lifetime This page will allow you to modify the user name and passwords as shown in Figure 4 40 Figure 4 ...

Page 70: ...Check the box to enable the function Tunnel Name Enter any words for recognition Interface This is only available for host to host connections and specifies to which interface the host is connecting 1 WAN 1 2 WAN 2 Local Network The local subnet in CIDR notation For instance 192 168 1 0 Local Netmask The netmask of this Gateway ...

Page 71: ...ype 1 Main 2 Aggressive ISAKMP It provides the way to create the SA between two PCs The SA can access the encoding between two PCs and the IT administrator can assign to which key size or Preshare Key and algorithm to use The SA comes in many connection ways 1 AES All using a 128 bit 192 bit and 256 bit key AES is a commonly seen and adopted nowadays 2 3DES Triple DES is a block cipher formed from...

Page 72: ...bits 4 SHA2 Either 256 384 or 512 can be chosen 5 MD5 Algorithm MD5 processes a variably long message into a fixed length output of 128 bits ESP Keylife You can specify how long ESP packets are valid Perfect Forward Secrecy PFS Set the function as enable or disable Example Establishing the IPSec VPN connection between two VPN Gateways Follow the steps below for setting up the Gateways 1 Go to the ...

Page 73: ...dress 7 Input the Remote Host IP Address as another Gateway s public WAN IP address 8 Input the Remote Network and Netmask as another Gateway s LAN IP address 9 Input the Preshare Key as the same as the one set on both Gateways 10 Set the IKE Setting It should be the same as the other Gateway 11 Click Apply Settings button to save changes 12 Go back to the VPN IPsec page The status shows Connected...

Page 74: ...eway IVR 100 74 4 7 2 GRE This section assists you in setting the GRE Tunnel as shown in Figure 4 42 Figure 4 42 GRE Object Description GRE Tunnel Set the function as enable or disable Add GRE Tunnel Go to the Add GRE Tunnel page to add a new tunnel ...

Page 75: ...t connections and specifies to which interface the host is connecting 1 LAN 2 WAN 1 3 WAN 2 Peer WAN IP Address Input the IP address of the remote host For instance 210 66 1 10 Peer Netmask The remote subnet in CIDR notation For instance 210 66 1 0 24 Peer Tunnel IP Address Input the Tunnel IP address of remote host Local Tunnel IP Address Input the Tunnel IP address of remote host Local Netmask I...

Page 76: ...e to Site VPN where the channel can have equally good results from different methods with IPSec The PPTP server is shown in Figure 4 44 Figure 4 44 PPTP server Object Description PPTP Server Set the function as enable or disable Broadcast Enter any words for recognition Force MPPE Encryption Set the encryption as enable or disable CHAP Set the authentication as enable or disable MSCHAP Set the aut...

Page 77: ...t the IP address of the PPTP Server For instance 192 168 10 1 Clients IP Address Start End When the VPN connection is established the VPN client will get IP address from the VPN Server Please set the range of IP Address For instance the start IP address is 192 168 10 10 the end IP address is 192 168 10 100 User and Password Create the username and password for the VPN client Example Establishing t...

Page 78: ... the Server IP Address as the Gateway s another subnet address 4 Input Clients IP Address Start and Clients IP Address End 5 Create an account Enter Username and Password 6 Click Apply Settings button to save changes Follow the following steps for setting up PPTP VPN client 1 Go to the Network WAN page ...

Page 79: ... 3 Input the Server as the VPN Server Gateway s public WAN IP address 4 Input the same Username and Password as the one set on the VPN Server Gateway 5 Go to the System Status page to check the Connection Type and IP Address Make sure the VPN client Gateway gets the VPN Server s subnet IP address ...

Page 80: ...s enable or disable Server IP Address Input the IP address of the L2TP Server For instance 192 168 50 1 Clients IP Address Start End When the VPN connection is established the VPN client will get IP address from the VPN Server Please set the range of IP Address For instance the start IP address is 192 168 50 100 the end IP address is 192 168 50 200 With IPsec Set the function as enable to make the...

Page 81: ...can achieve an algorithm up to 160 bits 4 SHA2 Either 256 384 or 512 can be chosen 5 MD5 Algorithm MD5 processes a variably long message into a fixed length output of 128 bits 6 DH Group Either 1 2 5 14 15 16 17 or 18 can be chosen IKE SA Lifetime You can specify how long IKE packets are valid ESP It offers AES 3 DES SHA 1 SHA2 and MD5 1 AES All using a 128 bit 192 bit and 256 bit key AES is a com...

Page 82: ...ay 1 Connect the VPN Gateway to internet by the Wizard 2 Go to the System Status page to check the WAN IP address Make sure the VPN Gateway gets public IP address successfully 3 Go to the VPN L2TP page Set the L2TP Server as enable input the Server IP Address as the VPN Gateway s public WAN IP address and other necessary information ...

Page 83: ...VPN settings of your mobile phone Here we use iPhone as the example please go to the Settings VPN page click the Add VPN Configuration Note that the VPN settings might be different from each OS of mobile phone if you do not know how to configure it please contact with the dealer of mobile phone 5 Input the necessary information ...

Page 84: ...ver should be the WAN IP of VPN Gateway the account should be the L2TP User of VPN Gateway the Password should be the L2TP Password of VPN Gateway and the Secret should be the L2TP Preshare Key of VPN Gateway 6 Slide the Status slider to Connecting it will start to connect to the VPN server When the VPN connection is established the Status will show Connected ...

Page 85: ...00 1000T VPN Security Gateway IVR 100 85 4 7 5 SSL VPN This section assists you in setting the SSL Server as shown in Figure 4 46 Figure 4 46 SSL Server Object Description SSL VPN Server Set the function as enable or disable ...

Page 86: ...etwork Mask The netmask of the VPN Encryption Cipher There are four encryption types None AES 128 CBC AES 192 CBC or AES 256 CBC Hash Algorithm There are five types of Hash Algorithm None SHA1 SHA1 SHA512 or MD5 Export client ovpn Export a configuration for the SSL client User is able to upload it to VPN client such as Open VPN software 4 7 6 VPN Connection This page shows the VPN connection statu...

Page 87: ...guration to local or USB sticker Restore the Gateway s configuration from local or USB sticker Firmware Upgrade Upgrade the firmware from local or USB storage Reboot Reset Reboot or reset the system Auto Reboot Allows setting auto reboot schedule Diagnostics Allows you to issue ICMP PING packets to troubleshoot IP 4 8 1 Administrator To ensure the Gateway s security is secure you will be asked for...

Page 88: ...ssists you in setting the system time of the Gateway You are able to either select to set the time and date manually or automatically obtain the GMT time from Internet as shown in Figure 4 49 Figure 4 49 Date and Time Object Description Current Time Show the current time User is able to set time and date manually Time Zone Select Select the time zone of the country you are currently in The Gateway...

Page 89: ...tus of the configuration You may save the setting file to either USB storage or PC and load the setting file from USB storage or PC as Figure 4 50 is shown below Figure 4 50 Save Restore Configuration Save Setting to PC Object Description Configuration Export Press the button to save setting file to PC Configuration Import Press the button to select the setting file and then press the button to up...

Page 90: ...rom the Gateway please press the button first 4 8 4 Upgrading Firmware This page provides the firmware upgrade of the Gateway as shown in Figure 4 51 Figure 4 51 Firmware upgrade Object Description Choose File Press the button to select the firmware Upgrade Press the button to upgrade firmware to system 4 8 5 Reboot Reset This page enables the device to be rebooted from a remote location Once the ...

Page 91: ... to keep the current network profiles and reset all other configurations to factory defaults 4 8 6 Diagnostics The page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues After you have pressed Ping ICMP packets will be transmitted and the sequence number and roundtrip time will be displayed upon reception of a reply The Page refreshes automatically until responses to all...

Page 92: ...ace of the Gateway Target Host The destination IP Address or domain Number of Packets Set the number of packets that will be transmitted the maximum is 100 Ping The time of ping Be sure the target IP address is within the same network subnet of the Gateway or you have to set up the correct gateway IP address ...

Page 93: ...pplication Configuring PLANET DDNS steps Step 1 Visit DDNS provider s web site and register an account if you do not have one yet For example register an account at http planetddns com Step 2 Enable DDNS option through accessing web page of the device Step 3 Input all DDNS settings ...