QNO 2WAN 3LAN, User Manual

Page 1: ...er s Manual 2 2 2 2WAN WAN WAN WAN 3 3 3 3LAN LAN LAN LAN VPN VPN VPN VPN QoS Security Router QoS Security Router QoS Security Router QoS Security Router Load Balance Bandwidth Management VPN and Network Security ...

Page 2: ... materials or electronic file are protected by copyright of our country clauses of international copyright and other regulations of intellectual property When the user copies the Manual this statement of intellectual property must also be copied and indicated Otherwise Qno regards it as tort and relevant duty will be prosecuted as well 2 Scope of Authority of Manual The user may install use displa...

Page 3: ...ow more about the updated information of the product please visit Qno official website 4 6 Qno and or distributors hereby declares that no liability will be born for any guarantee and condition of the corresponding information The guarantee and condition include tacit guarantee and condition about marketability suitability for special purposes ownership and non infringement The name of the compani...

Page 4: ...s 8 3 2 5 Firewall Setting Status 8 3 2 6 VPN Setting Status 9 3 3 General Setting 9 3 3 1 Configure 9 3 3 2 Dual WAN 14 3 3 3 QoS 21 3 3 4 Password 29 3 3 5 Time 30 IV Advanced Configuration 33 4 1 DMZ Host Demilitarized Zone 33 4 2 Forwarding 34 4 3 UPnP Universal Plug and Play 37 4 4 Routing 39 4 5 One to One NAT 40 4 6 DDNS Dynamic Domain Name Service 42 4 7 MAC Clone 44 4 8 DHCP IP Issuing Se...

Page 5: ... 63 7 1 Display All VPN Summary 63 7 2 Gateway to Gateway VPN 66 7 2 1 Tunnel Setup 67 7 2 2 IPSec Setup 75 7 2 3 VPN Advanced 78 7 3 Client to Gateway Group VPN 79 7 4 PPTP Setting 81 7 5 VPN Pass Through 83 VIII QVM VPN Function Setup 85 IX Log Configuration 87 9 1 System Log 87 9 2 System Statistics 89 9 3 Traffic Statistic 90 9 4 Specific IP Port Status 92 X Logout 96 Appendix I VPN setting Sa...

Page 6: ... accept other QVM series products from client ports VPN QoS Router also has unique QVM VPN SmartLink IPSec VPN Just input VPN server IP user name and password and IPSec VPN will be automatically set up Through VPN QoS Router exclusive QVM function users can set up QVM to work as a server and have it accept other QVM series products from client ports QVM offers easy VPN allocation for users users c...

Page 7: ...bps Green LED off Ethernet is running at 10Mbps Connect Green Green LED on WAN is connected and gets the IP address Reset Action Description Press Reset Button For 5 Secs Warm Start DIAG indicator Amber LED flashing slowly Press Reset Button Over 10 Secs Factory Default DIAG indicator Amber LED flashing quickly System Built in Battery A system timing battery is built into VPN QoS Router The lifesp...

Page 8: ... Users can rack mount the device onto the chassis Please refer to the figure below for the installation onto a 19 rack Attention In order for the device to run smoothly wherever users install it be sure not to obstruct the vent on each side of the device Keep at least 10cm space in front of both the vents for air convection 2 2 VPN QoS Router Network Connection WAN connection A WAN port can be con...

Page 9: ...r 4 Users can use servers for monitoring or filtering through the port after Physical Port Mangement configuration is done DMZ The DMZ port can be connected to servers that have legal IP addresses such as Web servers mail servers etc ...

Page 10: ... setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to VPN QoS Router Press Reset button for more than 10 sec all the setting will return to default 3 2 Home Page In the Home page all the device parameters and status are listed for users reference For detailed settings click each parameter or statu...

Page 11: ...ion CPU Central Processing Unit Indicates the device CPU model No Intel IXP425 533MHz System active time Indicates how long the device has been running Current Time Indicates the device present time but you have to pay attention to set the synchronous time with that of the romote NTP server and then the time will be shown correctly 3 2 2 Port Statistics ...

Page 12: ...ion Click the hyperlink to enter and manage the configuration When Obtain an IP automatically is selected two buttons Release and Renew will appear on the right of the page Click Release to release the IP that is issued by the ISP and click Renew to refresh the IP that is issued by the ISP If a WAN connection such as PPPoE or PPTP is selected Disconnect and Connect will appear on the page WAN 2 DM...

Page 13: ...n Name Service Indicates if Dynamic Domain Name is activated Click the hyperlink to enter and manage the configuration The default configuration is Off 3 2 5 Firewall Setting Status SPI Stateful Packet Inspection Indicates whether SPI Stateful Packet Inspection is on or off Click the hyperlink to enter and manage the configuration The default configuration is Off DoS Denial of Service Indicates if...

Page 14: ... configuration Tunnel s Used Indicates number of tunnels that have been configured in VPN Virtual Private Network Tunnel s Available Indicates number of tunnels that are available for VPN Virtual Private Network 3 3 General Setting General Setting provides basic VPN QoS Router Internet connection setting For most users it s enough to go to Internet after making basic setting without doing any chan...

Page 15: ...is 255 255 255 0 Now it can support to the IP Class C network and also it can be changed according to the actual network structure Dual WAN DMZ Setting It provides a configurable WAN 2 or DMZ port First choose this port as the second WAN port or define it as DMZ mode and then keep doing the following setting DMZ Setting For some network environments an independent DMZ port may be required to set u...

Page 16: ...ers have to separate the 16 IP addresses into two groups 220 243 230 1 8 with Mask 255 255 255 248 and 220 243 230 9 16 with Mask 255 255 255 248 and then set the device and the gateway in the same group with the other group in the DMZ Range DMZ and WAN within same Subnet IP Range for DMZ port Put IP range in DMZ port After the changes are completed click Apply to save the configuration or click C...

Page 17: ...introduction for selection of appropriate configurations Users can also set up their own DNS IP address Use the Following DNS Server Address Check the options and input the user defined DNS IP addresses Static IP If ISP issue a static IP such as one IP or eight IPs etc please select this connection mode and follow the steps below to input the IP numbers issued by ISP into the relevant boxes Attent...

Page 18: ...ical fiber users please input the optical fiber switching IP Domain Name Server DNS Input the DNS IP address issued by ISP At least one IP group should be input The maximum acceptable is two IP groups Point to Point Protocol over Ethernet This option is for an ADSL virtual dial up connection suitable for ADSL PPPoE Input the user connection name and password issued by ISP Then use the PPP Over Eth...

Page 19: ...e system will break the connection automatically The default time for automatic break off resulting from no packet transmissions is five minutes Keep Alive This function enables the PPPoE dial connection to keep connected and to automatically redial if the line is interrupted It also enables a user to set up a time for redialing The default is 30 seconds After the changes are completed click Apply...

Page 20: ...rk service detection The default is five times If there is no feedback from the Internet in the configured Retry Times it will be judged as External Connection Interrupted Retry Timeout Delay time for external connection detection latency The default is 30 seconds After the retry timeout external service detection will restart When Fail 1 Generate the Error Condition in the System Log If an ISP co...

Page 21: ... the WAN connections fails and the traffic going through this WAN to the destination IP should go through the other WAN to reach the destination In this way when any of the WAN connections is broken other WANs can serve as a backup traffic can be shifted to a WAN that is still connected Detecting Feedback Servers Default Gateway The local default communication gateway location such as the IP addre...

Page 22: ...works before you click apply button Bandwidth Automatic load balance ratio will be made according to the upstream bandwidth users input for the two WAN ports For instance if the upstream bandwidth for both WANs is 512Kbit sec the automatic balance ratio will be 1 1 If one WAN upstream bandwidth is 1024Kbit sec while the other is 512Kbit sec the automatic balance ratio will be 2 1 Therefore to ensu...

Page 23: ...e default Service Ports on the option list Source IP Users can assign packets of specific Intranet virtual IP to go through a specific WAN port for external connection In the boxes here input the Intranet virtual IP address range for example if 192 168 1 100 150 is input the binding range will be 100 150 If only specific Service Ports need to be designated while specific IP designation is not nece...

Page 24: ...t required input 0 into the IP boxes Interface Select the WAN for which users want to set up the binding rule Enable To activate the rule Add To List To add this rule to the list Delete selected application To remove the rules selected from the Service List Apply Click Apply to save the modification Cancel Click Cancel to leave without making any change but only it works before you click apply but...

Page 25: ...vate Port range In the boxes input the range of Service Ports users want to add Add To List Click the button to add the configuration into the Services List Users can add up to 100 services into the list Delete selected service To remove the selected activated Services Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification This only works be...

Page 26: ...ons according to the data users input In other words it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and WAN2 For example if the upstream bandwidths of both WAN1 and WAN2 are 512Kbit Sec the total upstream bandwidth will be WAN1 WAN2 1024Kbit Sec Therefore if there are 50 IPs in the Intranet the minimum guaranteed...

Page 27: ...2WAN 3LAN VPN QoS Security Router 22 In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of connection requests session control will restrict that as well ...

Page 28: ...ble to make a new connection for five minutes Even if the previous connection has been closed new connections cannot be made until the setting time ends If this function is selected when the user s port connections reach the limit all the lines that this user is connected with will be removed and the user will not be able to connect with the Internet for five minutes New connections cannot be made...

Page 29: ...odification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked QoS Configuration There are two options for bandwidth management one is Rate Control the other is Priority Control The two kinds of management cannot be used at the same time Network administrators must choose one or the other based on the Intranet needs Rate Control The network administra...

Page 30: ...controlled select All TCP UDP 1 65535 If only FTP uploads or downloads need to be controlled select FTP Port 21 21 Refer to the Default Service Port Number List IP This is to select which user is to be controlled If only a single IP is to be restricted input this IP address such as 192 168 1 100 to 100 The rule will control only the IP 192 168 1 100 If an IP range is to be controlled input the ran...

Page 31: ...ayers inside the café will not be affected Min Max Rate Kbit Sec The minimum bandwidth The rule is to guarantee minimum available bandwidth The maximum bandwidth This rule is to restrict maximum available bandwidth The maximum bandwidth will not exceed the limit set up under this rule Attention The unit of calculation used in this rule is Kbit Some software indicates download upload speed by the u...

Page 32: ...will be moved to the bottom of the list The rules for certain IPs would then be moved upward Delete selected application To remove the rules selected from the Service List Show Table This will display all the Rate Control Rules users made for the bandwidth Click Edit to modify Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification This only ...

Page 33: ...the download bandwidth for Intranet IP Server in LAN Upstream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are web sites built in the Intranet this option is to control the upload bandwidth for the connections from outside to this Server For example game ...

Page 34: ...rvice List Show Table This will display all the Priority Rules users made for the bandwidth Click Edit to modify Apply Click Apply to save the configuration Cancel Click Cancel to leave without making any change 3 3 4 Password This is an advanced management tool for the device The default password of the host is admin Users can change the password after configuration has been completed Remember to...

Page 35: ... embedded NTP Server synchronization function or set up a time reference This function enables users to know the exact time of event occurrences that are recorded in the System Log and the time of closing or opening access for Internet resources Configuring Automatic Synchronize With NTP Function Select the time zone from the Time Zone pull down option list If there is Daylight Saving Time in the ...

Page 36: ...2WAN 3LAN VPN QoS Security Router 31 Input Date and Time Manually Input the correct date and time in the boxes ...

Page 37: ...2WAN 3LAN VPN QoS Security Router 32 After the changes are completed click Apply to save the configuration or click Cancel to leave without making any changes ...

Page 38: ...militarized Zone When the NAT mode is activated sometimes users may need to use applications that do not support virtual IP addresses such as network games We recommend that users map the device actual WAN IPs directly to the Intranet virtual IPs as follows If the DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be clo...

Page 39: ...erver directly In the configuration page if a web server address such as 192 168 1 2 and the Port 80 have been set up in the configuration this web page will be accessible from the Internet by keying in the device actual IP address such as http 220 130 188 45 This is VPN QoS Router legal IP address At this moment the device actual IP will be converted into 192 168 1 2 by Port 80 to access the web ...

Page 40: ...e this function Service Management Add or remove service ports from the list of service ports Add to list Add to the active service content Add or Remove Service Ports The services in the list mentioned above are frequently used services If the service users want to activate is not in the list we recommend that users use Service Management to add or remove ports as follows ...

Page 41: ...to add the configuration into the Services List Users can add up to 100 services into the list Delete selected service To remove the selected activated Services Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked Exit To quit this configuration window Port Triggering For some special application sof...

Page 42: ...ternet to the device Such as 2004 2005 Add to list Add the service to the active service list Delete selected application To remove selected services Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked 4 3 UPnP Universal Plug and Play UPnP Universal Plug and Play is a protocol set by Microsoft If th...

Page 43: ...ess or name that maps with UPnP such as 192 168 1 100 Enabled Activate this function Service Port Management Add or remove service ports from the management list Add to List Add to active service content Delete Selected Item Remove selected services Show Table This is a list which displays the current active UPnP functions Apply Click Apply to save the network configuration modification Cancel Cli...

Page 44: ...ss each other Click the button Show Routing Table as in the figure to display the current routing list Destination IP Subnet Mask Input the remote network IP locations and subnet that is to be routed For example the IP subnet is 192 168 2 0 255 255 255 0 Default Gateway The default gateway location of the network node which is to be routed Hop Count This is the router layer count for the IP If the...

Page 45: ... PCs use private IP addresses in the Intranet but after having One to One NAT mapping these PCs will have their own public IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresses Example Users have five available IP addresses 210 11 1 1 5 one of which 210 11 1 1 has been...

Page 46: ...NAT function Range Length The numbers of final IP addresses of actual Internet IP addresses Please do not include IP addresses in use by WANs Add to List Add this configuration to the One to One NAT list Delete Sleeted Item Remove a selected One to One NAT list Apply Click Apply to save the network configuration modification Cancel Click the Cancel button to cancel the modification This only works...

Page 47: ... is for VPN connections to a website that is built with dynamic IP addresses and for dynamic IP remote control For example the actual IP address of an ADSL PPPoE time based system or the actual IP of a cable modem will be changed from time to time To overcome this problem for users who want to build services such as a website it offers the function of dynamic web address transfer This service can ...

Page 48: ...f the four DDNS website address transfer functions User name The name which is set up for DDNS Input a complete website address such as abc qnoddns org cn as a user name for QnoDDNS Password The password which is set up for DDNS Host Name Input the website address which has been applied from DDNS Examples are abc dyndns org or xyz 3322 org ...

Page 49: ...etwork configuration modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked 4 7 MAC Clone Some ISP will request for a fixed MAC address network card physical address for distributing IP address which is mostly suitable for cable mode users Users can input the network card physical address MAC address 00 xx xx xx xx xx here The device will ado...

Page 50: ...rs This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively When a computer is turned on it will acquire an IP address from the device automatically This function is to make management easier VPN QoS Router offers a class C DHCP server with default setting to on It can prov...

Page 51: ...is minute Range Start This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this IP The default initial IP is 192 168 1 100 Range End This means DHCP will terminate the lease at this IP address The default terminal IP address is 149 Though the default supports automatic IP acquisition for 50 computers users can increase or reduce the number according to their n...

Page 52: ...t empty 2 If users want DHCP to assign a static IP for a PC every single time users should input the IP address users want to assign to this computer in the boxes The server or PC which is to be bound will then acquire a static virtual IP whenever it restarts MAC Address Input the static real MAC the address on the network card for the server or PC which is to be bound Name For distinguishing clie...

Page 53: ...d new binding Block MAC address on the list with wrong IP address When this option is activated MAC addresses which are not included in the list will not be able to connect with the Internet Block MAC address not on the list When this option is checked user modified IP or IP which is not configured in the list will not be able to connect with the Internet Show New IP User After the changes are com...

Page 54: ...ss has been leased to a PC port it also gets designated DNS Server address DNS Server 1 Input the IP address of the DNS server DNS Server 2 Input the IP address of the DNS server WINS Server If there is a WIN server in the network users can input the IP address of that server directly WINS Server Input the IP address of WINS Apply Click Apply to save the network configuration modification Cancel C...

Page 55: ...f dynamic IP leased by DHCP Static IP Used The amount of static IP assigned by DHCP IP Available The amount of IP still available in the DHCP server Total IP The total IP which the DHCP server is configured to lease Host Name The name of the current computer IP Address The IP address acquired by the current computer MAC Address The actual MAC network location of the current computer Client Lease T...

Page 56: ...Test and Ping Packet Delivery Reception Test DNS Name Lookup On this test screen please enter the host name of the network users want to test For example users may enter www abc com and press Go to start the test The result will be displayed on this page This item informs users of the status quo of the outbound session and allows the user to know the existence of computers online On this test scre...

Page 57: ...urn to Factory Default Setting to reset all the settings and restart the device Alternatively users may press Reset button on the device to manually restore the default value and clear all settings including port configures password setting and etc Press Reset and hold for more than 10 seconds The flicker of the yellow light indicates the default value is being restored Please note that this featu...

Page 58: ...rade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the designated file Note Please read the warning before firmware upgrade Users must not exit this screen during upgrade Otherwise the upgrade may fail ...

Page 59: ...2WAN 3LAN VPN QoS Security Router 54 5 5 Setting Backup ...

Page 60: ...gs into the device Before upgrade confirm all information about the software version Select and browse the backup parameter file config exp Select the file and click Import to import the file Export Configuration File This feature allows users to backup all parameter settings Click Export and select the location to save the config exp file ...

Page 61: ...e firewall is set as disabled features such as SPI DoS and outbound packet responses will be turned off automatically Meanwhile the remote management feature will be activated The network access rules and content filter will be turned off Firewall This feature allows users to turn on off the firewall SPI Stateful Packet Inspection This enables the packet automatic authentication detection technolo...

Page 62: ... field of remote browser IP a valid external IP address WAN IP for the device should be filled in and the modifiable default control port should be adjusted the default is set to 80 modifiable Multicast Pass Through There are many audio and visual streaming media on the network Broadcasting may allow the client end to receive this type of packet message format This feature is off by default Preven...

Page 63: ...ther settings are not necessary Apply After the changes are completed click Apply to save the network configuration modification Delete Click the Cancel button to cancel the modification This only works before Apply is clicked 6 2 Access Rule Users may turn on off the setting to permit or forbid any packet to access internet Users may select to set different network access rules from internal to e...

Page 64: ...m the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is denied by default All traffic from the LAN to the DMZ is allowed by default All traffic from the DMZ to the LAN is denied by default All traffic from the WAN to the DMZ is allowed by default All traffic from the DMZ to the WAN is allowed by default Users may define access rules and do more than the default rules Howe...

Page 65: ...2WAN 3LAN VPN QoS Security Router 60 ...

Page 66: ...Return to Default Rules to restore all settings to the default values and delete all the self defined settings After modification press Apply button to save the network settings or press Cancel to keep the settings unchanged 6 2 1 Add a new Rule Action Allow Permits the pass of packets compliant with this control rule Deny Prevents the pass of packets not compliant with this control rule Service P...

Page 67: ...he destination IP range such as Any Single Range or preset IP group name If Single or Range is selected please enter a single IP address or an IP address within a session Scheduling Select Always to apply the rule on a round the clock basis Select from and the operation will run according to the defined time Apply this rule Select Always to apply the rule on a round the clock basis If From is sele...

Page 68: ...the real time data with regard to VPN status These data include all tunnel numbers PPTP IPSec QnoKey and IPSec VPN setting parameters and Group VPN and so forth Summary Detail Push this button to display the following information with regard to all current VPN configurations to facilitate VPN connection management ...

Page 69: ...o Gateway tunnel or Client to Gateway tunnel The VPN tunnel connections are done by 2 VPN devices via the Internet When a new tunnel is added the setting page for Gateway to Gateway or Client to Gateway will be displayed Gateway to Gateway Click Add to enter the setting page of Gateway to Gateway ...

Page 70: ...status of VPN tunnel in detail Previous Page Next Page Jump to __ __ Page __ Entries Per Page Click Previous page or Next page to view the desired VPN tunnel page Or users can select the page number directly to view all VPN tunnel statuses such as 3 5 10 20 or All Tunnel No To set the embedded VPN feature please select the tunnel number It supports up to 300 IPSec VPN tunnel Setting ...

Page 71: ...to the name of the host end to facilitate verification This tunnel can thus be successfully enabled Phase2 Encrypt Auth Gro up Displays settings such as encryption DES 3DES authentication MD5 SHA1 and Group 1 2 5 If users select Manual setting for IPSec Phase 2 DH group will not display Local Group Displays the setting for VPN connection secure group of the local end Remote Group Displays the sett...

Page 72: ...ould users have more than one tunnel settings Note If this tunnel is to be connected to any other VPN device not VPN QoS Router some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus be successfully enabled Enabled Click to Enable the VPN tunnel This option is set to enable by default Afterwards users may select to enable ...

Page 73: ...nto this space Users don t need to do further settings 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address will be automatically filled into this space Users don t need to do further settings FQDN refers to the combination of host name and domain name and can be retrieved from the Internet i e vpn server com This I...

Page 74: ...option to link to VPN please enter the domain name 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect to the device users may select this option to connect to VPN without entering IP address When VPN Gateway requires for VPN connection the device will start authentication and respond to VPN tunnel connection If users select this option to link to VPN enter...

Page 75: ... Reference When this VPN tunnel is connected only computers with the session of 192 168 1 0 and with subnet mask as 255 255 255 0 can connect with remote VPN 3 IP Range This option allows connection only when IP address range which is entered after the VPN tunnel is connected Reference When this VPN tunnel is connected computers with the IP address of 192 168 1 0 254 can establish connection Remot...

Page 76: ...FQDN Authentication Dynamic IP address Domain name Dynamic IP E mail Addr USER FQDN Authentication Dynamic IP address Email address name 1 IP only If users select the IP Only type entering this IP allows users to gain access to this tunnel If the IP address of the remote client is unknown choose IP by DNS Resolved allowing DNS to transcode IP address When users finish the setting the corresponding...

Page 77: ...s to the combination of host name and domain name Users may enter any name that corresponds to the domain name of FQDN This IP address and domain name must be identical to those of the remote VPN security gateway setting type to establish successful connection If the remote IP address is unknown choose IP by DNS Resolved allowing DNS to transcode the IP address This domain name must be available o...

Page 78: ...FQDN Authentication If users select IP address and E mail type entering the IP address and the E mail allows users to gain access to this tunnel If the remote IP address is unknown choose IP by DNS Resolved allowing DNS to transcode the IP address This domain name must be available on the Internet When users finish the setting the corresponding IP address will be displayed under the remote gateway...

Page 79: ...ss to connect with the device users may select the combination of the dynamic IP address host name and domain name 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect with the device users may select this type to link to VPN When the remote VPN gateway requires connection to facilitate VPN connection the device will start authentication and respond to the V...

Page 80: ... 168 2 0 and with subnet mask as 255 255 255 0 can connect with remote VPN 7 2 2 IPSec Setup If there is any encryption mechanism the encryption mechanism of these two VPN tunnels must be identical in order to create connection And the transmission data must be encrypted with IPSec key which is known as the encryption key The device provides the following two encrypted Key Management They are Manu...

Page 81: ...sing security code to encrypt information It supports 128 bit 192 bit and 256 bit encryption keys Phase 1 Phase 2 Authentication This authentication option allows users to set this VPN tunnel to use any authentication mode Note that this parameter must be identical to that of the remote authentication mode MD5 or SHA1 Phase 1 SA Life Time The life time for this exchange code is set to 28800 second...

Page 82: ...d Authentication KEY Users may enter an exchange password made up of either digits or characters The systems will automatically transcode what users entered into the exchange password and authentication mechanism during the VPN tunnel connection This exchange password can be made up of digits and characters up to 23 Moreover the exchange strings for Incoming SPI and Outgoing SPI must be ...

Page 83: ...P Payload Compression Protocol Keep Alive If this option is selected VPN tunnel will keep this VPN connection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address NetBIOS Broadcast If this option is selected the connected VPN tunnel allows the passage of NetBIOS broadcast packet This facilitates the easy connection with other...

Page 84: ...oup Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion Note If this tunnel is to be connected to other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus be successfully enabled Interface From the pull down list users...

Page 85: ...ted Reference When this VPN channel is connected computers with the IP address range between 192 168 2 1 and 192 168 1 254 can establish connection Remote Client configuration This setting offers three operation modes which are Domain Name FQDN Domain Name E mail Address USER FQDN Email Address Microsoft XP 2000 VPN Client Microsoft XP 2000 VPN Client end 1 Domain Name FQDN Domain Name If users se...

Page 86: ...tunnel 3 Microsoft XP 2000 VPN Client Microsoft XP 2000 VPN Client end If users select XP 2000 VPN Client end status users don t need to do extra settings As far the details of setting please refer to 7 2 IPSec Setup 7 4 PPTP Setting It supports the PPTP of Window XP 2000 to create point to point tunnel protocol for single device users to create VPN connection ...

Page 87: ...Enable PPTP Service When this option is selected the point to point tunnel protocol PPTP server can be enabled PPTP IP Address Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network ...

Page 88: ...account and password Delete Selected Item Delete Selected Item Client Table Displays relevant information with regard to the use of PPTP Server tunnel User Name Remote user name after connection is established Remote Client IP Remote IP address after connection is established PPTP IP Address The local PPTP server IP address after connection is established 7 5 VPN Pass Through VPN Pass Through sett...

Page 89: ... pass in order to connect to external VPN device PPTP Pass Through If this option is enabled the PC is allowed to use VPN PPTP packet to pass in order to connect with external VPN device L2TP Pass Through If this option is enabled the PC end is allowed to use VPN L2TP packet to pass in order to connect with external VPN device ...

Page 90: ...ated VPN setup process by entering Server IP User Name and Password 2 Central Control Feature Displays a clear VPN connection status of all remote ends and branches Its central control screen allows setup from remote into external client ends 3 VPN Disconnection Backup Solves data transmission problem arising from failed ISP connection with remote ends or the branches Enable QVM Enable this accoun...

Page 91: ...tion status Red means disconnection and green means connection When QVM connection failed Retry every minutes This function is to set re connect duration if QVM contention drops The range is 1 60 mins Tunnel Backup You can input at most 3 backup IP addresses or domain names for backup Once the connection is dropped the function will be automatically enabled to backup the VPN connection and ensure ...

Page 92: ...ystem log E mail alert and log setting Syslog Enabled If this option is selected the System Log feature will be enabled SysLog Server The device provides external system log servers with log collection feature System log is an industrial standard communications protocol It is designed to dynamically capture related system message from the network The system log provides the source and the destinat...

Page 93: ... defined number is reached it will automatically send out the log mail Log Time Threshold Set the interval of sending the log and the default is set to 10 minutes Reaching this defined number it will automatically send out the Mail log The device will detect which parameter either entries or intervals reaches the threshold first and send the log message of that parameter to the user E mail Log Now...

Page 94: ...port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Received and Sent Bytes Sec total number of error packets received total number of the packets dropped number of session number of the new Session Sec and upstream as well as downstream broadband usage ...

Page 95: ...2WAN 3LAN VPN QoS Security Router 90 9 3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control ...

Page 96: ...gure displays the source IP address bytes per second and percentage Outbound IP Address The figure displays the source IP address bytes per second and percentage Inbound Service The figure displays the network protocol type destination IP address bytes per second ...

Page 97: ... IP address destination port bytes per second and percentage 9 4 Specific IP Port Status The device allows administrators to inquire a specific IP or from a specific port about the addresses that this IP had visited or the users source IP who used this service port This facilitates the identification of websites that needs authentication but allows single WAN port rather than Multi WAN Administrat...

Page 98: ...2WAN 3LAN VPN QoS Security Router 93 BT or P2P software users may select this feature to inquire users from the port ...

Page 99: ...ddress that users want to inquire and then the entire destination IP connected to remote devices as well as the number of ports will be displayed Specific Port Status Enter the service port number in the field and IP that are currently used by this port will be displayed ...

Page 100: ...2WAN 3LAN VPN QoS Security Router 95 ...

Page 101: ...t Click the Logout button which is to terminate VPN QoS Router management meanwile it also terminates the management user interface If you want to go into this user interface please repeat the same steps and input administrator s ID and password ...

Page 102: ...el Name HOB HOA Interface WAN1 WAN Enable Checked Checked Local Security Group Type Subnet Subnet Local Security Group Type IP Address 20 20 20 0 10 10 10 0 Local Security Group Type Subnet Mask 255 255 255 0 255 255 255 0 Remote Security Gateway Type IP IP Remote Security Gateway Type IP Address 100 100 100 100 200 200 200 200 Remote Security Group Type Subnet Subnet Remote Security Group Type IP...

Page 103: ... Phase 2 DH Group Group 1 Group 1 Phase 2 Encryption DES DES Phase 2 Authentication MD5 MD5 Phase 2 SA Life Time 3600 Seconds 3600 Seconds Preshared Key Both sides should use the same key VPN Environment Sample 2 Gateway to Gateway VPN Setting VPN Summary Add New Tunnel Gateway to Gateway Head Office A Home1 VPN Client SW Tunnel Name Home1 HOA Interface WAN1 WAN Enable Checked Checked Local Securi...

Page 104: ... 10 10 10 20 20 20 0 Remote Security Group Type Subnet Mask 255 255 255 0 Keying Mode IKE with preshared key IKE with preshared key Phase 1 DH Group Group 1 Group 1 Phase 1 Encryption DES DES Phase 1 Authentication MD5 MD5 Phase 1 SA Life Time 28 800 Seconds 28 800 Seconds Perfect Forward Secrecy Checked Checked Phase 2 DH Group Group 1 Group 1 Phase 2 Encryption DES DES Phase 2 Authentication MD5...

Page 105: ...User Email Address Local ID Email Address User Email Address Remote Client IP Address 100 100 100 100 Remote Security Group Type Subnet Remote Security Group Type IP Address 20 20 20 0 Remote Security Group Type Subnet Mask 255 255 255 0 Keying Mode IKE with preshared key IKE with preshared key Phase 1 DH Group Group 1 Group 1 Phase 1 Encryption DES DES Phase 1 Authentication MD5 MD5 Phase 1 SA Li...

Page 106: ... bandwidth forum refer to the examples of the FTP server or contact the technical department of Qno s dealers as well as the Qno s Mainland technical center Qno Official Website http www Qno com tw Dealer Contact Users may log on to the service webpage to check the contacts of dealers http www qno com tw web where_buy asp Taiwan Support Center E mail QnoFAE qno com tw ...