background image

Configuration 

56 von 105 

 

SINAUT MD740-1 

File 3172AD001_V1_1_060206.doc 

File saved 

06.02.2006

 

File printed 

06.02.2006 

State Freigabe 

Autor Pauluhn

 

Services 

#

#

#

#

 DynDNS Monitoring 

 

Watch hostname of remote VPN Gateways? Yes / No 

 

 

If the address of the remote VPN Gateway has been given to 
the SINAUT MD740-1 as a hostname (see 

VPN 

#

 Connections

,

page 37), and if this Domain Name has been issued by a 
DynDNS service, then the SINAUT MD740-1 can check 
regularly whether any changes have been made to the DynDNS 
concerned. If so, the VPN connection is established to the new 
IP address. 

 

Refresh Interval (sec) 

 

 

Standard: 300 (sec) 

 

 

Services 

#

#

#

#

 DynDNS Registration 

 

To establish VPN connections at least the IP address of one of the 
partners must be known so that they can make contact with each 
other. This condition is not fulfilled if both participants are assigned 
their IP addresses dynamically by their Internet service providers. 
In this case, however, a DynDNS service such as DynDNS.org or 
DNS4BIZ.com can help. With a DynDNS service the currently valid 
IP address is registered under a fixed name. See also 

IP address 

of the remote site

, page 9  

Once you are registered with a DynDNS service supported by the 
SINAUT MD740-1 you can make the corresponding entries in this 
dialogue box. 

 

Register this TAINY at a DynDNS Service? Yes / No 

 

 

Select 

Yes

 if you are registered with a DynDNS provider and 

the SINAUT MD740-1 is to use the service. Then the  
SINAUT MD740-1 reports the current IP address assigned to its 
own Internet connection by the Internet service provider to the 
DynDNS service. 

 

 

Refresh Interval (sec) 

Summary of Contents for SINAUT MD740-1

Page 1: ...SINAUT MD740 1 User Manual ...

Page 2: ...l gate output Switching voltage and switching current must not exceed the specified maximum values Please pay regard to sections Connecting the device and Technical Data of this documentation SIM card To install the SIM card the device must be opened Before opening the device disconnect it from the supply voltage Static charges can damage the device when it is open Discharge the electric static of...

Page 3: ...ted and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio c...

Page 4: ...s antenna the total composite power in PCS mode is smaller than 1 watt ERP The internal external antennas used for this mobile transmitter must provide a separation distance of at least 20 cm from all persons and must not be co located or operating in conjunction with any other antenna or transmitter Warning This is a class A equipment This equipment can disturb other electric equipment in living ...

Page 5: ... 6 Features menu 68 4 7 Support menu 72 4 8 System menu 75 4 9 CIDR Classless InterDomain Routing 79 4 10 Network example diagram 81 5 Integrated website showing device and connection data 83 5 1 Accessing the Web server locally via the service interface 83 Via dial up connection 83 Installing the modem for access to the service interface 83 Creating the dial up connection for the service interfac...

Page 6: ...NS provider 95 TCP IP Transmission Control Protocol Internet Protocol 96 Service Provider 96 Protocol transmission protocol 97 Client Server 97 PPPoE 97 PPTP 97 VPN Virtual Private Network 97 DES 3DES 98 Private Key Public key Certification X 509 98 NAT Network Address Translation 99 Datagram 99 IPSec 100 Spoofing anti spoofing 100 Symmetrical encryption 100 Port number 100 IP address 101 X 509 Ce...

Page 7: ...otection against unauthorised access The dynamic packet filter inspects data packets using the source and destination address stateful packet inspection and blocks unwanted data traffic anti spoofing The device is configured simply using a Web browser VPN features Protocol IPsec tunnel and transport mode IPsec DES encryption at 56 Bit IPsec 3DES encryption at 168 Bit IPsec AES encryption at 128 19...

Page 8: ...tected by a VPN router with firewall is connected to the GPRS network or the Internet and has a known or definable IP address Scenario 2 The remote site is another SINAUT MD740 1 The direct connection of two GPRS end devices is not technically supported in all GSM GPRS networks GPRS Firewall Application TAINY GMOD V2 IO IPSec tunnel Server in company network Router with Firewall Dedicated line to ...

Page 9: ...ner is connected to the GPRS network via a leased dedicated line In this case it has normally been assigned a fixed IP address by the network operator Fixed IP address via Internet service provider The communication partner can be accessed via the Internet and has been assigned a fixed IP address by the Internet service provider the address can be applied for from some Internet service providers F...

Page 10: ...g 2 x intermittent blinking 3 x intermittent blinking ON always OFF Booking into the GPRS network Field strength not sufficient or unknown Field strength sufficient Field strength medium Field strength high Waiting for PIN input C Connect OFF ON No connection Connection to server remote station GPRS Authentication on and IP allocation from network successful When updating the communication firmwar...

Page 11: ...witched off no operating voltage STAT Yellow Blinking IOVPN board operational LINK Yellow ON Ethernet connection to local PC LAN established OFF No Ethernet connection to local PC LAN VPN Yellow ON VPN tunnel established OFF VPN Tunnel not established Shortly after switching on of the SINAUT MD740 1 the LED VPN is set to on for a short period of time although the VPN tunnel has not yet been establ...

Page 12: ...e switched off when you insert or remove the SIM card 3 1 Connecting the device Current supply The screw terminals on top of the device for connecting of the current supply 24 V DC voltage nominal max 600mA 24 V 24 V 0 V 0 V Both terminal screws to the left 24 V are connected Both terminal screws to the right 0 V are connected Service interface Optional For the connection of a PC to display device...

Page 13: ...ces switches off when disconnected from the supply voltage When switching on When the device is switched on the POWER LED comes on first If the device has a valid configuration and the SIM card is inserted the device automatically books into the GPRS network When the CONNECT LED comes on a GPRS connection has been established The device is designed in such a way that it can be left switched on per...

Page 14: ...insert the SIM card immediately To configure the PIN proceed as follows 1 Using your Web browser e g MS Internet Explorer establish a configuration connection with the SINAUT MD740 1 To do this follow the description in section 4 Configuration page 19 to 23 2 When the Administrator website of the SINAUT MD740 1 appears select Network GPRS In the PIN field enter the PIN of the SIM card that you the...

Page 15: ...ned with clamps two each on top of the housing and on the bottom side 3 Release the two clamps on the housing part with antenna socket For this purpose press the clamps cautiously with a suitable object see picture so that catch opens 4 Cautiously pull the unlocked housing part so that the housing opens The boards in both front housing parts are connected by an IO cable When opening the housing ma...

Page 16: ...of the SIM card holder by moving it cautiously about 2mm to the left in the direction of the arrow see red arrow in the illustration so that it can be raised 7 Raise the flap of the SIM card holder so that you can insert the SIM card In the illustration below the compartment into which you can insert the SIM card is emphasized in white SIM card holder ...

Page 17: ...he gold coloured microchip pointing down The flap has a groove for this purpose The notched corner of the SIM card has to point towards the front of the device see illustration 9 Slide the SIM card down into the flap as far as possible 10 Lower the flap paying attention to the notched corner of the SIM card see illustration ...

Page 18: ... SIM card holder is locked into position 13 Check the connection of the internal IO connection cable Finally re attach both housing parts Slide the motherboard into the rails on top and bottom inside the rear section of the housing Close the housing by slightly pressing the housing parts together so that the clamps on the upper and lower parts of the housing engage The housing is locked when all c...

Page 19: ...T MD740 1 must be switched on The network adapter of the computer with which you are performing configuration must have the following TCP IP configuration IP address 192 168 1 2 Subnet mask 255 255 255 0 Default gateway 192 168 1 1 Preferred DNS server address of the Domain Name Server TCP IP configuration of the network adapter under Windows XP 1 Click on Start Settings Control Panel Network Conn...

Page 20: ...rmine the Domain Name Server in the TCP IP configuration of your network adapter proceed as described above Proceed as follows Establish configuration connection 1 Start a Web browser e g MS Internet Explorer from Version 5 0 or Netscape Communicator from Version 4 0 the Web browser must support SSL i e https 2 Make sure that the browser does not automatically dial up a connection when starting In...

Page 21: ...ard Make sure that the browser does not use a proxy server In MS Internet Explorer Version 6 0 you make this setting as follows menu Tools Internet Options Connections tab under LAN Settings click on the Settings button in the Settings for local area network LAN dialogue box make sure that the Use a proxy server for your LAN entry is not activated If there are other LAN connections active on the c...

Page 22: ...nation As the device can only be administered via encrypted accesses it is supplied with a self signed certificate Acknowledge the security alert with Yes 5 You are prompted to enter the user name and the password The default setting is User name admin Password tainy Start page of the Administrator website 6 Consequence the Administrator website of the SINAUT MD740 1 appears see next page ...

Page 23: ... To do so click on the Refresh icon in the browser s icon bar Depending on how you configure the SINAUT MD740 1 you may then have to adapt the network interface of the connected computer or network accordingly When entering IP addresses always enter the IP address sub numbers without the leading zeros e g 192 168 0 8 Please note In the following screenshots of the configuration pages of the SINAUT...

Page 24: ... into subnets In this case several devices from different subnets access the SINAUT MD740 1 at different addresses If you want to determine a further internal IP click on New You can determine any number of internal IPs If you want to delete an internal IP click on Delete The first IP address in the list cannot be deleted Additional Internal Routes If further subnets are connected to the locally c...

Page 25: ...or Enter the password identically in both fields Once the password has been set the message Not configured yet is no longer displayed APN Access Point Name This denotes the gateway to the Internet In this case the remote site can be reached via the Internet OR to the private network In this case the remote site is connected to the GPRS network operator via a leased dedicated line INFO Internet APN...

Page 26: ...o longer displayed Enter the PIN identically in both fields The entered PIN must tally with the PIN of the SIM card with which the device is to operate You cannot change the PIN of the SIM card with this device Confirm the entries on this configuration page by clicking on OK or Apply Network Status Display only Network mode This indicates whether a GPRS connection has been established display mode...

Page 27: ...rejected except VPN and except connections to the integrated website which provides information about devices and connection data VPN connections are not subject to the firewall rules determined under this menu item You can determine firewall rules for each individual VPN connection under the menu VPN Connections If several firewall rules have been set they are scanned in the order of the entries ...

Page 28: ...tes the port area Individual ports can be entered either with the port number or with the corresponding service name e g 110 for pop3 or pop3 for 110 Action Accept means that the data packets may pass Refuse means that the data packets are turned away so that the sender is informed of the refusal Reject means that data packets are not allowed to pass They are swallowed so that the sender is not in...

Page 29: ...ply Setting a new rule If you want to set a new rule click on New Set the required rule see below then click on OK or Apply You receive a system message as confirmation You can make the following possible entries Protocol All means TCP UDP ICMP and others IP address 0 0 0 0 0 means all addresses To denote a range use CIDR syntax see CIDR Classless InterDomain Routing page 79 Port is only evaluated...

Page 30: ... for port forwarding With port forwarding the following takes place the header of incoming data packets from the external network which are intended for the external IP address or one of the external IP addresses of the SINAUT MD740 1 and for a particular port of the SINAUT MD740 1 are rewritten in such a way that they are forwarded to the internal network to a particular computer and to a particu...

Page 31: ...tic IP addresses for the external interface Incoming on Port Original destination port that is given in incoming data packets Redirect to IP Internal IP address to which the data packets are to be forwarded and to which the original destination addresses are rewritten Redirect to Port Port to which the data packets are to be forwarded and to which the original destination addresses are rewritten Y...

Page 32: ...rnal network structure is to be hidden This method is also called IP Masquerading When using several static IP addresses for the external interface the first IP address in the list is always used for IP Masquerading Default setting NAT does not take place Deleting a rule Click on Delete next to the entry concerned Then click on OK or Apply Setting a new rule If you want to set a new rule click on ...

Page 33: ...hed therefore the limitation represents built in additional protection Should special requirements exist in your operating environment you can increase the values Enable FTP NAT Connection Tracking support When an outgoing connection is established in the FTP protocol for the purpose of retrieving data there are two possible forms of data transmission with enabled FTP the called up server in turn ...

Page 34: ...pport must be set to Yes standard Enable PPTP NAT Connection Tracking support Must only be set to Yes if the following condition is present A VPN connection using PPTP is to be established to an external computer from a local computer without the help of the SINAUT MD740 1 The default setting of this switch is No ICMP from extern to the TAINY With this option you can influence behaviour when recei...

Page 35: ...g Yes has been determined during the setting of firewall rules you can then view all the log of all logged events here The format corresponds to that commonly used under Linux There are special evaluation programs which present the information from the logged data in a more easily legible format ...

Page 36: ...Key PSK or X 509 certificates ESP Diffie Hellman groups 2 or 5 DES 3DES or AES encryption MD5 or SHA 1 Hash algorithms Tunnel or transport mode Quick mode Main mode SA Lifetime 1 second to 24 hours If the remote site is a computer running under Windows 2000 the Microsoft Windows 2000 High Encryption Pack or at least Service Pack 2 must be installed If the remote site is behind a NAT router it must...

Page 37: ...te next to the entry concerned Then click on OK or Apply Setting up a new VPN connection Click on New Give the connection a name and click on Edit Perform the desired or necessary settings see below Then click on OK or Apply Editing a VPN connection Click on the Edit button next to the connection concerned Perform the desired or necessary settings see following illustration and explanations Then c...

Page 38: ...Configuration 38 von 105 SINAUT MD740 1 A descriptive name for the connection You can name or rename the connection as you wish Enabled Determine whether the connection is to be enabled Yes or not No ...

Page 39: ...ady to accept the connection actively initiated and established by a remote site with any IP address to the local SINAUT MD740 1 then enter any Then a remote site which is assigned its own IP address by the Internet service provider dynamically i e has a changing IP address can call the local SINAUT MD740 1 If only one particular remote site with a fixed IP address establishes the connection you c...

Page 40: ...ts are encrypted The IP header information is not encrypted Transport L2TP Microsoft Windows If this connection is enabled on the remote computer you should also set the SINAUT MD740 1 to Transport L2TP Microsoft Windows The SINAUT MD740 1 will then work accordingly The L2TP PPP protocol creates a tunnel within the IPsec Transport connection The locally connected L2TP computer is assigned its IP a...

Page 41: ...address of the remote site or its domain name must be entered in the Remote site s VPN gateway address field see above Wait for the remote site In this case the local SINAUT MD740 1 is ready to accept the connection actively initiated and established by a remote site to the local SINAUT MD740 1 any can be entered in the Remote site s VPN gateway address field see above If only one particular remot...

Page 42: ...ected computer 1 Click on Configure Consequence The VPN Connections Connection xyz X 509 Certificate screen appears xyz is the name of the connection concerned 2 Click on Browse and select the file 3 Click on Import After importing the content of the new certificate is displayed see following illustration You will find an explanation of the displayed information in section VPN Machine Certificate ...

Page 43: ...the most commonly used method and is therefore preset as the standard Basically the following applies the more bits an encryption algorithm has indicated by the number shown the more secure it is The relatively new AES 256 method is therefore considered to be the safest but it is not yet so widespread The longer the key the more time consuming the encryption process This aspect is of no consequenc...

Page 44: ...ly if the remote site supports PFS select Yes When selecting the connection type Transport L2TP Microsoft Windows set Perfect Forward Secrecy PFS to No Tunnel settings Local network address The appropriate netmask With these two entries you give the address of the client network or computer that is connected locally to the SINAUT MD740 1 direct and which is protected by the das SINAUT MD740 1 This...

Page 45: ...emote VPN gateway address Router w firewall LAN SINAUT MD740 1 GPRS IPsec tunnel Internet Tunnel the address of the opposite network can also be an individual computer SINAUT MD740 1 Tunnel the address of the local network can also be an individual computer To the remote site GPRS IPsec tunnel Internet LAN ...

Page 46: ...the log According to the default setting the VPN firewall is set so that everything is permitted for this VPN connection However the extended firewall settings which are defined and explained above still apply to each individual VPN connection independent of each other see Firewall Extended Settings page 33 If several firewall rules have been set they are scanned in the order of the entries from t...

Page 47: ...ckets are turned away so that the sender is informed of the refusal Reject means that data packets are not allowed to pass They are swallowed so that the sender is not informed of their whereabouts Log For each individual firewall rule you can determine whether when the rule is applied the event is to be logged set Log to Yes or not set Log to No default setting Log entries for unknown connection ...

Page 48: ...t The owner to whom the certificate has been issued issuer The certification office which has signed the certificate C Country ST State L Location O Organisation OU Organisation Unit CN Common Name MD5 SHA1 Fingerprint Fingerprint of the certificate for comparison with another one e g on the telephone Windows displays the fingerprint in SHA1 format at this point notBefore notAfter Validity period ...

Page 49: ... file e g handed over personally or by e mail If you do not have a secure mode of transfer you should then compared the fingerprint displayed by the SINAUT MD740 1 via a secure channel Only one certificate file PKCS 12 file can be imported into the device To important a new certificate proceed as follows New certificate Prerequisite The certificate file file name p12 or pfx is generated and stored...

Page 50: ...works The SINAUT MD740 1 informs the remote site via PPP as to which addresses are being used for itself and the remote site Local IP for L2TP connections In the above screenshot the SINAUT MD740 1 is telling the remote site that the device itself has the address 10 106 106 1 Remote IPs for L2TP connections range In the above screenshot the SINAUT MD740 1 is telling the remote site that the remote...

Page 51: ...ent protocol is given as established if the two VPN gateways involved have established a channel for key exchange In this case they were able to contact each other and all entries up to and including ISAKMP SA on the configuration page of the connection were correct IPsec Status IPsec Status is given as established when IPSec encryption is enabled during communication In this case the entries unde...

Page 52: ...ge IPsec State IPsec SA established means The VPN has been successfully established and can be used However if this is not the case then there are problems with the remote site s VPN gateway In this case tag the connection name and then click on OK or Apply to restart the connection VPN L2TP Status Display only Provides information the L2TP status if this has been chosen as the connection type See...

Page 53: ...n 105 VPN VPN Logs Display only This lists all VPN events The format corresponds to that commonly used under Linux There are special evaluation programs which present the information from the logged data in a more easily legible format ...

Page 54: ...nts page 59 Hostname mode With Hostname Modus and Hostname you can give the SINAUT MD740 1 a name This name is then displayed e g when logging in by SSH Giving names simplifies the administration of several SINAUT MD740 1s User defined from field below Standard The name entered in the field Hostname is set as the name for the SINAUT MD740 1 Provider defined e g via DHCP If the external setting of ...

Page 55: ...a PPPoE or DHCP The Domain Name Server of the Internet service provider is used who provides access to the Internet You can select this setting with enabled DHCP see Services DHCP page 57 User defined from field below If this setting is selected the SINAUT MD740 1 makes contact with the Domain Name Servers which are listed under User defined name servers User defined name servers If you have set t...

Page 56: ... make contact with each other This condition is not fulfilled if both participants are assigned their IP addresses dynamically by their Internet service providers In this case however a DynDNS service such as DynDNS org or DNS4BIZ com can help With a DynDNS service the currently valid IP address is registered under a fixed name See also IP address of the remote site page 9 Once you are registered ...

Page 57: ... provider with whom you are registered e g DynDNS org DynDNS Server Name of the server of the DynDNS provider selected above e g dyndns org DynDNS Login DynDNS Password Here you enter the user name and the password assigned to you by the DynDNS provider DynDNS hostname The hostname selected for this SINAUT MD740 1 with the DynDNS service provided that you use a DynDNS service and have given the ap...

Page 58: ...Default gateway Determines which IP address is to be used as the default gateway by the client This is usually the local IP address of the SINAUT MD740 1 DNS server Determines from where clients receive resolution of hostnames in IP addresses If the DNS services of the SINAUT MD740 1 is enabled it can be the local IP address of the SINAUT MD740 1 Client MAC address client IP address You can establ...

Page 59: ...ou must configure the locally connected clients in such a way that they receive their IP addresses automatically see below IP configuration with Windows clients Under Windows XP click on Start Control Panel Network Connections right click on the LAN adapter icon and click on Properties in the context menu On the General tab in the Properties of LAN connection local network dialogue box tag the Int...

Page 60: ...you can enter one or more NTP servers from which the SINAUT MD740 1 is to source the current time If you enter several time servers the SINAUT MD740 1 automatically connects to all of them to ascertain the current time The SINAUT MD740 1 also provides the connected computers with the NTP time Enter the IP addresses instead of the hostnames of the required time servers Min Poll Max Poll Time synchr...

Page 61: ...is exhausted the oldest log entries are automatically overwritten by new ones It is possible to transfer the log entries to an external computer This is advisable if for example logging is to administered centrally Activate remote UDP logging Yes No If all log entries are to be transferred to the external log server specified below set this switch to Yes Log Server IP address Enter the IP address ...

Page 62: ... in such a way that it has to be sent in for servicing In this case please contact your dealer or distributor Default user name root Default root password root The user name root cannot be changed Administrator Provides the rights for all configuration options which are also available via the web based administrator interface Default user admin Default password tainy The user name admin cannot be ...

Page 63: ...efault setting tainy unalterable user name admin Enable User Password Yes No User password protection is switched off as default If a user password has been determined below user password protection can be enabled or disabled with this switch User Password No user password is preset as default To determine one enter the required password identically in each of the two entry fields Access Language ...

Page 64: ...Yes In this case make sure that the firewall rules on this page are set so that the SINAUT MD740 1 can be accessed from the outside If you set this parameter to No by remote access no further entries by HTTPS remote access are possible This option must then be accepted again either locally or by SSH remote access provided that this has been configured Port for incoming HTTPS connections remote adm...

Page 65: ...is are allowed remote access You can make the following possible entries IP address 0 0 0 0 0 means all addresses To denote a range use CIDR syntax see CIDR Classless InterDomain Routing page 79 Interface extern fixed Action Possibilities Accept Refuse Reject Accept means that the data packets may pass Refuse means that the data packets are turned away so that the sender is informed of the refusal...

Page 66: ...oot password it is possible to misconfigure the device in such a way that it has to be sent in for servicing In this case please contact your dealer or distributor To enable SSH remote access make the following settings Enable SSH remote access Yes No If you want to enable SSH remote access set this switch to Yes In this case make sure that the firewall rules on this page are set so that the SINAU...

Page 67: ...low and click on OK or Apply From IP Here you enter the address es of the computer s which is are allowed remote access You can make the following possible entries IP address 0 0 0 0 0 means all addresses To denote a range use CIDR syntax see CIDR Classless InterDomain Routing page 79 Interface extern fixed Action Possibilities Accept Refuse Reject Accept means that the data packets may pass Refus...

Page 68: ... The device could be damaged and can only be reactivated by the manufacturer If you have stored a current software update on your configuration computer proceed as follows 1 Click on Browse then select the file 2 Click on Install Packages to load them into the device Depending on the size of the update this procedure can take several minutes If a reboot should be necessary following the system upd...

Page 69: ...es If a reboot should be necessary following the system update a corresponding message will appear Features Update Server If you are provided with a software update Features Install Update page 68 for the SINAUT MD740 1 on a remote server enter the server s address here This must always come before the protocol used Examples http 123 456 789 1 OR http www xyz com update ...

Page 70: ...ined in the device These are described as packets Serves update purposes compare the displayed version numbers with the current version numbers of the appropriate packets To do so please contact your distributor Should new versions be available you can update the software in the device See Features Install Update page 68 ...

Page 71: ...Configuration SINAUT MD740 1 71 von 105 Features Hardware Information Display only For experienced system administrators support ...

Page 72: ...d log entries which could be relevant for a fault diagnosis This file contains no private information such as the private machine certificate or the passwords However any used Pre Shared Keys from VPN connections are contained in the snapshots To create a snapshot proceed as follows 1 Click on Download 2 Store the file under the name snapshot tar gz Make the file available to support if requested ...

Page 73: ... SINAUT MD740 1 VPN Total Used Up Possibilities Total Used Up Total total number of VPN connections set up Used VPN connections used Up VPN connections currently active VPN User login Possibilities N A not logged in logged in N A not available not logged in VPN closed logged in VPN open DynDNS registration Possibilities none DynDNS server address failure trying none no DynDNS server DynDNS server ...

Page 74: ...synchronized synchronized the SINAUT MD740 1 is receiving the current time Greenwich Mean Time from a time server via the Network Time Protocol not synchronized the SINAUT MD740 1 is not connected to a time server and therefore cannot provide the current time Software version Version of the software installed in the SINAUT MD740 1 System Uptime Uptime since the last start up of the SINAUT MD740 1 ...

Page 75: ...ing environments Furthermore you can save configuration profiles as files on the hard disk of the configuration computer Vice versa you can upload a configuration file created in this way to the SINAUT MD740 1 and put it into effect In addition you have the possibility to put the default setting back into effect at any time When a configuration profile is saved password and user names are not save...

Page 76: ... on the Delete button to the right of the configuration profile concerned Display activate default setting The default setting is saved as a configuration profile under the name Factory Default in the SINAUT MD740 1 Display Click on the name Factory Default Activate Click on the Restore button next to the name Factory Default It is not possible to delete the Factory Default configuration profile S...

Page 77: ...ploaded 2 Click on the Browse button and then select the file 3 Click on the button Upload Configuration to Profile Consequence the uploaded configuration is displayed in the list of configuration profiles If the uploaded configuration profile is to be activated click on the Restore button next to the name System Reboot A reboot is required in the event of an error It may also be necessary after a...

Page 78: ...which present the information from the logged data in a more easily legible format You can transfer the log entries to an external server See Services Remote Logging page 61 Following a reboot of the device entries are already made in the log file before the device can synchronize the system time In this case the time stamps are not chronologically arranged The entries are however in chronological...

Page 79: ...ple the routing tables stored in routers by means of a postfix in the IP address With this postfix a network and the networks lying below it can be denoted in a summarized form The method is described in RFC 1518 To advise a range of IP addresses to the SINAUT MD740 1 e g when configuring the firewall it may be necessary to give the address space in CIDR syntax The following table shows the IP net...

Page 80: ...00 19 255 255 192 0 11111111 11111111 11000000 00000000 18 255 255 128 0 11111111 11111111 10000000 00000000 17 255 255 0 0 11111111 11111111 00000000 00000000 16 255 254 0 0 11111111 11111110 00000000 00000000 15 255 252 0 0 11111111 11111100 00000000 00000000 14 255 248 0 0 11111111 11111000 00000000 00000000 13 255 240 0 0 11111111 11110000 00000000 00000000 12 255 224 0 0 11111111 11100000 000...

Page 81: ...92 168 15 1 Net A Netw address 192 168 11 0 24 Network mask 255 255 255 0 Net B Netw address 192 168 15 0 24 Network mask 255 255 255 0 Net C Netw address 192 168 27 0 24 Network mask 255 255 255 0 Internal IP 192 168 27 254 Network mask 255 255 255 0 Internal IP 192 168 15 254 Network mask 255 255 255 0 Router External IP 192 168 11 2 Router External IP 192 168 15 1 GPRS Internet Address from out...

Page 82: ... mask 255 255 255 0 255 255 255 0 255 255 255 0 255 255 255 0 Network C Computer C1 C2 C3 C4 IP address 192 168 27 1 192 168 27 2 192 168 27 3 192 168 27 4 Network mask 255 255 255 0 255 255 255 0 255 255 255 0 255 255 255 0 Additional internal routes SINAUT MD740 1Network 192 168 15 0 24 Gateway 192 168 11 2 Network 192 168 27 0 24 Gateway 192 168 11 2 Further settings of the routers e g internal...

Page 83: ...iate dial up connection must be set up on this computer see below This must contain the following data the character string for dialling up the service interface 98 user name and password service in each case modem or device via which the connection is to be established TAINY GMOD Service The modem driver file must have been installed previously see below Installing the modem for access to the ser...

Page 84: ...ialogue box is displayed Click on Continue Anyway Creating the dial up connection for the service interface To create the dial up connection for the service interface proceed as follows Windows 2000 1 Click on Start Settings Network and Dial up connections Make New Connection to launch the Network Connections Wizard 2 Select Connect to the Internet Set up my connection manually Connect using a dia...

Page 85: ... and password are both service Making a connection to the SINAUT MD740 1 website User name service Password service 2 Click on Select Effect The computer is connected to the SINAUT MD740 1 in such a way that the integrated Web server can be addressed 3 Start your Web browser e g MS Internet Explorer Enter the address of the internal website in the browser s address line The address is http 192 168...

Page 86: ...xample If the computer you are also using for the configuration of the SINAUT MD740 1 own address 192 168 1 2 is to have access to the website stored in the SINAUT MD740 1 the settings are for example as follows Setting for Firewall NAT Possible address entries 192 168 1 2 or 192 168 1 0 24 Setting for Firewall Outgoing Prot From IP From Port To IP To Port Action TCP 192 168 1 2 any 192 168 0 8 an...

Page 87: ...remote SINAUT MD740 1 must be active i e the LED C of the SINAUT MD740 1 is lit and indicates that an IP address has been assigned by the GPRS network Making a connection to the SINAUT MD740 1 website 1 Start your Web browser e g MS Internet Explorer Enter the external address of the SINAUT MD740 1 in the browser s address line Effect The start page of the website stored in the SINAUT MD740 1 is d...

Page 88: ...a the service interface see page 83 locally via the application interface 10 100 BASE T connector see page 86 OR from a remote computer via the GPRS network network dependent see page 87 When you enter the address http 192 168 0 8 or the external IP address of the device if you are accessing the website from a remote computer see page 87 in your Web browser the start page of the website of the SIN...

Page 89: ...e IP IP address of the service interface Web Ftp IP IP address of the internal Web and FTP server GSM module data IMEI International Mobile station Equipment Identity Unique unchangeable CODE which is assigned to the internal mobile module device number IMSI International Mobile Subscriber Identity The IMSI serves to uniquely identify subscribers in wireless and wire based communications services ...

Page 90: ...the right Explanation of terms PPP layer PPP Point to Point Protocol Packets Received Number of PPP frames data packets received Sent Number of PPP frames sent Total Sum total of all PPP frames sent and received during the online connection Invalid Number of incorrect invalid PPP frames Bytes Received Number of data bytes received within a PPP frame Sent Number of bytes sent in a PPP frame Total S...

Page 91: ...me Sent Number of bytes sent in an IP frame Total Sum total of all bytes sent and received at IP level during the online connection Invalid Number of incorrect bytes within an IP packet Device IP The IP address which the SINAUT MD740 1 has received from the network provider on establishment of the connection into the GPRS network This dynamic IP address is assigned to the device and is the IP addr...

Page 92: ...nterface on the GGSN which establishes a connection to the desired service e g Internet Wap corporate network GSM network Operator Name of the network operator e g T D1 etc Signal quality This number specifies the current signal quality of the connection in the GPRS network The meanings of the displayed values are shown in the table below Signal quality value Meaning Signal 0 113dBm or worse 1 111...

Page 93: ... server locally via the service interface see page 83 locally via the application interface 10 100 BASE T connector see page 86 from a remote computer via the GPRS network network dependent see page 87 2 Instead of a Web browser start an FTP program Enter as follows Address 192 168 0 8 or external IP address see page 87 User name service Password service Example You are using the FTP program of th...

Page 94: ...thm Of the encryption algorithms proposed the NIST short listed five the algorithms MARS RC6 Rijndael Serpent and Twofish In October 2000 the encryption algorithm chosen was Rijndael APN Access Point Name Cross network connections e g from the GPRS network into the Internet are established in the GPRS network via so called APNs GPRS terminal APN APN Private Intranet Internet A terminal wishing to ...

Page 95: ...er is online using a telephone line via modem ISDN or ADSL it is dynamically assigned an IP address by the Internet service provider i e the address changes from one session to another Even if the computer is online for 24 hours without interruptions e g with a flat rate the IP address is changed from time to time If a local computer is to be accessible via the Internet it must have an address whi...

Page 96: ...ased on IP and sends individual packets These may arrive at the recipient in a different order to that in which they were sent or they can even be lost TCP serves to protect the connection and for example ensures that the data packets are forwarded in the correct order to the application UDP and TCP in addition to the IP addresses include port numbers between 1 and 65535 by means of which the diff...

Page 97: ...the client is the calling computer and the server or host is the called computer PPPoE Acronym for Point to Point Protocol over Ethernet Based on the standards PPP and Ethernet PPPoE is a specification to connect users by Ethernet to the Internet via a shared broadband medium such as DSL Wireless LAN or cable modem PPTP Acronym for Point to Point Tunneling Protocol This protocol was developed by M...

Page 98: ...t them The public key is provided by the future recipient of the data to those who will send the data to him in encrypted form The private key is possessed only by the recipient and serves to decrypt the received data Certification So that the user of the public key for encryption can be certain that the public key conveyed to him really does come from the entity that is to receive the data to be ...

Page 99: ...previously unused port To this end it creates a table showing the correlation between the original values and the new ones When receiving a reply datagram the NAT router recognises by means of the destination port specified that the datagram is actually intended for an internal computer Using the table the NAT box exchanges the destination IP address and the destination port and forwards the datag...

Page 100: ...es at the tunnel ends perform the encryption and decryption of the datagrams while the datagrams themselves remain completely protected as they pass through the tunnel i e during transmission via a public network Spoofing anti spoofing In Internet terminology spoofing means giving a false address By giving a false Internet address someone is pretending to be an authorised user Anti spoofing refers...

Page 101: ...entified by the first byte in the IP address The following are fixed values Value of 1st byte Bytes for the network address Bytes for the host address Class A 1 126 1 3 Class B 128 191 2 2 Class C 192 223 3 1 In terms of figures there can only be a maximum of 126 Class A networks in the world with each of these networks encompassing a maximum of 256 x 256 x 256 hosts 3 bytes address space Class B ...

Page 102: ...y the issuer of the public key being required to appear in person Following successful inspection the CA signs the public key with its digital signature A certificate is created An X 509 v3 certificate therefore contains a public key information about the key owner given as Distinguished Name DN permitted designated uses etc and the signature of the CA The signature is created as follows from the ...

Page 103: ...erver NTP Remote Logging Management Web based administration Connection GPRS Multislot class 10 Coding schemes CS 1 CS 2 CS 3 CS 4 Transmission Power Quad Band GSM 850 MHz max 2 Watt GSM 900 MHz max 2 Watt DCS 1800 MHz max 1 Watt PCS 1900 MHz max 1 Watt Antenna Connection Impedance nominal 50 Ohm socket SMA Power supply Un 18 30 VDC In 450 260mA Iburst 1 3 A Temperature range Operating 20 C up to ...

Page 104: ...DCD Output Pin2 RXD Output Pin3 TXD Input Pin4 DTR Input Pin5 GND Signal ground Pin6 DSR Output Pin7 RTS Input Pin8 CTS Output Pin9 RI Output Pin assignment interface 10 100 BASE T Signals Signal direction DTE RJ45 socket Ethernet Pin1 RD Pin2 RD Pin3 TD Pin4 Not connected Pin5 Not connected Pin6 TD Pin7 Not connected Pin8 Not connected 1 8 1 8 ...

Page 105: ...d by copyright Translations reproduction copying and storage in data processing systems require the explicit approval of SIEMENS AG 2005 SIEMENS AG All rights reserved SIEMENS Automation and Drives www siemens de Specifications are subject to change without notice Product no 3172 Doc no 3172AD001 Rev 1 1 ...

Reviews: