XiNCOM XC-DPG603, User Manual

Page 1: ... CUTTING EDGE INNOVATIONS Twin WAN DNS IP VPN Gateway ...

Page 2: ...AN PCs 14 Advanced Port 16 Port Options 17 Load Balance 18 Advanced PPPoE 19 Advanced PPTP 20 Advanced Setup 21 Host IP Setup 22 Virtual Server 23 Custom Virtual Server 24 Special Applications 25 Dynamic DNS 26 Multi DMZ 27 UPnP 27 Advanced Features 28 Security Management 30 Block URL 31 Access Filter 31 Session Limit 32 Firewall Exception 32 XC DPG603 Twin WAN DNS IP VPN Gateway 2 ...

Page 3: ...ver Configuration 40 Map Host URL 42 Management Assistant 43 SNMP 43 Email Alert 43 Syslog 44 Upgrade Firmware 45 Operation Status 47 System Status 47 Restore Factory Defaults 48 WAN Status 48 LAN Status 48 Advanced LAN Configuration 49 Existing DHCP Server 49 Static Routing 50 Appendices 52 Appendix A 52 Appendix B 53 Appendix C 56 3 ...

Page 4: ...width and redundancy Using two separate ISPs provides redundant connectivity to the Internet In the event that one ISP goes down the XC DPG603 auto fails over to the other ISP service Redundancy to the Internet provides a truly uninterrupted connection for a business s customers while maintaining uptime and productivity for its employees Robust Security Features The XC DPG603 also features NAT a S...

Page 5: ...ters DMZ DDNS Remote Management Dynamic or Static Routing Special Applications Virtual Servers SNMPv1 Access Filter Gain fine control over the Internet access and applications available to LAN users with a powerful URL Blocking Engine Five 5 user groups are available and each group can have different access rights Block URL Use this feature to block access to undesirable Web sites by LAN users You ...

Page 6: ...are Upgrade and backup The web management feature allows you to use HTTP to upgrade new firmware and backup system configuration from local or remote locations Email Alert The XC DPG603 will send an alert via email to the system administrator in the event a single or both WAN connections go down Syslog Generates real time system information on the web page or sends to a particular computer This is u...

Page 7: ... connection to the Broadband modem on WAN port 1 2 established OFF No physical connection on WAN port 1 2 10M 100M ON Physical connection using 100BaseT on WAN port 1 2 established OFF 10BaseT connection or no connection on WAN port 1 2 LAN LINK ACT ON Physical connection or data in out OFF No physical connection 10M 100M ON The corresponding LAN port is using 100BaseT OFF 10BaseT connection on th...

Page 8: ...m on WAN 2 LAN Ports Connect the PCs to these ports Both 10BaseT and 100BaseT connections can be used simultaneously Note Any port will automatically operate as an Uplink port if required Use a standard RJ 45 Ethernet cable to connect to any port to another hub or switch Reset Button Press the Reset button once for a warm reboot To reset the XC DPG603 to default settings press and hold the reset b...

Page 9: ...our LAN to use the XC DPG603 Requirements One or two Broadband modems T1 xDSL Cable and Satillite with an active account from your ISP s Two standard 10 100BaseT network UTP cables with RJ 45 connectors TCP IP network protocol must be installed on all PCs XC DPG603 Twin WAN DNS IP VPN Gateway Chapter Contents Overview Procedure 1 Configuring your LAN 2 Connecting Broadband Modems 3 Configuring for I...

Page 10: ...ways set to admin You can and should set a password using the following Admin Password screen After the login you will then see the Admin Password screen as shown in Figure 2 Assign a password in both the Password and Verify Password fields and press the Submit button From the setup menu select Basic Setup and then LAN DHCP from the submenu You will see a screen like the example in Figure 3 No Resp...

Page 11: ... the local LAN Use the defualt value unless the address is already in use or your LAN is using a different IP addres range In the latter case enter an unused IP Address from within the range used by you LAN DPG603 is attached the same value as the PCs on that LAN segment DHCP Server Setup If Enabled the XC DPG603 will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The def...

Page 12: ...d simultaneously Use a standard CAT 5 Ethernet cable to connect any port on the XC DPG603 to a standard port on another hub Any LAN port on the will automatically act as an Uplink port when required Power Up Power on the Cable or DSL modem s Connect the supplied power adapter to the XC DPG603 and power up Check the LEDs The Power LED should be ON The WAN Link LED should be ON when the correspondin...

Page 13: ...ethod select Static IP or Dynamic IP to correspond to the IP address method used by your ISP Address Info This is for Static IP users only Enter the address information provided by your ISP If your ISP provided multiple IP address you can use the Multi DMZ screen to assign the additional IP addresses PPPoE PPTP Dialup This is for PPPoE and PPTP users only Enter the Username and Password provided b...

Page 14: ...ing Local area network Internet Configuration screen are unchecked Check the No option when prompted Do you want to set up an Internet mail account now Click Finish to close the Internet Connection Wizard Setup is now completed 1 2 3 4 5 6 For Windows XP Select Start Menu Control Panel Network and Internet Connections Select Set up or change your Internet Connection Select the Connection tab and cl...

Page 15: ...re you are logged in as root before attempting any changes Fixed IP Address By default most Unix installations use a fixed IP Address If you wish to continue using a fixed IP Address make the following changes to your configuration Set your Default Gateway to the IP Address of the XC DPG603 Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may va...

Page 16: ...determine the proportion of WAN traffic sent through each port Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WAN ports It can also be used to manually connect or disconnect a PPPoE session Otherwise this screen can be ignored Advanced PPTP setup is required if using the PPTP connection method XC DPG603 Twin WAN DNS IP VPN Gateway Chapter Contents Overvi...

Page 17: ...ed whenever outgoing WAN traffic is detected If not Enabled you must establish a connection manually Auto Disconnect This determines when an idle connection will be terminated Enter the required time period Echo Time This determines how often an Echo request is sent to the PPPoE server The Echo request is used to determine if the connection is still valid Normally there is no need to change the def...

Page 18: ... very general setting only to be used if you have similar types of connections Cable and Cable DSL and DSL to promote good Internet traffic Settings Load Balance Load Balance Configuration Enable Use this to enable your Load Balance settings Balance Type Select the desired Balance Type Bytes rx tx Traffic is measured by Bytes Packets rx tx Traffic is measured by Packets Sessions established Traffic is ...

Page 19: ...ter the PPPoE password assigned by your ISP IP Address If you have a fixed IP address enter it here Otherwise this field should be left at 0 0 0 0 Host Name This field is used by a Host to uniquely associate an access concentrator to a particular Host request Action Use the Connect and Disconnect buttons to establish or terminate a connection on this session Connection Status This displays the curren...

Page 20: ...ted with the User Name above This is assigned by your ISP and used to login to the PPTP Server Verify Password Re enter the PPTP password assigned by your ISP IP Address Enter the IP address of the PPTP Server This is provided by your ISP Static IP Address If you have a fixed IP address enter if here Otherwise this field should be left at 0 0 0 0 Action Use the Connect and Disconnect buttons to esta...

Page 21: ...Server Special Applications Dynamic DNS Multi DMZ Advanced Features UPnP This chapter contains details of the configuration and use of each of these features XC DPG603 Twin WAN DNS IP VPN Gateway Chapter Contents Host IP Setup Virtual Server Custom Virtual Server Special Applications Dynamic DNS Multi DMZ Advanced Features UPnP ...

Page 22: ...fined on the Host itself MAC Address Also called Physical Address or Network Adapter Address Enter the MAC address of this host Select Group Select the group you wish to put this host into Reserve in DHCP Select Enable to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this Obtain an IP address automatically while having an IP address...

Page 23: ...dress This IP Address is allocated by your ISP This address should be static rather than dynamic to make it easier for Internet users to connect to your Servers However you can use the Dynamic DNS feature explained later in this chapter to allow users to connect to your Virtual Servers using a URL instead of an IP Address e g HTTP my_domain_name dyndns org FTP my_domain_name dyndns org Settings Vi...

Page 24: ...re Protocol Type Select the network protocol used by this sever type LAN Port Range Enter the range of port number used for outgoing traffic from this Server If only a single port is required enter it in both fields WAN Port Range Enter the range of port number used for incoming traffic to this Server If only a single port is required enter it in both fields Interface Binding This selection allows the...

Page 25: ...or data being recieved enter the beginning and end of the range of port numbers used by the application server If the application uses a single port number enter it in both fields Buttons Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry Cancel Cancel any changes you have made since the last save operation Special ...

Page 26: ...ustom Dynamic DNS Service If you have registered for this service complete these fields Key Enter your Key as recorded on the TZO Web site E mail Enter your E mail address as recorded on the TZO Web site Domain Enter the domain name allocated to you by TZO Standard Client or 3322 If you have registered for this service complete these fields User Name Enter the user name given by the service provider...

Page 27: ...ved See the Host IP section for details on reserving an IP address For Dynamic IP WAN Select the desired WAN port Session Select DHCP if the IP address on this WAN port is dynamically assigned You can only select assign one 1 Private LAN IP address to each port If using multi session PPPoE select the desired PPPoE session These sessions are defined on the Advanced PPPoE screen You can assign one 1 ...

Page 28: ...Internet IP addresses and not addresses on the local LAN To specify a single address enter it in both fields External Filters Configuration These settings determine whether or not the XC DPG603 should respond to ICMP ping requests received from the WAN port Block Selected packet types This acts as master switch If checked the selected packet types are blocked Otherwise they are accepted Echo Request...

Page 29: ...Browser 3 In the Address bar enter HTTP Internet IP Address of the XC DPG603 The Port number is also required After the IP Address enter followed by the port number e g HTTP 123 123 123 123 8080 This example assumes the WAN IP Address is 123 123 123 123 and the port number is 8080 If using the Dynamic DNS feature you can connect using the domain name allocated to you e g HTTP my_domain_name dyndns...

Page 30: ...ccess well known ports or block user define ports by groups Session Limit Eliminate users Internet access and send email alert to the administrator if the device detects new sessions that exceeds the maximum sampling time Firewall Exception XC DPG603 Twin WAN DNS IP VPN Gateway Chapter Contents Block URL Access Filter Session Limit Firewall Exception 30 ...

Page 31: ...P address is checked against IP address entries on this screen Note that a single IP address may host many Web sites Entering the IP address on this screen will block all Web sites hosted on that IP address Settings Block URL Access Filter The network Administrator can use the Access Filter to gain fine control over the Internet access and applications available to LAN users Five 5 user groups are ...

Page 32: ...y system protocol stack Settings Firewall Exception Enable The check box can allow you enable or disable firewall exception Interface You can select LAN WAN1 WAN2 or ALL interfaces to be process by the system protocol stack Protocol There are six protocols UDP TCP ICMP GRE ESP AH to choose from This allows packets to be directly processed by the system protocol stack Foreign Port Range Select forei...

Page 33: ...e some packets to have higher priority to pass through Settings Policy Configuration Network Admission Policy This section identifies each policy Policy Name List Ignore this list when adding a new Policy To edit an existing entry select it from the list and click the Select button The data fields will then be updated with data for the selected entry Policy Name Enter a suitable name Generally you sh...

Page 34: ...P VPN Gateway Chapter Contents Overview IPSec Global Setting Policy Setup Note The XC DPG603 VPN Gateway uses the industry standard IPSec VPN protocol Due to variations in how manufactures interpret these standards many VPN products are not interoperable Although the XiNCOM XC DPG603 VPN Gateway can interoperate with many other VPN products it is not possible for XiNCOM to provide specific technica...

Page 35: ... phase 1 is to authenticate and establish a secure tunnel which will protect further IKE negotiation The maximum time default is 30 sec Maxtime to complete phase 2 Maximum time to establish the IPSec SAs By default the maximum time is 30 sec Log Level Select a VPN log level that you like to display on VPN log Planning the VPN Consider these questions and setups when planning your VPN If the remote...

Page 36: ...and the hosts of which can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN LAN to LAN connection Remote Security Network These entries identify the private network on the remote peer VPN router whose hosts can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN connection Remot...

Page 37: ...ime This specifies the lifetime of the IKE generated Key If the time expires or data is passed over this volume a new key will be renegotiated By default 0 is set for no limit Options NetBIOS Broadcast This is used to forward NetBIOS broadcast across the Internet Keep Alive This is to help maintain the IPSec connection tunnel It can be re established immediately if a connection is dropped Anti Repl...

Page 38: ... address of the web server The XC DPG603 manipulates the last step based on a few factors such as current bandwidth load balance type and load share percentage Advanced Port Load Balance menu When a request comes in to your domain name the XC DPG603 looks at these factors to determine which WAN port should be used to access the server When the traffic load is higher on WAN 1 the XC DPG603 will repl...

Page 39: ... on WAN 1 and WAN 2 The Load Balance Algorithm is applied to the request This holds the Gateway s user preferences and setting values including load share and load balance type The Load Balancing Algorithm determines that WAN 2 has the least amount of traffic sessions and therefore instructs the DNS Module to use WAN 2 A reply from the Gateway is then sent back through WAN 1 to the source of the DN...

Page 40: ...iNCOM XC DPG603 main menu Select Configure DNS 2 In the Configure DNS section enter you domain name server host configuration Submit the changes Setup DNS Server This option lets you select which DNS server you want the entry to belong to SOA Record Domain Name Sets your registered domain name Primary Name Server This sets the primary name server for your domain Example NS1 yourdomain com Admin Mail ...

Page 41: ... IP address for the domain name on the specified WAN Port MX Record Mail Exchange This sets the mail route for the domain name Preference 1 2 This sets the route preference The lower number will have the higher priority Location This sets the location for either the public or private IP IP Address The user can set the IP address of the public or private mail server Domain Name Configuration 41 ...

Page 42: ...which DNS server you want the entry to belong Private IP Address Home IP Address of the server binded to the domain name Port Range Port range used by the server of the selected domain name Public WAN IP Address IP address for the domain name on WAN 1 if different from the Primary Setup Public WAN IP Address IP address for the domain name on WAN 1 if different from the Primary Setup CNAME Record C...

Page 43: ...to the system administrator and inform that one of the WAN ports was disconnected Email Alert Enable This will enable email alert to send an warning email when WAN port was disconnected Disable This will disable email alert not to send an warning email when WAN port was disconnected Email Sender Address Email Sender Address An email address that sends a warning email to a recipient The warning ema...

Page 44: ...ou where to send system information to another machine or not There are up to three machines you can choose to send your system log to Message Status Messages send only keep when keep send message checked The XC DPG603 keeps last 100 messages in the RAM These messages will clear when reboot or powered off Syslog Configuration Syslog Global Enable This allows the XC DPG603 to send system log message...

Page 45: ...e firmware on your XC DPG603 you must first download the firmware from the XiNCOM Support web page http www xincom com support You will need an unzipping utility such as WinZip www winzip com or WinRAR www rarlab com to extract the contents of the file Included will be a README file usually README txt TFTP tftp exe utility and the firmware file name bin Backup your configuration When you update the firmwar...

Page 46: ... 1 Open the TFTP utility by double clicking on it 2 Enter the Gateways IP address Default is 192 168 1 1 3 Click the Browse button and select the configuration file 4 Click the Download button It could take up to 1 to 3 minutes to upload the configuration after which the Gateway will reboot Example of how to configure to upload previously saved configuration HTTP Upgrade Firmware The Upgrade Firmware S...

Page 47: ...DPG603 Subnet Mask The Network Mask Subnet Mask for the IP Address above MAC Address The MAC physical address of the XC DPG603 when seen from the local LAN DHCP Server The status of the DHCP Server function either Enabled or Disabled Device Information Firmware Version Version of the Firmware currently installed NAT Status of the NAT feature either Enable or Disable Load Balance Status of the Load...

Page 48: ...ds on each WAN port Check NAT Detail will display the NAT Status screen described below Interface Statistics This section displays cumulative statistics Use the Restart Counter button to restart these counters when required NAT Status LAN IP Info IP Address The LAN IP Address of the XC DPG603 Mask Address The Network Mask Subnet Mask for the IP Address above Active WAN IP Info There is one 1 row f...

Page 49: ... you wish to continue using it the following configuration is required The DHCP Server function in the XC DPG603 must be disabled This setting is on the LAN DHCP screen Your DHCP Server must be configured to provide the XC DPG603 s LAN IP address as the Default Gateway Your DHCP Server must provide correct DNS addresses to the PCs XC DPG603 Twin WAN DNS IP VPN Gateway Chapter Contents Overview Exist...

Page 50: ...he screen will then update with the data for the selected entry If the Index is 0 this is a System entry which you can neither delete nor modify Network Address The network address of the remote LAN segment For standard class C LANs the network address is the first 3 fields of the Destination IP Address The 4th last field can be left at 0 Netmask The Network Mask for the remote LAN segment For class ...

Page 51: ...ces not on the local LAN must be forwarded to the XC DPG603 so that they can be forwarded to the Internet This is done by configuring other Routers to use the XC DPG603 as the Default Route or Default Gateway as illustrated by the example below Configuration settings for the LAN shown with 2 routers and 3 LAN segments the XC DPG603 requires 2 entries as follows For Router A s Default Route Destinati...

Page 52: ...ment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation CE Marking Warning This is a Class A product In a domestic environment this product may cause radio interference in which case the u...

Page 53: ...wing Figure A Network Configuration 2 Select the TCP IP protocol for your network card 3 Click on the Properties button You should then see a screen as showed in Figure B Figure B IP Address Windows 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows settings Restart your PC to ensure it ...

Page 54: ...en see a screen like the following Figure F TCP IP Properties Windows 2000 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows settings Restart your PC to ensure it obtains an IP Address from the XC DPG603 Using a fixed IP Address Use the following IP Address If your PC is already configured check wit...

Page 55: ...ing DHCP To use DHCP select the radio button obtain an IP Address automatically This is the default Windows settings Restart your PC to ensure it obtains an IP Address from the XC DPG603 Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter the IP address of the XC DPG603 in the Default g...

Page 56: ...TCP IP protocol Internet Access Problem 1 When I enter a URL or IP address I get a time out error Solution 1 A number of things could be causing this Try the following troubleshooting steps Check if other PCs work If they do ensure that your PCs IP settings are correct If using a Fixed Static IP Address check the Network Mask Default gateway and DNS as well as the IP Address If the PCs are configur...