AirLive IP-2000VPN User Manual Download Page 1

Page: 1 / 177

6. Specifications

AirLive WLA-9000AP User’s Manual

IP-2000VPN

Internet VPN Router

User’s Manual

Summary of Contents for IP-2000VPN

Page 1: ...6 Specifications 1 AirLive WLA 9000AP User s Manual IP 2000VPN Internet VPN Router User s Manual ...

Page 2: ...d by household appliances and similar electrical equipment Harmonics Disturbances in supply systems caused by household appliances and similar electrical equipment Voltage fluctuations Information Technology equipment Immunity characteristics Limits And methods of measurement Manufacturer Importer Position Title Vice President OvisLink Corp 5F NO 6 Lane 130 Min Chuan Rd Hsin Tien City Taipei Count...

Page 3: ...s aplicables o exigibles de la Directiva 1999 5 CE pt Português Portuguese OvisLink Corp declara que este AirLive IP 2000VPN está conforme com os requisitos essenciais e outras disposições da Directiva 1999 5 CE el Ελληνική Greek ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ OvisLink Corp ΔΗΛΩΝΕΙ ΟΤΙ AirLive IP 2000VPN ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999 5 ΕΚ sl Slovens...

Page 4: ...ound to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against radio interference in a commercial environment This equipment can generate use and radiate radio frequency energy and if not installed and used in accordance with the instructions in this manual may cause harmful interference to radio c...

Page 5: ...n 37 5 2 Access Control 39 5 3 Firewall Rule 42 5 4 Logs 46 5 5 E mail 49 5 6 Security Options 51 5 7 Scheduling 53 5 8 Services 54 Chapter 6 IPSec VPN 55 6 1 Common VPN Situations 55 6 2 VPN Configuration 57 6 3 Certificates 67 6 4 CLRs 73 6 5 Status 74 Chapter 7 Microsoft VPN PPTP 75 7 1 PPTP Server 75 7 2 Windows PPTP Clients Setup 79 Chapter 8 VPN Example 92 8 1 Office to office IPSec VPN Conn...

Page 6: ... 9 5 Connection Status Fixed Dynamic IP Address 142 9 6 Connection Status L2TP 144 Chapter 10 Other Features Settings 146 10 1 Config file 146 10 2 Network Diagnostics 148 10 3 PC Database 149 10 4 Remote Administration 152 10 5 Routing 154 10 6 Upgrade Firmware 158 10 7 UPnP 159 Appendix A PC Configuration 160 Appendix B VPN Overview 169 Appendix C Troubleshooting 172 Appendix D Specifications 17...

Page 7: ...n deploy AirLive IP 2000VPN in several environment such as SMB office branch office SOHO user and the home user Recommendation before starting to configure IP 2000VPN If you want to configure WAN interface first Please refer to Chapter 3 1 Setup Wizard and follow the steps to configure WAN interface You also can refer to Chapter 4 1 WAN Port to configure WAN interface directly if you are an experi...

Page 8: ...om modifying the configuration data and settings NAT Protection An intrinsic side effect of NAT Network Address Translation technology is that by allowing all LAN users to share a single IP address the location and even the existence of each PC is hidden From the external viewpoint there is no network only a single device the IP 2000VPN Stateful Inspection Firewall All incoming data packets are mo...

Page 9: ...N while allowing your Servers to be accessed from the Internet URL Filter Use the URL Filter to block access to undesirable Web sites by LAN users Internet Access Log See which Internet connections have been made VPN Pass through Support PCs with VPN Virtual Private Networking software using PPTP L2TP and IPSec are transparently supported no configuration is required Internet Access Features Share...

Page 10: ...ort Used when allowing Servers on your LAN to be accessed from the Internet the DMZ port provides additional protection for both your Servers and your LAN Configuration Management Easy Setup Use your WEB browser from anywhere on the LAN or WLAN for configuration Remote Management The IP 2000VPN can be managed from any PC on your LAN And if the Internet connection exists it can also optionally be c...

Page 11: ...10BaseT and 100BaseTX connections can be used simultaneously If required you can connect any LAN port to another Hub Any LAN port on the IP 2000VPN will automatically function as an Uplink port when required Just connect any LAN port to a normal port on the other hub using a standard LAN cable If desired connect a PC server to the DMZ port To use multiple servers use a standard LAN cable to connec...

Page 12: ...should be ON provided the PC is also ON If a PC is connected to the DMZ port the DMZ port s Link Act LED should be ON provided the PC is also ON The WAN LED should be ON 6 Router s default IP The default IP address of router s LAN port is IP Address 192 168 1 1 Subnet Mask 255 255 255 0 For Web Management please configure client PC as DHCP client to obtain IP address from IP 2000VPN After configur...

Page 13: ...LAN port is sending or receiving data 100 LAN DMZ Link rate Orange On Data is transmitting in 100Mbps on the corresponding port Port Button Description Power Connect the supplied power adapter DC12V 1A here WAN The port where you will connect your cable or xDSL modem or Ethernet router LAN 1 3 The ports where you will connect networked computers and other devices DMZ PCs or devices connected to th...

Page 14: ...e same LAN segment as PCs connected to the LAN ports They must use the same IP address range PCs connected to the DMZ port are NOT visible to PCs on the LAN ports So you cannot use Microsoft networking or other networking protocols to connect to PCs on the DMZ The connection must be made via the Internet PCs connected to the DMZ port still share the WAN port IP address for Internet access To make ...

Page 15: ...nstructions for the required functions To Do this Refer to Configure PCs on your LAN Appendix A PC Configuration Use any of the following Internet features WAN Port Advanced Setup Dynamic DNS Virtual Servers Options Chapter 4 Internet Features Change any of the following Security related settings Admin Login Access Control Firewall Rules Logs E mail Security Options Scheduling Services Chapter 5 S...

Page 16: ...2000VPN or on the same LAN segment The IP 2000VPN must be installed and powered ON If the IP 2000VPN s default IP Address 192 168 1 1 is already used by another device the other device must be turned OFF until the IP 2000VPN is allocated a new IP Address during configuration Using UPnP If your Windows system supports UPnP an icon for the IP 2000VPN will appear in the system tray notifying you that...

Page 17: ... following The IP 2000VPN is properly installed LAN connection is OK and it is powered ON You can test the connection by using the Ping command Open the MS DOS window or command prompt window Enter the command ping 192 168 1 1 If no response is received either the connection is not working or your PC s IP address is not compatible with the IP 2000VPN s IP Address See next item If your PC is using ...

Page 18: ...he Home screen shown below Use the menu bar on the top of the screen and the Back button on your Browser for navigation Changing to another screen without clicking Save does NOT save any changes you may have made You must Save before changing screens or your data will be ignored On each screen clicking the Help button will display help for that screen From any help screen you can access the list o...

Page 19: ...onnect to you ISP Usually none However some ISP s may require you to use a particular Hostname Domain name or MAC physical address None Static IP Address Your ISP allocates a permanent IP Address to you IP Address mask gateway and DNS address allocated to you Some ISP s may also require you to use a particular Hostname Domain name or MAC physical address Dynamic IP Address Your IP Address is alloc...

Page 20: ... allocated automatically PPTP Server IP Address User name and password PPTP Static IP Address Your ISP allocates a permanent IP Address to you PPTP Server IP Address User name and password IP Address allocated to you Dynamic IP Address You connect to the ISP only when required The IP address is usually allocated automatically L2TP Server IP Address or domain name User name and password L2TP Static...

Page 21: ...y and DNS address allocated to you Telstra Big Pond Cable Australia Type Details ISP Data required Dynamic IP Address Your IP Address is allocated automatically when you connect to you ISP Big Pond Server IP Address User name and password Static IP Address Your ISP allocates a permanent IP Address to you Big Pond Server IP Address User name and password IP Address allocated to you AirLive IP 2000V...

Page 22: ...SingTel RAS For this connection method the following data is required User Name Password RAS Plan AirLive IP 2000VPN User s Manual 19 ...

Page 23: ...matically when you connect to you ISP Usually none However some ISP s may require you to use a particular Hostname Domain name or MAC physical address Static IP Address Your ISP allocates a permanent IP Address to you IP Address mask gateway and DNS address allocated to you AirLive IP 2000VPN User s Manual 20 ...

Page 24: ... DHCP Server If enabled the IP 2000VPN will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The default and recommended value is Enabled If you are already using a DHCP Server this setting must be disabled and the existing DHCP server must be re configured to treat the IP 2000VPN as the default Gateway See the following section for further details The Start IP Address and ...

Page 25: ...s DHCP Server This is the default setting The DHCP Server settings are on the LAN screen On this screen you can Enable or Disable the IP 2000VPN s DHCP Server function Set the range of IP Addresses allocated to PCs by the DHCP Server function You can assign Fixed IP Addresses to some devices while using DHCP provided that the Fixed IP Addresses are NOT within the range used by the DHCP Server Usin...

Page 26: ...ify which PC receives an incoming connection Refer to Chapter 4 Internet Features for further details Applications which use non standard connections or port numbers may be blocked by the IP 2000VPN s built in firewall You can define such applications as Special Applications to allow them to function normally Refer to Chapter 4 Internet Features for further details Some non standard applications m...

Page 27: ...Overview The following advanced features are provided WAN Port Configuration Advanced Internet Communication Applications Special Applications Multi DMZ URL filter Dynamic DNS Virtual Servers Options WAN Port Configuration The WAN Port Configuration screen provides an alternative to using the Wizard It can be accessed from the Internet menu An example screen is shown below ...

Page 28: ...e most common Leave this selected if your ISP allocates an IP Address to the IP 2000VPN upon connection Specified IP Address Also called Static IP Address Select this if your ISP has allocated you a fixed IP Address If this option is selected the following data must be entered IP Address The IP Address allocated by the ISP Network Mask Not required for PPPoE This is also supplied by your ISP It mu...

Page 29: ...e to connect and login This software is no longer required and should not be used PPTP this is mainly used in Europe You need to know the PPTP Server address as well as your name and password L2TP You need to know the L2TP Server address as well as your name and password Big Pond Cable for Australia only SingTel RAS for Singapore only Login User Name The User Name or account name provided by your ...

Page 30: ...ove is Automatic Connect Disconnect If Auto disconnect is being used enter the desired idle time out period in minutes After the connection to your ISP has been idle for this time period the connection will be terminated 4 2 Advanced Internet This screen allows configuration of all advanced features relating to Internet access Communication Applications Special Applications Multi DMZ URL Filter Ai...

Page 31: ...ch application listed above you can choose a destination PC There is no need to Save after each change you can set the destination PC for each application then click Save Special Applications If you use Internet applications with non standard connections or port numbers you may find that they do not function correctly because they are blocked by the IP 2000VPN s firewall In this case you can defin...

Page 32: ... the application server for data you send to it If the application uses a single port number enter it in both the Start and Finish fields Finish Enter the end of the range of port numbers used by the application server for data you send to it If the application uses a single port number enter it in both the Start and Finish fields Using a Special Application Configure the Special Applications scre...

Page 33: ... vulnerable to attacks For this reason you should only enable the DMZ feature when required URL Filter The URL Filter allows you to block access to undesirable Web site To use this feature you must define filter strings If the filter string appears in a requested URL the request is blocked Enabling the URL Filter also affects the Internet Access Log If Enabled the Destination field in the log will...

Page 34: ...rtual Server feature It allows Internet users to connect to your Virtual Servers using a URL rather than an IP Address This also solves the problem of having a dynamic IP address With a dynamic IP address your IP address may change whenever you connect which makes it difficult to connect to you The Service works as follows 1 You must register for the service at one of the listed DDNS Service provi...

Page 35: ...Provider You do NOT need to use the Client program provided by some DDNS Service providers From the Internet users will now be able to connect to your Virtual Servers or DMZ PC using your Domain name DDNS Data DDNS Service Select the desired DDNS Service provider User Name Enter your Username for the DDNS Service Password Key Enter your current password for the DDNS Service Domain Name Enter the d...

Page 36: ... connect to your servers as illustrated below IP address seen by Internet Users Note that in this illustration both Internet users are connecting to the same IP Address but using different protocols To Internet users all virtual Servers on your LAN have the same IP Address This IP Address is allocated by your ISP This address should be static rather than dynamic to make it easier for Internet user...

Page 37: ... from the Internet WAN to the DMZ is automatically created If the Server is connected to the LAN switch ports you must add the firewall rule manually The DMZ port is a normal port not an uplink port If connecting to a switch connect to the standard port on the switch Virtual Server Screen The Virtual Servers screen is reached by the Virtual Servers link on the Internet menu An example screen is sh...

Page 38: ...r software Defining your own Virtual Servers If the type of Server you wish to use is not listed on the Virtual Servers screen you can use the Firewall Rules to allow particular incoming traffic and forward it to a specified PC Server Connecting to the Virtual Servers Once configured anyone on the Internet can connect to your Virtual Servers They must use the Internet IP Address the IP Address all...

Page 39: ...These DNS will be used only if the primary DNS is unavailable MTU MTU size MTU Maximum Transmission Unit value should only be changed if advised to do so by Technical Support Enter a value between 1 and 1500 This device will still auto negotiate with the remote server to set the MTU size The smaller of the 2 values auto negotiated or entered here will be used For direct connections not PPPoE or PP...

Page 40: ...ogs E mail Security Options Scheduling Services 5 1 Admin Login The Admin Login screen allows you to assign a user name and password to the IP 2000VPN 1 The default login name is admin Change this to the desired value 2 The default password is airlive Enter the desired password in the New Password and Verify Password fields 3 Save your changes You will see a login prompt when you connect to the IP...

Page 41: ...Enter the User Name and Password you set on the Admin Login screen above AirLive IP 2000VPN User s Manual 38 ...

Page 42: ...ictions on the Default group All PCs are in the Default group unless explicitly moved to another group 2 Set the desired restrictions on the other groups Group 1 Group 2 Group 3 and Group 4 as needed 3 Assign PC to the groups as required Restrictions are imposed by blocking Services or types of connections All common Services are pre defined If required you can also define your own Services Access...

Page 43: ...ich Services are to block Use this to gain fine control over the Internet access for a group Block by Schedule If Internet access is being blocked you can choose to apply the blocking only during scheduled times If access is not blocked no Scheduling is possible and this setting has no effect To define the schedule use the Schedule option on the menu Services This lists all defined Services Select...

Page 44: ...n of the Access Control feature an Access Control Log is provided Click the View Log button on the Access Control screen to view this log This log shows attempted Internet accesses which have been blocked by the Access Control function Data shown in this log is as follows Access Control Log Date Time Date and Time of the attempted access Name If known the name of the PC whose access was blocked Th...

Page 45: ...c But incorrect configuration may cause serious problems This feature is for advanced administrators only Firewall Rules Screen Click the Firewall Rules option on the Security menu to see a screen like the following example This example contains two 2 rules for outgoing traffic Since the default rule for outgoing LAN WAN traffic is Allow having an Allow rule for LAN WAN only makes sense in combina...

Page 46: ...ck Add To add a new rule click the Add button and complete the resulting screen See the following section for more details Edit To Edit or modify an existing rule select it and click the Edit button Move There are 2 ways to change the order of rules Use the up and down indicators on the right to move the selected rule You must confirm your changes by clicking OK If you change your mind before clic...

Page 47: ...Define Firewall Rule Clicking the Add button in the Firewall Rules screen will display a screen like the example below AirLive IP 2000VPN User s Manual 44 ...

Page 48: ...d Dest IP These settings determine which traffic based on their destination IP address is covered by this rule Select the desired option Any All traffic from the source port is covered by this rule Single address Enter the required IP address in the Start IP address field You can ignore the Subnet Mask field Range address If this option is selected you must complete both the Start IP address and F...

Page 49: ...l for troubleshooting but enabling all logs will generate a large amount of data and adversely affect performance Since only a limited amount of log data can be stored in the IP 2000VPN log data can also be E mailed to your PC or sent to a Syslog Server AirLive IP 2000VPN User s Manual 46 ...

Page 50: ...going TCP IP connections of any type This will generate the largest logs and fill the internal log buffer more quickly All TCP UDP ICMP traffic These 3 protocols are used by most internet traffic TCP is used by HTTP FTP Telnet E mail and other common Internet protocols and applications UDP is used by Video streams and other communications where speed is more important than guaranteed delivery ICMP...

Page 51: ...all This Firewall uses Stateful Inspection technology to block packets which are individually valid but collectively form an attack Port scans where a series of ports are checked to see if they are opened available and also logged VPN If enabled the VPN log will record incoming and outgoing VPN connections View Log Button Use this to view each log as required Clear Log Button Use this to restart t...

Page 52: ...the desired option for sending the log by E mail When log is full The time is not fixed The log will be sent when the log is full which will depend on the volume of traffic Every day Every Monday The log is sent on the interval specified If Every day is selected the log is sent at the time specified If the day is specified the log is sent once per week on the specified day Select the time of day y...

Page 53: ...o be shown in the Subject field for the E mail SMTP Server Enter the address or address or IP address of the SMTP Simple Mail Transport Protocol Server you use for outgoing E mail Port No Enter the port number used to connect to the SMTP Server The default value is 25 ...

Page 54: ...is device uses Stateful Inspection technology This system can detect situations where individual TCP IP packets are valid but collectively they become a DoS attack Threshold This setting affects the number of half open connections allowed A half open connection arises when a remote client contacts the Server with a connection request but then does not reply to the Server s response While the optim...

Page 55: ...sed by VPN Virtual Private Networking programs L2TP L2TP is a protocol developed by Cisco for VPNs Virtual Private Networks Drop fragmented IP packets If enabled fragmented IP packets are discarded forcing re transmission of these packets In some situations this could prevent successful communication Normally this setting should be disabled Block TCP Flood A TCP flood is excessively large number o...

Page 56: ...r day is blank no action will be performed Define Schedule Screen This screen is accessed by the Scheduling link on the Security menu Data Define Schedule Screen Define Schedule Screen Day Each day of the week can be scheduled independently Session 1 Session 2 Two 2 separate sessions or periods can be defined Session 2 can be left blank if not required Start Time Enter the start using a 24 hr cloc...

Page 57: ...te Services you have added the pre defined services can not be deleted Add New Service Name Enter a suitable name for this Service Type Select the correct type for this Service Start Port If the Type above is TCP UDP or TCP UDP enter the port number for this Service If a port range is required enter the beginning of the range here and the end of the range in the Finish Port field Finish Port If th...

Page 58: ...s which are behind a NAT router and so have an IP address which is not valid on the Internet The Router Gateway requires no VPN configuration since it is not acting as a VPN endpoint Client to Office VPN Gateway In this situation the PC must run appropriate VPN client software in order to connect via the Internet to the IP 2000VPN Once connected the client PC has the same access to LAN resources a...

Page 59: ...N The 2 LANs MUST use different IP address ranges The VPN Policies at each end determine when a VPN tunnel will be established and what systems on the remote LAN can be accessed once the VPN connection is established It is possible to have simultaneous VPN connections to many remote sites AirLive IP 2000VPN User s Manual 56 ...

Page 60: ...atching policy for the traffic under consideration will be used Data VPN Policies Screen VPN List Policy Name The name of the policy When creating a policy you should select a suitable name Enable This indicates whether or not the policy is currently enabled Use the Enable Disable button to toggle the state of the selected policy Remote VPN Endpoint The IP address of the remote VPN endpoint Gatewa...

Page 61: ...y Enable Disable Use this to toggle the On Off state of the selected policy Copy If you wish to create a policy which is similar to an existing policy select the policy and click the Copy button Remember that the new policy must have a different name and there can only be one active enabled policy for each remote VPN endpoint Delete To delete an exiting policy select it and click the Delete button...

Page 62: ...NetBIOS is used by Microsoft Windows networking This setting should not be enabled unless necessary because it increases traffic volume Remote VPN Endpoint The Internet IP address of the remote VPN endpoint Gateway or client Dynamic Select this if the Internet IP address is unknown In this case only incoming connections are possible Fixed Select this if the remote endpoint has a fixed Internet IP ...

Page 63: ...would not be forwarded to the Gateway Local IP addresses Type Any no additional data is required Any IP address is acceptable For outgoing connections this allows any PC on LAN to use the VPN tunnel For incoming connections this allows any PC using the remote endpoint to access any PC on your LAN Single address enter an IP address in the Start IP address field Range address enter the starting IP a...

Page 64: ...r the desired IP address in the Start IP address field and the network mask in the Subnet Mask field The remote VPN should have these IP addresses entered as its Local addresses 3 Click Next to continue The screen you will see depends on whether you previously selected Manual Key Exchange or IKE Manual Key Exchange These settings must match the remote VPN You cannot use both AH and ESP at the same...

Page 65: ...gh the VPN tunnel Generally you will want to enable both Encryption and Authentication Encryption Algorithm The 3DES algorithm provides greater security than DES but is slower If using AES you must select the Key Size If using DES or 3DES this field is ignored Key In Key Out The In key here must match the Out key on the remote VPN and the Out key here must match the In key on the remote VPN For DE...

Page 66: ...e in SPI on the remote VPN Each SPI should be at least 3 characters For Manual Key Exchange configuration is now complete Click Next to view the final screen On the final screen click Finish to save your settings then Close to exit the Wizard IKE Phase 1 If you selected IKE the following screen is displayed after the Traffic Selector screen This screen sets the parameters for the IKE SA AirLive IP...

Page 67: ...alid Internet Domain Name E mail addresses are often used for this entry DER ANS 1 DN This must be a DER ANS 1 Domain Name Authentication RSA Signature requires that both VPN endpoints have valid Certificates issued by a CA Certification Authority For Pre shared key enter the same key value in both endpoints The key should be at least 8 characters maximum is 128 characters Note that this key is us...

Page 68: ... Select the desired method and ensure the remote VPN endpoint uses the same method The smaller bit size is slightly faster IKE PFS If enabled PFS Perfect Forward Security enhances security by changing the IPSec key at regular intervals and ensuring that each key has no relationship to the previous key Thus breaking 1 key will not assist in breaking the next key This setting should match the remote...

Page 69: ... enable it ensure the algorithm selected matches the other VPN endpoint ESP Encryption ESP Encapsulating Security Payload provides security for the payload data sent through the VPN tunnel Generally you will want to enable both ESP Encryption and ESP Authentication Select desired method and ensure remote VPN endpoint uses the same method The 3DES algorithm provides greater security than DES but is...

Page 70: ... the screen to choose which type of Certificate you wish to view Trusted Certificates Trusted Certificates Subject Name CA The Subject Name is always the company or person to whom the Certificate is issued For trusted certificates this will be a CA Issuer Name The CA Certification Authority which issued the Certificate Expiry Time The date on which the Certificate expires You should renew the Cert...

Page 71: ...the Add Trusted Certificate screen shown below 3 Click the Browse button and locate the certificate file on your PC 4 Select the file The name will appear in the Certificate File field 5 Click Upload to upload the certificate file to the IP 2000VPN 6 Click Back to return to the Trusted Certificate list The new Certificate will appear in the list Self Certificates AirLive IP 2000VPN User s Manual 6...

Page 72: ...e request in the list and upload the certificate file The request will then be deleted from this list and the Certificate will appear in the Active Self Certificates table If for some reason you never obtain the Certificate you can manually delete the request by using the Delete Request button Delete Request Button Use this to delete the selected certificate request Upload Certificate After you ha...

Page 73: ...l company name Generally all Certificates should have the same value in the Subject field Hash Algorithm Select the desired option Signature Algorithm Select the desired option RSA is recommended Signature Key Length Select the desired option Normally 1024 bits provides adequate security IP address Enter your public Internet IP address Domain Name This is optional If you have a domain name enter i...

Page 74: ... to the Self Certificates screen Your request will be listed under Self Certificate Requests 7 Apply for a Certificate Connect to the CA s web site Start the Self Certificate request procedure When prompted for the request data supply the data you copied and saved in step 5 above Submit the CA s form If there are no problems the Certificate will then be issued 8 After obtaining a new Certificate a...

Page 75: ...lick the Upload button to upload the certificate file to the IP 2000VPN Click Back to return to the Self Certificates screen The new Certificate will appear in the Active Self Certificates list 1 For the Certificate example file please refer to Chapter 7 4 2 IP 2000VPN Certificate function is not compatible with Cisco router AirLive IP 2000VPN User s Manual 72 ...

Page 76: ...dd a New CLRs 1 Obtain the CRL file from your CA 2 Select CRL from the VPN menu You will see a screen like the example below 3 Click the Add New CRL button You will see a screen like the following 4 Upload the CRL file Click the Browse button and locate the CRL file on your PC Select the file The name will appear in the File to Upload field Click Upload to upload the CRL file to the IP 2000VPN Cli...

Page 77: ...ique SPI For manual keys this SPI is specified by user input If using IKE the SPI is generated by the IKE negotiation process SA Type Each SAs Security Association will be either IKE or IPSec Policy Name The name of the VPN Policy which triggered this VPN connection VPN Endpoint The IP address of the remote VPN Endpoint Data Tx Measures the quantity of data which has been sent Transmitted via this...

Page 78: ...VPN which is described in the previous chapter Using Microsoft VPN provides easier setup than using IPSec VPN The following Microsoft VPN configuration screens are provided Server Clients Status 7 1 PPTP Server The IP 2000VPN incorporates a PPTP Peer to Peer Tunneling Protocol server which is compatible with the VPN Adapter provided with recent versions of Microsoft Windows Remote Windows clients ...

Page 79: ...The methods are listed with the most secure first least secure last If multiple methods are checked the most secure will be tried first If the remote client does not support this then the other checked methods are tried in order You must enable at least one method Client Database To login to the PPTP Server above using the Microsoft Windows VPN Adapter remote users must be entered in the VPN clien...

Page 80: ...ame when they connect The name must not contain spaces punctuation or special characters Login Password Enter the login password The remote user must provide this password when they connect Verify Password Re enter the password above Button Clear Form Use this to prepare the form for a new entry Any existing data will be cleared Add as New User Use this to save the data in the Properties area as a...

Page 81: ...cates whether or not the PPTP VPN Server is enabled Current Connections This indicates the number of remote clients currently logged into the PPTP VPN Server Server Log Server Log This displays details of each connection or connection attempt You can use the Clear Log button to re start the log making new messages easier to read AirLive IP 2000VPN User s Manual 78 ...

Page 82: ...ord on the VPN client database on the IP 2000VPN The remote client PC must be configured as described in the following sections It is assumed that remote users have a Broadband not dial up connection to the Internet Windows 98 ME 1 Click Start Settings Dial up Networking 2 Select Make New Connection 3 Type a name for this connection and ensure that Microsoft VPN Adapter is selected Click Next to c...

Page 83: ...g on it and selecting Properties To force all outgoing traffic to be sent via VPN enable the setting This is the default Internet connection on the Dialing tab Do NOT enable this setting if using Dial up or PPPoE client software To establish a connection 1 Ensure you are connected to the Internet 2 Select Start Settings Dial up Networking 3 Double click the new VPN entry in Dial up Networking 4 En...

Page 84: ...istrator rights before attempting this procedure 1 Open Network Connections and start the New Connection Wizard 2 Select the VPN option Connect to a private network through the Internet as shown above and click Next AirLive IP 2000VPN User s Manual 81 ...

Page 85: ... using a PPPoE software client select Automatically dial this initial connection and select the PPPoE connection Click Next to continue 4 On the screen above enter the Domain Name or Internet IP address of the IP 2000VPN you wish to connect to Click Next to continue AirLive IP 2000VPN User s Manual 82 ...

Page 86: ...orded in the VPN client database on the IP 2000VPN 3 You can choose to have Windows remember the password if desired so you do not have to enter it again Changing the connection settings The PPTP VPN Server in the IP 2000VPN is designed to work with the default Windows settings If necessary you can change the Windows settings by right clicking the VPN connection in Network Connections and selectin...

Page 87: ...ghts before attempting this procedure 1 Open Network Connections Start Settings Network Connections and start the New Connection Wizard 2 Select the option Connect to the network at my workplace as shown above and click Next AirLive IP 2000VPN User s Manual 84 ...

Page 88: ...the next screen shown above select the Virtual Private Network connection option Click Next to continue 4 Enter a suitable name for this connection Click Next to continue AirLive IP 2000VPN User s Manual 85 ...

Page 89: ...ct Do not dial the initial connection Click Next to continue 6 On the screen above enter the Domain Name or Internet IP address of the IP 2000VPN you wish to connect to Click Next to continue AirLive IP 2000VPN User s Manual 86 ...

Page 90: ...d password assigned to you as recorded in the VPN client database on the IP 2000VPN 3 You can choose to have Windows remember the password if desired so you do not have to enter it again Changing the connection settings The PPTP VPN Server in the IP 2000VPN is designed to work with the default Windows settings If necessary you can change the Windows settings by right clicking the VPN connection in...

Page 91: ...ed on with Administrator rights before attempting this procedure 1 Select Control Panel Æ Network and Sharing Center click Set up a connection or network 2 Select Connect to a workplace and press Next AirLive IP 2000VPN User s Manual 88 ...

Page 92: ...ternet connection VPN 4 If PC was configured to dial up ISP with PPPoE or else system will ask user to verify the connection which Internet connection will be used to connect Select the specific one and press Next AirLive IP 2000VPN User s Manual 89 ...

Page 93: ...n the PPTP server IP address in the screen Type the Internet address to connect to 6 Type in the user name and password of PPTP client and then press Connect to connect with PPTP server AirLive IP 2000VPN User s Manual 90 ...

Page 94: ... PPTP server user can see the following screen 8 Ping the IP 2000VPN LAN IP address 192 168 1 1 and the IP address 192 168 1 2 of PC connected to IP 2000VPN to verify the PPTP connection The result is fine AirLive IP 2000VPN User s Manual 91 ...

Page 95: ...ated by individual user Meanwhile user could also need to access office s data from home so administrator must offer a secure method for those users PPTP VPN is a simple and secure choice and most home users select to work with it We offer several VPN examples for your reference as the following the example you will understand how to configure the device and make the VPN tunnel working Chapter 8 1...

Page 96: ...PSec Site B WAN IP address 60 250 158 64 203 10 66 89 LAN IP Subnet 192 168 1 x 192 168 0 x Pre shared Key 12345678 12345678 IKE Encryption 3DES 3DES IKE Authentication MD5 MD5 DH Group Group 2 Group 2 ESP Encryption 3DES 3DES ESP Authentication MD5 MD5 The LANs MUST use different IP address ranges Step 1 IPSec VPN Site A Network Configuration AirLive IP 2000VPN User s Manual 93 ...

Page 97: ...nnel Remote Endpoint Fixed IP 203 10 66 89 Other endpoint s WAN Internet IP address Local IP addresses Subnet Address 192 168 1 0 255 255 255 0 Use a more restrictive definition if possible Remote IP addresses Subnet Address 192 168 0 0 255 255 255 0 Address range on other endpoint Use a more restrictive definition if possible Step 2 IPSec VPN Site A Authentication and Encryption 000VPN User s Man...

Page 98: ...d Pre shared Key 12345678 Certificates are not widely used IKE Authentication algorithm MD5 Must match with Site B IKE Encryption 3DES Must match with Site B IKE Exchange mode Main Mode Must match with Site B DH Group Group 2 1024 Bit Must match with Site B IKE SA Life time 180 Shorter period will be used IKE Keep Alive Enable 192 168 0 1 Used to set the LAN IP address of IP 2000VPN at Site B IKE ...

Page 99: ...ble Enable to allow NetBIOS passing through VPN tunnel Remote Endpoint Fixed IP 60 250 158 64 Other endpoint s WAN Internet IP address Local IP addresses Subnet Address 192 168 0 0 255 255 255 0 Use a more restrictive definition if possible Remote IP addresses Subnet Address 192 168 1 0 255 255 255 0 Address range on other endpoint Use a more restrictive definition if possible AirLive IP 2000VPN U...

Page 100: ...k 1 direction Local Identify WAN IP Address System will detect the IP address and fill in the form automatically It is the most common ID method Remote Identify Remote WAN IP Address System will detect the IP address and fill in the form automatically It is the most common ID method IKE Authentication Pre shared Key 12345678 Certificates are not widely used AirLive IP 2000VPN User s Manual 97 ...

Page 101: ...e A IKE SA Life time 180 Shorter period will be used IKE Keep Alive Enable 192 168 1 1 Used to set the LAN IP address of IP 2000VPN at Site A IKE PFS Disable Must match with Site A IPSec SA Parameters IPSec SA Life time 300 Shorter period will be used IPSec PFS Disable Must match with Site A AH Authentication Disable AH is rarely used ESP Authentication Enable MD5 Must match with Site A ESP Encryp...

Page 102: ...nvironment IP 2000VPN RS 1200 WAN IP address Airlive98 dyndns org 60 250 158 64 LAN IP Subnet 192 168 1 x 192 168 100 x Pre shared Key 12345678 12345678 IKE Encryption 3DES 3DES IKE Authentication MD5 MD5 DH Group Group 2 Group 2 ESP Encryption 3DES 3DES ESP Authentication MD5 MD5 Step 1 IP 2000VPN Network Configuration AirLive IP 2000VPN User s Manual 99 ...

Page 103: ...dns org The domain name resolved the other endpoint s WAN Internet IP address Local IP addresses Subnet Address 192 168 1 0 255 255 255 0 Allows access to entire LAN Use a more restrictive definition if possible Remote IP addresses Subnet Address 192 168 100 0 255 255 255 0 Address range on other endpoint Use a more restrictive definition if possible Step 2 IP 2000VPN Authentication and Encryption...

Page 104: ...3DES Must match with RS 1200 IKE Exchange mode Main Mode Must match with RS 1200 DH Group Group 2 1024 bit Must match with RS 1200 IKE SA Life time 180 Shorter period will be used IKE Keep Alive Enable 192 168 100 1 Used to set the LAN IP address of RS 1200 IKE PFS Group 2 1024 bit Must match with RS 1200 IPSec SA Parameters IPSec SA Life time 300 Shorter period will be used IPSec PFS Group 2 1024...

Page 105: ...y in VPN Click New Entry 2 In the list of IPSec Autokey fill in Name with To_IP2KVPN 3 Select Remote Gateway Fixed IP or Domain Name in To Destination list and enter the IP Address 4 Select Preshare in Authentication Method and enter the Preshared Key 5 Both sides have to choose the same group Here we select 3DES for ENC Algorithm MD5 for AUTH Algorithm and GROUP2 for Group AirLive IP 2000VPN User...

Page 106: ... 8 Complete the IPSec Autokey setting Step 5 Configure RS 1200 IPSec Tunnel Enter the following setting in Tunnel of VPN function Enter a specific Tunnel Name From Source Select LAN From Source Subnet Mask Enter 192 168 100 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 1 0 255 255 255 0 IPSec PPTP Setting Select To_IP2KVPN Enter 192 168 1...

Page 107: ...ng and Incoming Policy 1 Enter the following setting in Outgoing Policy Tunnel Select To_IP2K_Tunnel Click OK 2 Enter the following setting in Incoming Policy Tunnel Select To_IP2K_Tunnel Click OK AirLive IP 2000VPN User s Manual 104 ...

Page 108: ...with PPTP VPN Software WAN IP address 60 250 158 65 Any LAN IP Subnet 192 168 1 x Encrypted Authentication MS CHAP v2 Typical User name jacky jacky Password 1234 1234 Step 1 Set up IP 2000VPN PPTP Server 1 Select Microsoft VPN Æ Server and tick the selection of Enable PPTP VPN Server 2 Select the encrypted authentication type in this case we select MS CHAP v2 AirLive IP 2000VPN User s Manual 105 ...

Page 109: ...with the form to enter user name and password For example user name is jacky and password is 1234 3 Click Add as New User button to update the account into Existing Users list 4 Complete to set up PPTP VPN of IP 2000VPN The IP address of IP 2000VPN PPTP Server is exact the same with its WAN IP address AirLive IP 2000VPN User s Manual 106 ...

Page 110: ...Open Network Connections Start Æ Settings Æ Network Connections and start the New Connection Wizard 2 Select the option Connect to the network at my workplace as shown above and click Next 3 On the next screen shown above select the Virtual Private Network connection option Click Next to continue AirLive IP 2000VPN User s Manual 107 ...

Page 111: ...4 Enter a suitable name for this connection Click Next to continue 5 On the screen above select Do not dial the initial connection Click Next to continue AirLive IP 2000VPN User s Manual 108 ...

Page 112: ... 2000VPN you wish to connect to Click Next to continue 7 Choose whether to allow this connection for everyone or only for yourself as required Click Next to continue 8 On the final screen click Finish to save and exit 9 Setup is now complete AirLive IP 2000VPN User s Manual 109 ...

Page 113: ...nfiguration it will pop up a login windows for user s access 2 Enter the user name and password for example user name with jacky and password with 1234 tick the selection Save this user name and password for the following users in order to record the user s data AirLive IP 2000VPN User s Manual 110 ...

Page 114: ...ht bottom corner will add another connection icon to indicate the PPTP connection 5 User can run the Command Prompt in PPTP client s PC to check the current status of PC s IP address and he will find two IP addresses are registered at client s PC 6 Try to ping IP 2000VPN LAN IP address 192 168 1 1 and obtain the response AirLive IP 2000VPN User s Manual 111 ...

Page 115: ...7 Try to connect the resource PC 192 168 1 4 and search for the shared folder 8 When you find out the shared folder PPTP client can access the resource as well AirLive IP 2000VPN User s Manual 112 ...

Page 116: ...on on Windows 2000 you need Service Pack 3 or later installed Environment IP 2000VPN PC with IPSec VPN Software WAN IP address 220 139 232 45 220 139 238 157 LAN IP Subnet 192 168 1 x Pre shared Key 12345678 12345678 IKE Encryption DES DES IKE Authentication MD5 MD5 DH Group Group 1 768 Bit Group 1 768 Bit ESP Encryption 3DES 3DES ESP Authentication SHA 1 SHA1 AirLive IP 2000VPN User s Manual 113 ...

Page 117: ...IOS passing through VPN tunnel Remote Endpoint Fixed IP 220 139 238 157 Other endpoint s WAN Internet IP address Local IP addresses Subnet Address 192 168 1 0 255 255 255 0 Allows access to entire LAN Use a more restrictive definition if possible Remote IP addresses Single Address 220 139 238 157 For a single client this address is the same as the endpoint address AirLive IP 2000VPN User s Manual ...

Page 118: ...dress System will detect the IP address and fill in the form automatically It is the most common ID method Remote Identify Remote WAN IP Address System will detect the IP address and fill in the form automatically It is the most common ID method IKE Authentication method Pre shared Key 12345678 Certificates are not widely used AirLive IP 2000VPN User s Manual 115 ...

Page 119: ...ith Client PC IPSec SA Parameters IPSec SA Life time 300 Shorter period will be used IPSec PFS Disable Must match with Client PC AH Authentication Disable AH is rarely used ESP Authentication Enable SHA 1 Must match with Client PC ESP Encryption Enable 3DES Must match with Client PC Step 3 Windows XP IPSec Client Configuration 1 Select Start Settings Control Panel Administrative Tools Local Securi...

Page 120: ...mple 2KVPN To XP then click Next 4 Step through the Wizard Deselect Activate the default response rule Click Next Leave Edit Properties checked Click Finish 5 The following Properties Rules screen will be displayed AirLive IP 2000VPN User s Manual 117 ...

Page 121: ...going rule will be added first 6 Deselect the Use Add Wizard checkbox and then click Add to view the screen below 7 Click Add and type To 2KVPN for the name 8 Deselect Use Add Wizard and then to click Add to enter the Filter Properties setting AirLive IP 2000VPN User s Manual 118 ...

Page 122: ...ng filter the Source IP address is My IP address and the Destination IP address is the address range used on the remote LAN Ensure the Mirrored option is checked and click OK to save the setting 10 Click OK to save your settings and close this dialog AirLive IP 2000VPN User s Manual 119 ...

Page 123: ...ed then click the Filter Action tab to see a screen like the following 12 Select Require Security then click the Edit button to view the Require Security Properties screen and select Negotiate Security this selects IKE then click Add AirLive IP 2000VPN User s Manual 120 ...

Page 124: ...13 On the resulting screen above select Encryption and Integrity then click OK to save your changes and return to the Require Security Properties screen AirLive IP 2000VPN User s Manual 121 ...

Page 125: ...E enabled Negotiate security AH disabled AH Integrity None ESP encryption Enable 3DES ESP Confidentially 3DES ESP authentication Enable SHA 1 ESP Integrity SHA1 15 Click the Tunnel Setting tab and then select The tunnel endpoint is specified by this IP address Enter the WAN Internet IP address of the IP 2000VPN as shown below AirLive IP 2000VPN User s Manual 122 ...

Page 126: ...16 Click the Authentication Methods tab 17 Click the Edit and select Use this string preshared key then enter your preshared key in the field provided AirLive IP 2000VPN User s Manual 123 ...

Page 127: ...Methods tab of the Edit Rule Properties screen 19 Click Close to return to the 2KVPN To XP properties screen The To 2KVPN filter should now be listed as shown below 20 To add the second incoming rule click Add to create a new rule AirLive IP 2000VPN User s Manual 124 ...

Page 128: ...nd the Destination IP address as shown below Since this is the incoming filter the Source IP address is the address range used on the remote LAN and the Destination IP address is My IP address Ensure the Mirrored option is checked and click OK to save the setting AirLive IP 2000VPN User s Manual 125 ...

Page 129: ...23 Click OK to save the setting 24 Ensure the To Win2K filter is selected and then click the Filter Action tab AirLive IP 2000VPN User s Manual 126 ...

Page 130: ...t Check the Negotiate Security is selected 26 Click OK to return to the Filter Action screen 27 Select the Tunnel Setting tab and enter the WAN Internet IP address of this PC 220 139 238 157 in this example AirLive IP 2000VPN User s Manual 127 ...

Page 131: ...28 Select the Authentication Methods tab and click the Edit button 29 Select Use this string preshared key then enter your preshared key in the field provided AirLive IP 2000VPN User s Manual 128 ...

Page 132: ...Click OK to save your settings then Close to return to the 2KVPN to XP Properties screen There should now be 2 IP Filers listed as shown below 31 Select the General tab AirLive IP 2000VPN User s Manual 129 ...

Page 133: ...een below 34 Move up the fourth rule to the top in order to define MD5 for Integrity Algorithm DES for Encryption algorithm and Low 1 for the Diffie Hellman Group 35 Click OK to save then OK again and then Close to return to the Local Security Settings screen AirLive IP 2000VPN User s Manual 130 ...

Page 134: ...36 Right click the 2KVPN to XP Policy and select Assign to make your policy active 37 Configuration is now complete AirLive IP 2000VPN User s Manual 131 ...

Page 135: ...m This shows the connection status to the modem Internet Connection Current connection status Active Idle Unknown Failed If there is an error you can click the Connection Details button to find out more information Internet IP Address This IP Address is allocated by the ISP Internet Service Provider Connection Details Button Click this button to open a sub window and view a detailed description of...

Page 136: ...he IP 2000VPN Firmware Version The current version of the firmware installed in the IP 2000VPN System Data Button Clicking this button will open a Window which lists all system details and settings Buttons Connection Details View the details of the current Internet connection The sub screen displayed will depend on the connection method used See the following sections for details of each sub scree...

Page 137: ...ted by your ISP Internet Service Provider Network Mask The Network Mask associated with the IP Address above PPPoE Link Status This indicates whether or not the connection is currently established If the connection does not exist the Connect button can be used to establish a connection If the connection currently exists the Disconnect button can be used to break the connection Connection Log Conne...

Page 138: ...nnection PPP up successfully Able to login to ISP s Server and establish a PPP connection Idle time out reached The connection has been idle for the time period specified in the Idle Time out field The connection will now be terminated Disconnecting The current connection is being terminated due to either the Idle Time out above or Disconnect button being clicked Error Remote Server not found ISP ...

Page 139: ...is address is allocated by your ISP Internet Service Provider PPTP Status This indicates whether or not the connection is currently established If the connection does not exist the Connect button can be used to establish a connection If the connection currently exists the Disconnect button can be used to break the connection Connection Log Connection Log The Connection Log shows status messages re...

Page 140: ... 2000VPN User s Manual 137 Disconnect If connected to your ISP hang up the connection Clear Log Delete all data currently in the Log This will make it easier to read new messages Refresh Update the data on screen ...

Page 141: ...hed If the connection does not exist the Connect button can be used to establish a connection If the connection currently exists the Disconnect button can be used to break the connection Normally it is not necessary to use the Connect and Disconnect buttons unless the setting Connect automatically as required is disabled Connection Log Connection Log The Connection Log shows status messages relati...

Page 142: ...VPN User s Manual 139 Disconnect If connected to Telstra Big Pond terminate the connection Clear Log Delete all data currently in the Log This will make it easier to read new messages Refresh Update the data on screen ...

Page 143: ...rvice Provider Network Mask The Network Mask associated with the IP Address above Default Gateway The IP Address of the remote Gateway or Router associated with the IP Address above DNS IP Address The IP Address of the Domain Name Server which is currently used DHCP Client This will show Enabled or Disabled depending on whether or not this device is functioning as a DHCP client If Enabled the Rema...

Page 144: ...OT allocated an IP Address for the IP 2000VPN this button will say Renew Clicking the Renew button will attempt to re establish the connection and obtain an IP Address from the ISP s DHCP Server If an IP Address has been allocated to the IP 2000VPN by the ISP s DHCP Server this button will say Release Clicking the Release button will break the connection and release the IP Address Refresh Update t...

Page 145: ... above Default Gateway The IP Address of the remote Gateway or Router associated with the IP Address above DNS IP Address The IP Address of the Domain Name Server which is currently used DHCP Client This will show ON or OFF depending on whether or not this device is functioning as a DHCP client If ON the Remaining lease time field indicates when the IP Address allocated by the DHCP Server will exp...

Page 146: ...Clicking the Renew button will attempt to re establish the connection and obtain an IP Address from the ISP s DHCP Server If an IP Address has been allocated to the IP 2000VPN by the ISP s DHCP Server this button will say Release Clicking the Release button will break the connection and release the IP Address Refresh Update the data shown on screen ...

Page 147: ...ice as seen by Internet users This address is allocated by your ISP Internet Service Provider L2TP Status This indicates whether or not the connection is currently established If the connection does not exist the Connect button can be used to establish a connection If the connection currently exists the Disconnect button can be used to break the connection Connection Log Connection Log The Connect...

Page 148: ... Connect If not connected establish a connection to your ISP Disconnect If connected to your ISP hang up the connection Clear Log Delete all data currently in the Log This will make it easier to read new messages Refresh Update the data on screen ...

Page 149: ...Internet Application This database is maintained automatically but you can add and delete entries for PCs which use a Fixed Static IP Address Remote Admin This feature allows you to manage the IP 2000VPN via the Internet Routing Only required if your LAN has other Routers or Gateways Upgrade Firmware The firmware software in the IP 2000VPN can be upgraded using your Web Browser UPnP UPnP Universal...

Page 150: ...usly saved configuration file back to the IP 2000VPN Click Browse to select the configuration file then click Restore to upload the configuration file WARNING Uploading a configuration file will destroy overwrite ALL of the existing settings Default Config Clicking the Factory e Defaults button will reset the IP 2000VPN to its factory default settings WARNING This will delete ALL of the existing s...

Page 151: ...ntly exists you could get a Timeout error In that case wait a few seconds and try again Ping Button After entering the IP address click this button to start the Ping procedure The results will be displayed in the Ping Results pane DNS Lookup Internet name Enter the Domain name or URL for which you want a DNS Domain Name Server lookup Note that if the address in on the Internet and no connection cu...

Page 152: ...tomatically The IP 2000VPN uses the Hardware Address to identify each PC not the name or IP address The Hardware Address can only change if you change the PC s network card or adapter This system means you do NOT need to use Fixed static IP addresses on your LAN However you can add PCs using Fixed static IP Addresses to the PC database if required Data PC Database Screen PC Database Known PCs This...

Page 153: ... add it Delete Delete the selected PC from the list This should be done in 2 situations The PC has been removed from your LAN The entry is incorrect Refresh Update the data on screen Generate Report Display a read only list showing full details of all entries in the PC database Advanced Administration View the Advanced version of the PC database screen See below for details PC Database Admin This ...

Page 154: ...nter the IP address allocated to the PC The PC must be configured to use this IP address MAC Address Select the appropriate option Automatic discovery IP 2000VPN will contact the PC and find its MAC address This is only possible if the PC is connected to the LAN and powered on MAC address is Enter the MAC address on the PC The MAC address is also called the Hardware Address Physical Address or Net...

Page 155: ...ld enter HTTPS NOT HTTP the Internet IP address of this device NOT the LAN IP address and the port number as follows https ip_address port_number ip address is the Internet IP address of this device port number is the port number assigned on this screen 4 You should then be prompted for the password for this device You must assign a password Settings Enable Check this to allow administration manag...

Page 156: ...ryone Remote user s IP address is not checked IP address range Only IP addresses in the range specified will be allowed If selected you must enter both the Start and Finish IP address Only this PC Only the specified IP address is allowed If selected you must enter an IP address in the field provided To connect from a remote PC via the Internet 1 Ensure your Internet connection is established and s...

Page 157: ... RIP on the IP 2000VPN and ensure the following Windows 2000 settings are correct Open Routing and Remote Access In the console tree select Routing and Remote Access server name IP Routing RIP In the Details pane right click the interface you want to configure for RIP version 2 and then click Properties On the General tab set Outgoing packet protocol to RIP version 2 broadcast and Incoming packet ...

Page 158: ...0VPN supports RIP 1 RIP 2B and RIP 2M Static Routing Static Routing Table Entries This list shows all entries in the Routing Table The Properties area shows details of the selected item in the list Change any the properties as required then click the Update button to save the changes to the selected entry AirLive IP 2000VPN User s Manual 155 ...

Page 159: ...ry selected in the list is ignored and has no effect Update Update the current Static Routing Table entry using the data shown in the Properties area on screen Delete Delete the current Static Routing Table entry Clear Form Clear all data from the Properties area ready for input of a new entry for the Static Routing table Generate Report Generate a read only list of all entries in the Static Routi...

Page 160: ... as the IP 2000VPN s local router with the exception of the Gateway IP Address For a router with a direct connection to the IP 2000VPN s local Router the Gateway IP Address is the address of the IP 2000VPN s local router For routers which must forward packets to another router before reaching the IP 2000VPN s local router the Gateway IP Address is the address of the intermediate router ...

Page 161: ...tton to start the Firmware upgrade Note than any users accessing the Internet via the IP 2000VPN will lose their connection When the upgrade is finished the IP 2000VPN will restart and this management connection will be unavailable during the restart Cancel Cancel does NOT stop the Upgrade process if it has started It only clears the input for the Upgrade File field To perform the Firmware Upgrade...

Page 162: ...isabled UPnP users can only view the configuration But currently this restriction only applies to users running Windows XP who access the Properties via UPnP e g Right click the IP 2000VPN in My Network Places and select Properties Allow Internet access to be disabled If checked then UPnP users can disable Internet access via this device If Disabled UPnP users can NOT disable Internet access via t...

Page 163: ...d and configured on each PC TCP IP Settings Overview If using the default IP 2000VPN s settings and the default Windows TCP IP settings no changes need to be made By default the IP 2000VPN will act as a DHCP Server automatically providing a suitable IP Address and related information to each PC when the PC boots For all non Server versions of Windows the default TCP IP setting is to act as a DHCP ...

Page 164: ...default the IP 2000VPN will act as a DHCP Server Restart your PC to ensure it obtains an IP Address from the IP 2000VPN Using Specify an IP Address If your PC is already configured check with your network administrator before making the following changes On the Gateway tab enter the IP 2000VPN s IP address in the New Gateway field and click Add as shown below Your LAN administrator can advise you ...

Page 165: ... address provided by your ISP in the fields beside the Add button then click Add Checking TCP IP Settings Windows NT4 0 1 Select Control Panel Network and on the Protocols tab select the TCP IP protocol as shown below 2 Click the Properties button to see a screen like the one below AirLive IP 2000VPN User s Manual 162 ...

Page 166: ... obtains an IP Address from the IP 2000VPN Specify an IP Address If your PC is already configured check with your network administrator before making the following changes 5 The Default Gateway must be set to the IP address of the IP 2000VPN To set this Click the Advanced button on the screen above On the following screen click the Add button in the Gateways panel and enter the IP 2000VPN s IP add...

Page 167: ...t to the address provided by your ISP as follows Click the DNS tab On the DNS screen shown below click the Add button under DNS Service Search Order and enter the DNS provided by your ISP AirLive IP 2000VPN User s Manual 164 ...

Page 168: ... Right click the Local Area Connection icon and select Properties 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following 5 Ensure your TCP IP settings are correct as described below AirLive IP 2000VPN User s Manual 165 ...

Page 169: ...VPN s IP address in the Default Gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the IP 2000VPN If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK Checking TCP IP Settings Windows XP 1 Select Control Panel Network Connection 2 Right click the Lo...

Page 170: ...wing changes In the Default Gateway field enter the IP 2000VPN s IP address and click OK Your LAN administrator can advise you of the IP Address they assigned to the IP 2000VPN If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK Macintosh Clients From your Macintosh you can access the Internet vi...

Page 171: ...t your Default Gateway to the IP Address of the IP 2000VPN Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to your version of Linux and X windows shell 1 Start your X Windows client 2 Select Control Panel Network 3 Select the Interface entry for your Network card Normally this will be called eth0 4 Click the Edit button se...

Page 172: ...SAs for the IKE connection as well as the IPSec connection There are two security modes possible with IPSec Transport Mode the payload data part of the packet is encapsulated through encryption but the IP header remains in the clear unchanged The IP 2000VPN does NOT support Transport Mode Tunnel Mode everything is encapsulated including the original IP header and a new IP header is generated Only ...

Page 173: ...he policies are examined in the order in which they are listed and the first matching policy will be used While it is possible to change the order of the policies it may not be easy to get the desired action from multiple policies VPN Configuration The general rule is that each endpoint must have matching Policies as follows VPN Endpoint address Each VPN endpoint must be configured to initiate or ...

Page 174: ...AirLive IP 2000VPN User s Manual 171 IPSec parameters The IPSec parameters at each endpoint must match ...

Page 175: ...re that it is using an IP Address within the range 192 168 1 2 to 192 168 1 254 and thus compatible with the IP 2000VPN s default IP Address of 192 168 1 1 Also the Network Mask should be set to 255 255 255 0 to match the IP 2000VPN In Windows you can check these settings by using Control Panel Network to check the Properties for the TCP IP protocol Internet Access Problem 1 When I enter a URL or ...

Page 176: ...a passing through it so it is not transparent Use the Special Applications feature to allow the use of Internet applications which do not function correctly If this does solve the problem you can use the DMZ function This should work with almost every application but It is a security risk since the firewall is disabled Only one 1 PC can use this feature ...

Page 177: ...t t ti i io o on n ns s s Model IP 2000VPN Dimensions 141mm W 100mm D 27mm H Operating Temperature 0 C to 40 C Storage Temperature 10 C to 70 C Network Protocol TCP IP Network Interface 5 Ethernet 3 10 100BaseT RJ45 LAN connection 1 10 100BaseT RJ45 DMZ connection 1 10 100BaseT RJ45 for WAN LEDs 11 Power Adapter 12 V DC External ...

Search results

Summary of Contents for IP-2000VPN

Reviews:

Related manuals for IP-2000VPN

Brands by name

Popular brands

AirLive IP-2000VPN, User Manual

Search results

Summary of Contents for IP-2000VPN

Reviews:

Related manuals for IP-2000VPN

Brands by name

Popular brands