AirLive WN-300ARM-VPN User Manual Download

Page: 70 / 131

6.3 Dynamic DNS

This free service is very useful when combined with the

Virtual Server

feature. It allows Internet users to

connect to your Virtual Servers using a URL, rather than an IP Address.

This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address

may change whenever you connect, which makes it difficult to connect to you.

DDNS Services work as follows:

1. You must register for the service at one of the listed DDNS Service providers.

2. After registration, use the Service provider's normal procedure to obtain your desired Domain name.

3. Enter your DDNS data on the WN-300ARM-VPN's DDNS screen, and enable the DDNS feature.

4. The WN-300ARM-VPN will then automatically ensure that your current IP Address is recorded at the

DDNS service provider's Domain Name Server.

5. From the Internet, users will be able to connect to your Virtual Servers (or DMZ PC) using your Domain

name, as shown on this screen.

Dynamic DNS Screen

Select

Advanced

on the main menu, then

Dynamic DNS

, to see a screen like the following:

Figure: DDNS Screen

-1-

Data - Dynamic DNS Screen

DDNS Service

Use a Dynamic

DNS Service

Use this to enable or disable the DDNS feature as required.

Service Provider

Select the desired DDNS Service provider.

Web Site

Click this button to open a new window and connect to the Web site of the

selected DDNS service provider.

AirLive WN-300ARM-VPN User’s Manual

Summary of Contents for WN-300ARM-VPN

Page 1: ...WN 300ARM VPN 11n ADSL2 2 VPN Router User s Manual ...

Page 2: ...RLAN equipment EN 50385 2002 Product standard to demonstrate the Compliance of radio base stations and Fixed terminal stations for wireless Telecommunication System with the Basic restrictions or the reference levels related to human exposure to radio Frequency electromagnetic fields 110 MHz 40 GHz General public EN 60950 1 2001 A11 Safety for information technology equipment including electrica 2...

Page 3: ...es aplicables o exigibles de la Directiva 1999 5 CE pt Português Portuguese OvisLink Corp declara que este AirLive WN 300ARM VPN está conforme com os requisitos essenciais e outras disposições da Directiva 1999 5 CE el Ελληνική Greek ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ OvisLink Corp ΔΗΛΩΝΕΙ ΟΤΙ AirLive WN 300ARM VPN ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999 5 ΕΚ sl ...

Page 4: ...ications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separatio...

Page 5: ...hat may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter CE Declaration of Conformity This equipment complies with the requirements relating to electromagnetic compatibility EN 300328 v1 7 1 EN 301489 1 17 EN 50385 EN 60950 Class B The specification is subject to change without notice ...

Page 6: ...Chapter4 PC Configuration 37 4 1 Windows Clients 37 4 2 Macintosh Clients 46 4 3 Linux Clients 46 4 4 Wireless Station Configuration 47 4 5 Wireless Configuration on Windows XP 47 Chapter5 Operation and Status 57 Chapter6 Advanced Features 63 6 1 Internet 63 6 2 Access Control 66 6 3 Dynamic DNS 68 6 4 Option 70 6 5 Schedule 71 6 6 Port Trigger 73 6 7 Port Forward 75 6 8 Port Range Forward 77 6 9 ...

Page 7: ...5 7 5 Diagnostics 107 7 6 Remote Administration 108 7 7 Routing 110 7 8 Upgrade Firmware 114 Chapter8 Modem Mode 115 Appendix A Troubleshooting 120 Appendix B About Wireless LANs 123 Appendix C About VPNs 126 Appendix D Specifications 129 ...

Page 8: ...he purchase of your new WN 300ARM VPN AirLive WN 300ARM VPN It is a high performance and multi function device providing the following services ADSL 2 2 Modem Router Shared Broadband Internet Access for all LAN users Wireless Access Point for 802 11n 802 11b and 802 11g Wireless Stations 4 Port Switching Hub for 10BaseT or 100BaseT connections ...

Page 9: ...such applications to be used normally Port Triggering This feature also called Special Applications allows you to use Internet applications which normally do not function when used behind a firewall Port Forwarding This feature allows Internet users to access Internet servers on your LAN The required setup is quick and easy Dynamic DNS Support DDNS when used with the Virtual Servers feature allows...

Page 10: ... providing protection against snoopers The WPA PSK is a later standard than WEP and provides both easier configuration and greater security than WEP WPA2 PSK support Support for WPA2 is also included WPA2 uses the extremely secure AES encryption method 802 1x Support Support for 802 1x mode is included providing for the industrial strength wireless security of 802 1x authentication and authorizati...

Page 11: ...rity Features Password protected Configuration Password protection is provided to prevent unauthorized users from modifying the configuration data and settings Wireless LAN Security WPA 802 1x WPA2 802 1x and WEP and Wireless access control by MAC address are all supported The MAC level access control feature can be used to prevent unknown wireless stations from accessing your LAN NAT Protection A...

Page 12: ...ing Data is being transmitted or received via the corresponding LAN hub port On Wireless enabled Off No Wireless conne Flashing Data is being transmitted or receive access point This includes network traffic as well as user data On ADSL connection established Off No ADSL connection currently e Flashing ADSL is synchronizing On Green Internet connection is Off No Internet connection available On Or...

Page 13: ...evice to perform WPS function that easily creates an encryption secured wireless connection automatically Press this button to switch wireless function on or off for 8 seconds and wait the WN 300ARM VPN to restart using the factory default values 1 he following items should be included cable Annex B only hen you open your package make sure all of the above items are included and not damaged If you...

Page 14: ...e the Wireless Access Point all Wireless devices must be compliant with the IEEE 802 11b or IEEE 802 11n Draft specifications Procedure 1 Choose an Installation Site network to install the WN 300ARM VPN Note t Wireless reception and performance the WN 300ARM VPN should be positioned in a central hannels Select a suitable place on the s For bes location with minimum obstructions between the WN 300A...

Page 15: ...ress 192 168 0 1 in sword 2 Use standard LAN ca 10BaseT and 100BaseT connections can be used simultaneously onnect ADSL Cable Connect the supplied AD to the ADSL terminator provided by your phone company ower Up Connect the Using a different one may cause hardware damage heck the LEDs The Power LE For the LAN PC connection on The Wireless LED should be ON The ADSL LED should be ON if AD The Intern...

Page 16: ...n For details Other configuration may also be required depending on which features and functions of WN 300ARM VPN you wish to use Use the table below to locate detailed instructions for the required functions To Do this Refer to Configure PCs on your LAN ation Chapter 4 PC Configur Check WN 300ARM VPN operation and Status nd Status Chapter 5 Operation a Use any of the following Advanced features I...

Page 17: ...ensure that Your PC can establish a physical connection to the WN 300ARM VPN The PC and the WN 300ARM VPN must be directly connected using the Hub ports on the WN 300ARM VPN or on the same LAN segment The WN 300ARM VPN must be installed and powered ON If the WN 300ARM VPN s default IP Address 192 168 0 1 is already used by another device the other device must be turned OFF until the WN 300ARM VPN ...

Page 18: ...no response is received either the connection is not working or your PC s IP address is not compatible with the WN 300ARM VPN s IP Address See next item If your PC is using a fixed IP Address its IP Address must be within the range 192 168 0 2 to 192 168 0 254 to be compatible with the WN 300ARM VPN s default IP Address of 192 168 0 1 Also the Network Mask must be set to 255 255 255 0 Ensure that ...

Page 19: ...rnet Connection 1 Click the Setup Wizard link on the main menu 2 On the first screen select VC 1 Router Primary Internet Connection then click Next Figure Setup Wizard Home Page 3 Select the method of determining the type of Internet connection then click Next Figure Select desired option AirLive WN 300ARM VPN User s Manual 17 ...

Page 20: ...nternet Access Screen shown above select the correct connection type as used by your ISP Click Next and complete the configuration for your connection method You need the data supplied by your ISP Your ISP s data will also have the DSL Multiplexing Method LLC or VC The common connection types are explained in the following table AirLive WN 300ARM VPN User s Manual 18 ...

Page 21: ...ally the connection is Always on IP Address allocated to you and related information such as Network Mask Gateway IP address and DNS address 6 Step through the Wizard until finished 7 On the final screen of the Wizard run the test and check that an Internet connection can be established 8 If the connection test fails Check all connections and the front panel LEDs Check that you have entered all da...

Page 22: ...e multiplexing value provided by your ISP ATM Service Select the multiplexing value provided by your ISP LAN IP Address Enter the IP address of the device on your LAN which will receive the data on this VC For Video on Demand this would be the IP address of your SetTop Box For VoIP this would be the IP address of your VoIP TA Note that this IP address does not have to be in the same IP address ran...

Page 23: ...n menu also contains 2 buttons Log Out When finished you should click this button to logout Restart When you configure part of feature the router will need to restart system 3 Navigation Data Input Use the menu bar on the left of the screen and the Back button on your Browser for navigation Changing to another screen without clicking Save does NOT save any changes you may have made You must Save b...

Page 24: ... the same value as the PCs on that LAN segment DHCP Server If Enabled the WN 300ARM VPN will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The default and recommended value is Enabled If you are already using a DHCP Server this setting must be Disabled and the existing DHCP server must be re configured to treat the WN 300ARM VPN as the default Gateway See the following s...

Page 25: ...P Server This is the default setting The DHCP Server settings are on the LAN screen On this screen you can Enable or Disable the WN 300ARM VPN s DHCP Server function Set the range of IP Addresses allocated to PCs by the DHCP Server function You can assign Fixed IP Addresses to some devices while using DHCP provided that the Fixed IP Addresses are NOT within the range used by the DHCP Server 4 Usin...

Page 26: ...accept 802 11b 11g and 11n connections and no configuration is required for this feature To change the WN 300ARM VPN s default settings for the Wireless Access Point feature use the Wireless link on the main menu to reach the Wireless screen An example screen is shown below Figure Wireless Screen AirLive WN 300ARM VPN User s Manual 24 ...

Page 27: ...ame If using an ESS Extended Service Set with multiple access points this ID is called an ESSID Extended Service Set Identifier To communicate all Wireless stations should use the same SSID ESSID Broadcast SSID If enabled the WN 300ARM VPN will broadcast its SSID This allows PCs and other wireless stations to detect this Access Point and use the correct SSID If disabled PC users will have to manua...

Page 28: ... 40MHz Wireless stations can use the Wireless Broadband Router Channel No Select the Channel you wish to use on your Wireless LAN If you experience interference shown by lost connections and or slow data transfers you may need to experiment with different channels to see which channel is the best If using multiple Access Points adjacent Access Points should use different Channels to reduce interfe...

Page 29: ...eless stations use the Set Stations button Set Stations Button Click this button to manage the trusted PC database WiFi Protect Setup Enable WPS Enable this if you want to use Wireless WPS function AP PIN Code Use the default displayed value or click the Regenerate button to have the new pin code in the field Input Client PIN Code Enter the client s PIN code in the field and click OK to add the cl...

Page 30: ... even greater security using the AES Advanced Encryption Standard method of encryption Mixed WPA PSK WAP2 PSK This method sometimes called Mixed Mode allows clients to use EITHER WPA PSK OR WPA2 PSK WPA 802 1x This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this...

Page 31: ...128 Bit data is encrypted using the default key before being transmitted You must enter at least the default key For 128 Bit Encryption the key size is 26 chars in HEX 0 9 and A F Default Key Select the key you wish to be the default Transmitted data is ALWAYS encrypted using the Default Key the other Keys are for decryption only You must enter a Key Value for the Default Key Key Value Enter the k...

Page 32: ...s must use the same encryption method WPA2 PSK Wireless Security Figure WPA2 PSK 3 Data WPA2 PSK Screen WPA2 PSK Data Encryption Authentication This is a further development of WPA PSK and offers even greater security PSK Enter the PSK network key Data is encrypted using a key derived from the network key Other Wireless Stations must use the same network key The PSK must be from 8 to 63 characters...

Page 33: ...om 8 to 63 characters in length Encryption The Mixed WPA PSK WAP2 PSK standard allows different encryption methods to be used Select the desired option Wireless Stations must use the same encryption method WPA 802 1x Wireless Security Figure WPA 802 1x 5 Data WPA 802 1x Screen WPA 802 1x Data Encryption Server Address Enter the server address here Radius Port Enter the port number used for connect...

Page 34: ...creen You will see a screen like the sample below Figure Trusted Wireless Stations 6 Data Trusted Wireless Stations Trusted Wireless Stations Trusted Wireless Stations This lists any Wireless Stations which you have designated as Trusted Other Wireless Stations This list any Wireless Stations detected by the Access Point which you have not designated as Trusted Name The name assigned to the Truste...

Page 35: ...d Stations list Click the button Edit Use this to change an existing entry in the Trusted Stations list 1 Select the Station in the Trusted Station list 2 Click the Edit button The address will be copied to the Address field and the Add button will change to Update 3 Edit the address MAC or physical address as required 4 Click Update to save your changes Add Update To add a Trusted Station which i...

Page 36: ...password in this field New password Enter the new password here Verify password Re enter the new password here You will be prompted for the password when you connect as shown below Figure Password Dialog The User Name is always admin Enter the password for the WN 300ARM VPN as set on the Password screen above AirLive WN 300ARM VPN User s Manual 34 ...

Page 37: ...r LAN to provide IP addresses to the Wireless clients using this Access Point All traffic received on either the Wireless or LAN interface will be sent over the ADSL connection Notes Generally you should NOT use modem mode Only select this mode if you are sure this is what you want After changing the mode this device will restart which will take a few seconds The menu will also change depending on...

Page 38: ...er Modem Router all the connection methods would be changed to Bridge You may need to reconfigure the Bridge IP Netmask through wizard pages if you want to access the WEB Server via the relevant port Figure Binding Screen 1 Data Binding Screen Port 0 This port is always bound to the Primary Internet Connection VC1 Port 1 3 These ports can be bound to VC2 VC8 If it is not enabled it would be bound ...

Page 39: ...rotocol be installed and configured on each PC TCP IP Settings Overview If using the default WN 300ARM VPN settings and the default Windows TCP IP settings no changes need to be made By default the WN 300ARM VPN will act as a DHCP Server automatically providing a suitable IP Address and related information to each PC when the PC boots For all non Server versions of Windows the default TCP IP setti...

Page 40: ...ontrol Panel Network and on the Protocols tab select the TCP IP protocol as shown below Figure Windows NT4 0 TCP IP 2 Click the Properties button to see a screen like the one below Figure Windows NT4 0 IP Address AirLive WN 300ARM VPN User s Manual 38 ...

Page 41: ...istrator before making the following changes 1 The Default Gateway must be set to the IP address of the WN 300ARM VPN To set this Click the Advanced button on the screen above On the following screen click the Add button in the Gateways panel and enter the WN 300ARM VPN s IP address as shown in below If necessary use the Up button to make the WN 300ARM VPN the first entry in the Gateways list Figu...

Page 42: ...indows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Figure Network Configuration Win 2000 AirLive WN 300ARM VPN User s Manual 40 ...

Page 43: ... a DHCP Server Restart your PC to ensure it obtains an IP Address from the WN 300ARM VPN Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter the WN 300ARM VPN s IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned t...

Page 44: ...ties You should see a screen like the following Figure Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Figure TCP IP Properties Windows XP 5 Ensure your TCP IP settings are correct AirLive WN 300ARM VPN User s Manual 42 ...

Page 45: ... Your LAN administrator can advise you of the IP Address they assigned to the WN 300ARM VPN If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK Checking TCP IP Settings Windows Vista 1 Select Control Panel Network Connections 2 Right click the Local Area Connection Status and choose Properties Cl...

Page 46: ...ed The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs Internet Access To configure your PCs to use the WN 300ARM VPN for Internet access Ensure that the DSL modem Cable modem or other permanent connection is functional Use the following procedure to configure your Browser to access the Internet via the LAN rather than by...

Page 47: ...nnection Wizard screen 6 Select Connect to the Internet and click Next 7 Select Set up my connection manually and click Next 8 Check Connect using a broadband connection that is always on and click Next 9 Click Finish to close the New Connection Wizard 10 Setup is now completed 3 Accessing AOL To access AOL America On Line through the WN 300ARM VPN the AOL for Windows software must be configured t...

Page 48: ...mpting any changes Fixed IP Address By default most Unix installations use a fixed IP Address If you wish to continue using a fixed IP Address make the following changes to your configuration Set your Default Gateway to the IP Address of the WN 300ARM VPN Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to your version of L...

Page 49: ...n the WN 300ARM VPN is disabled If Wireless security remains disabled on the WN 300ARM VPN all stations must have wireless security disabled If Wireless security is enabled on the Wireless Router either WEP or WPA PSK each station must use the same settings as the Wireless ADLS Router 4 5 Wireless Configuration on Windows XP If using Windows XP to configure the Wireless interface on your PC the co...

Page 50: ...enabled on the WN 300ARM VPN If Wireless Security is Disabled If Wireless security on the WN 300ARM VPN is disabled Windows will warn you that the Wireless network is not secure Figure Insecure Wireless Network Windows XP To connect Check the checkbox Allow me to connect to the selected wireless network even though it is not secure The Connect button will then be available Click the Connect button...

Page 51: ...EP Windows XP To connect Enter the WEP key as set on the WN 300ARM VPN in the Network Key field Re enter the WEP key into the Confirm Network key field Disable the checkbox Enable IEEE 802 1x authentication for this network Click the Connect button If this fails click the Advanced button to see a screen like the following AirLive WN 300ARM VPN User s Manual 49 ...

Page 52: ...For the Network key and Confirm network key enter the default key value used on the WN 300ARM VPN Windows will determine if 64bit or 128bit encryption is used The Key index must match the default key index on the WN 300ARM VPN The default value is 1 Ensure the options The key is provided for me automatically and This is a computer to computer ad hoc network are unchecked Click OK to save and close...

Page 53: ...ARM VPN If using WPA PSK Data Encryption If WPA PSK data encryption has been enabled on the WN 300ARM VPN it does not matter which network is selected on the screen below Just click the Advanced button Figure Wireless Networks Windows XP AirLive WN 300ARM VPN User s Manual 51 ...

Page 54: ...ike the example below Figure Advanced Wireless Networks Select the SSID for the WN 300ARM VPN and click Configure to see a screen like the following Figure Wireless Network Properties WPA PSK AirLive WN 300ARM VPN User s Manual 52 ...

Page 55: ...etwork key PSK used on the WN 300ARM VPN Ensure the option This is a computer to computer ad hoc network is unchecked Click OK to save and close this dialog This wireless network will now be listed in Preferred Networks on the screen below Figure Preferred Networks Click OK to establish a connection to the WN 300ARM VPN AirLive WN 300ARM VPN User s Manual 53 ...

Page 56: ... be listed on the screen below Figure Wireless Networks Windows XP In this situation you need to obtain the SSID from your network administrator then to follow this procedure 1 Click the Advanced button to see a screen like the example below Figure Unlisted Wireless Network AirLive WN 300ARM VPN User s Manual 54 ...

Page 57: ...e to match the case not just the spelling Set Network Authentication and Data Encryption to match the WN 300ARM VPN If using data encryption WEP or WPA PSK enter the key used on the WN 300ARM VPN See the preceding sections for details of WEP and WPA PSK Uncheck the options The key is provided for me automatically and This is a computer to computer ad hoc network Click OK to save and exit AirLive W...

Page 58: ...his wireless network will then be listed in Preferred Networks on the screen below Figure Preferred Networks 5 Click OK to establish a connection to the WN 300ARM VPN AirLive WN 300ARM VPN User s Manual 56 ...

Page 59: ...s s Operation Router Mode Once both the WN 300ARM VPN and the PCs are configured operation is automatic However there are some situations where additional Internet configuration may be required Refer to Chapter 6 Advanced Features for further details Operation Router Mode Use the Status link on the main menu to view this screen Figure Status Screen ...

Page 60: ...rmally This could be caused by Modem failure or the loss of the connection to the ISP s server If there is an error you can click the Connection Details button to find out more information Internet IP Address This IP Address is allocated by the ISP Internet Service Provider If using a dynamic IP address and no connection currently exists this information is unavailable WAN MAC Address It displays ...

Page 61: ...s screen System Device Name The current name of the Router This name is also the hostname for users with Home type connection Firmware Version The version of the current firmware installed Buttons ADSL Details View the details of each VC Virtual Circuit Connection Details Click this button to open a sub window and view a detailed description of the current connection MultiPVC Details Click this bu...

Page 62: ...nection does not exist the Connect button can be used to establish a connection If the connection currently exists the Disconnect button can be used to break the connection Negotiation This indicates the status of the PPPoE Server login IP Address The IP Address of this device as seen by Internet users This address is allocated by your ISP Internet Service Provider Network Mask The Network Mask as...

Page 63: ... Router associated with the IP Address above DNS Server The IP address of the Domain Name Server which is currently used DHCP Server The IP address of your ISP s DHCP Server Lease Obtained Lease Expires This indicates when the current IP address was obtained and how long before this IP address allocation the DCHP lease expires Buttons Release If an IP Address has been allocated to the WN 300ARM VP...

Page 64: ...s Data Fixed IP address Screen 4 Internet IP Address users This address is The IP Address of this device as seen by Internet allocated by your ISP Internet Service Provider Subnet Mask The Subnet Mask associated with the IP Address above Default Gateway The IP Address of the remote Gateway or Router associated with the IP Address above DNS Server The IP Address of the Domain Name Server which is c...

Page 65: ...ea at tu ur re es s Overview The following advanced features are provided Internet DMZ URL filter Access Control Dynamic DNS Options Schedule Port Trigger Port Foward Port Range Forward QoS VPN IPSec 6 1 Internet This screen provides the access to the DMZ Special Applications and URL Filter features Figure Internet Screen ...

Page 66: ...use this feature The URL filter will check each Web site access If the address or part of the address is included in the block site list access will be denied On the Advanced Internet screen select the desired setting Disable disable this feature Block Always allow blocking all of the time independent of the Schedule page Block By Schedule block according to the settings on the Schedule page Click...

Page 67: ...lter String To add to the current list type the word or domain name you want to block into the field provided then click the Add button Filter strings should be as specific as possible Otherwise you may block access to many more sites than intended Trusted PC Allow this PC to Visit Blocked Sties Enable this to allow one computer to have unrestricted access to the Internet For this PC the URL filte...

Page 68: ...d menu Figure Access Control Screen 1 Data Access Control Screen Internet Access Access Control Select the desired options for the current group Disable Nothing is blocked Use this to create the least restrictive group Block all Internet access All traffic via the WAN port is blocked Use this to create the most restrictive group Block selected Services You can select which Services are to block Us...

Page 69: ...C If enabled restrictions set on this screen do not apply to Trusted PCs Set Trusted PCs Button Click this button to add or remove PCs of the Trusted PCs See the following section for details of the Trusted PCs screen Trusted PC Screen This screen is displayed when the Set Trusted PCs button on the Access Control screen is clicked Figure Trusted PC Screen Use this screen to add or remove PCs from ...

Page 70: ... data on the WN 300ARM VPN s DDNS screen and enable the DDNS feature 4 The WN 300ARM VPN will then automatically ensure that your current IP Address is recorded at the DDNS service provider s Domain Name Server 5 From the Internet users will be able to connect to your Virtual Servers or DMZ PC using your Domain name as shown on this screen Dynamic DNS Screen Select Advanced on the main menu then D...

Page 71: ...ser Name Enter your Username for the DDNS Service TZO com uses your E mail address Password Enter your current password for the DDNS Service TZO com calls this a key DDNS Status This message is returned by the DDNS Server Normally this message should be Update successful If the message indicates some problem you need to connect to the DDNS Service provider and correct this problem ...

Page 72: ...slight increase in security MTU Size Enter a value between 600 and 1500 Note MTU Maximum Transmission Unit size should only be changed if advised to do so by Technical Support UPnP Enable UPnP UPnP Universal Plug and Play allows automatic discovery and configuration of equipment attached to your LAN UPnP is supported by Windows ME XP or later If Enabled this device will be visible via UPnP If Disa...

Page 73: ...not required Start Time Enter the start using a 24 hr clock Finish Time Enter the finish time using a 24 hr clock Local Time Time Zone In order to display your local time correctly you must select your Time Zone from the list Adjust for Daylight Savings Time If your region uses Daylight Savings Time you must manually check Adjust for Daylight Savings Time at the beginning of the adjustment period ...

Page 74: ... NTP server as the primary NTP server check the checkbox Use this NTP Server and enter the Server s IP address in the fields provided If this setting is not enabled the default NTP Servers are used Current Time This displays the current time on the WN 300ARM VPN at the time the page is loaded ...

Page 75: ...igger on the screen You can then define your Port Trigger You will need detailed information about the application this is normally available from the supplier of the application Also note that the terms Incoming and Outgoing on this screen refer to traffic from the client PC viewpoint Figure Port Trigger Screen 1 Data Port Trigger Screen Port Trigger Enable Use this to Enable or Disable this Spec...

Page 76: ...on server for data you send to it If the application uses a single port number enter it in both the Start and Finish fields Incoming Ports Type Select the protocol TCP or UDP used when you receive data from the special application or service Note Some applications use different protocols for outgoing and incoming data Start Enter the beginning of the range of port numbers used by the application s...

Page 77: ...Data Port Forwarding Screen Port Forwarding Application Enter the desired application type External Port Traffic from the Internet using this port number will be sent to the Server This is normally the same as the Internal Port Number If it is different this device will perform a mapping or translation function allowing the server to use a different port to the clients Internal Port Enter the port...

Page 78: ...AirLive WN 300ARM VPN User s Manual 76 IP Address Enter the desired IP address Enabled Use this to Enable or Disable support for this Server as required ...

Page 79: ...reen Port Range Forwarding Application Enter the desired application type Start Enter the beginning of the range of port numbers used by the application server End Enter the end of the range of port numbers used by the application server Protocol Select the protocol TCP UDP or Both used by the Server IP Address Enter the desired IP address Enable Use this to Enable or Disable support for this Serv...

Page 80: ...rvice keep the default setting Disable To enable QoS Quality of Service click Enable and follow these instructions Management Type There are 2 options Rate Control The QoS will be managed by the size of the bandwidth Priority The QoS will be managed by the priority 1 1 WAN Setting DownStream Enter the desired value for the DownStream Connection UpStream Enter the desired value for the UpStream Con...

Page 81: ...uired Self Define Name Enter a name for your device Port Range Enter the values for the desired port range Protocol Select the desired option Ip Net Enter the IP addresses of your device Rate Enter the desired rate value Priority Select the option High Normal Low from the list Direct Select Upstream or Downstream as required Summary Priority The priority of the application Name The Name of this Ap...

Page 82: ...client needs to have matching configuration Traffic covered by an enabled policy will automatically be sent via a VPN tunnel If the VPN tunnel does not exist it will be created The VPN tunnel is created according to the parameters in the SA Security Association The remote VPN Endpoint must have a matching SA or it will refuse the connection The VPN Policies Auto Some parameters for the VPN tunnel ...

Page 83: ...es to the Enable setting for each policy Edit Edit modify the selected policy Select a policy by clicking on the radio button Delete Delete the selected policy Select a policy by clicking on the radio button Add Auto Policy Change to the input screen for an Auto policy See the following section for details When the new policy is saved it will appear in the bottom row of the Policy Table VPN Status...

Page 84: ...Endpoint Select the desired option Fixed IP address or Fully Qualified Domain Name and enter the address of the remote VPN endpoint you wish to connect to Note The remote VPN endpoint must have this VPN Gateway s address entered as its Remote VPN Endpoint NetBIOS Enable Check this if you wish NETBIOS traffic to be forwarded over the VPN tunnel The NETBIOS protocol is used by Microsoft Networking A...

Page 85: ...mote LAN Typically this setting is used when you wish to access a server on the remote LAN Subnet address Enter an IP address in the IP address field and the desired network mask in the Subnet Mask field The remote VPN endpoint must have these IP addresses entered as its Local addresses IKE Direction This setting is used when determining if the IKE policy matches the current traffic Select the des...

Page 86: ...ication Algorithm used for both IKE and IPSec This setting must match the setting used on the remote VPN Gateway Pre shared Key The key must be entered both here and on the remote VPN Gateway This method does not require using a CA Certificate Authority SA Life Time This determines the time interval before the SA Security Association expires It will automatically be re established if necessary Whi...

Page 87: ...or Manual policies the SPI must be entered when the policy is configured SPI Out This is a unique index number to identify the outgoing connection For Auto policies the SPI is automatically generated For Manual policies the SPI must be entered when the policy is configured Action This column will contain a button which allows you to break terminate the current the VPN connection Buttons Auto Refre...

Page 88: ...s which is not valid on the Internet The Router Gateway requires no VPN configuration since it is not acting as a VPN endpoint Client PC to VPN Gateway Figure Client PC to VPN Gateway In this situation the PC must run appropriate VPN client software in order to connect via the Internet to the WN 300ARM VPN or other VPN Gateway Once connected the client PC has the same access to LAN resources as PC...

Page 89: ...address ranges The VPN Policies at each end determine when a VPN tunnel will be established and what systems on the remote LAN can be accessed once the VPN connection is established It is possible to have simultaneous VPN connections to many remote sites VPN Example Connecting 2 WN 300ARM VPN In this example 2 LANs are connected via VPN Each end has a WN 300ARM VPN Figure Connecting 2 WN 300ARM VP...

Page 90: ... IKE Direction Initiator responder Initiator responder Does not have to match Either endpoint can block 1 direction Exchange mode Main Mode Main Mode Must match DH Group Group 2 1024 bit Group 2 1024 bit Must match Local Identity IP address IP address IP address is the most common ID method Remote Identity WAN IP address WAN IP address IP address is the most common ID method SA Parameters Encrypti...

Page 91: ...Configuration Settings Gateway A Gateway A should be configured as shown below Figure Gateway A Configuration AirLive WN 300ARM VPN User s Manual 89 ...

Page 92: ...Configuration Settings Gateway B Gateway B should be configured as shown below Figure Gateway B Configuration AirLive WN 300ARM VPN User s Manual 90 ...

Page 93: ...5 255 255 0 192 168 0 0 255 255 255 0 Remote Address subnet Use a more restrictive definition if possible IKE Direction Initiator responder Does not have to match Either endpoint can block 1 direction Exchange mode Main Mode Main Mode Must match DH Group Group 2 1024 bit Group 2 1024 bit Must match Local Identity IP address IP address is the most common ID method Remote Identity WAN IP address IP ...

Page 94: ...Configuration RS 1200 1 Policy Object VPN IPSec Autokey Define the IPSec setting 2 Policy Object VPN Tunnel Configure the else VPN setting AirLive WN 300ARM VPN User s Manual 92 ...

Page 95: ...3 Policy Outgoing Enable IPSec VPN setting 4 Policy Incoming Enable IPSec VPN setting AirLive WN 300ARM VPN User s Manual 93 ...

Page 96: ...Configuration WN 300ARM VPN AirLive WN 300ARM VPN User s Manual 94 ...

Page 97: ...168 0 0 255 255 255 0 Remote Address subnet Use a more restrictive definition if possible IKE Direction Initiator responder Initiator responder Does not have to match Either endpoint can block 1 direction Exchange mode Main Mode Main Mode Must match DH Group Group 2 1024 bit Group 2 1024 bit Must match Local Identity IP address IP address IP address is the most common ID method Remote Identity WAN...

Page 98: ...Configuration IP 2000VPN AirLive WN 300ARM VPN User s Manual 96 ...

Page 99: ...Configuration WN 300ARM VPN AirLive WN 300ARM VPN User s Manual 97 ...

Page 100: ... PCs shown when you select the DMZ PC or a Virtual Server This database is maintained automatically but you can add and delete entries for PCs which use a Fixed Static IP Address Config File Backup or restore the configuration file for the WN 300ARM VPN This file contains all the configuration data Logs E mail View or clear all logs set E Mailing of log files and alerts Diagnostics Perform a Ping ...

Page 101: ...dware Address to identify each PC not the name or IP address The Hardware Address can only change if you change the PC s network card or adapter 1 Data PC Database Screen Known PCs This lists all current entries Data displayed is name IP Address type The type indicates whether the PC is connected to the LAN Name If adding a new PC to the list enter its name here It is best if this matches the PC s...

Page 102: ...screen Figure PC Database Advanced 2 Data Advanced PC Database Screen Known PCs This lists all current entries Data displayed is name IP Address type The type indicates whether the PC is connected to the LAN PC Properties Name If adding a new PC to the list enter its name here It is best if this matches the PC s hostname AirLive WN 300ARM VPN User s Manual 100 ...

Page 103: ...Select the appropriate option Automatic discovery WN 300ARM VPN will contact the PC and find its MAC address This is only possible if the PC is connected to the LAN and powered on MAC address is Enter the MAC address on the PC The MAC address is also called the Hardware Address Physical Address or Network Adapter Address The WN 300ARM VPN uses this to provide a unique identifier for each PC Becaus...

Page 104: ...a Config File Screen Backup Config Use this to download a copy of the current configuration and store the file on your PC Click Backup to start the download Restore Config This allows you to restore a previously saved configuration file back to the WN 300ARM VPN Click Browse to select the configuration file then click Restore to upload the configuration file WARNING Uploading a configuration file ...

Page 105: ...y affect performance Since only a limited amount of log data can be stored in the WN 300ARM VPN log data can also be E mailed to your PC Use the E mail screen to configure this feature Figure Logs Screen 1 Data Logs Screen Logs Current Time The current time on the WN 300ARM VPN is displayed Log Data Current log data is displayed in this panel AirLive WN 300ARM VPN User s Manual 103 ...

Page 106: ...ttempted Internet accesses which were blocked are logged Connections to the Web based interface of this Router If checked this will log connections TO this Router rather than through this Router to the Internet Router operation If checked other Router operations not covered by the selections above will be logged Known DoS attacks and Port Scans If checked Denial of Service attacks as well as port ...

Page 107: ... address of the SMTP Simple Mail Transport Protocol Server you use for outgoing E mail Mail Sender Address Enter the mail address of the sender The E mail will also show this address as the Sender s address My SMTP Mail Server requires authentication To stop spanners many SMTP mail servers require you to log in to send mail In this case enable this checkbox and enter the login information User nam...

Page 108: ...a Network tries to visit a blocked site E mail Logs Send Logs Select the desired option for sending the log by E mail Never default This feature is disabled Logs are not sent When log is full The time is not fixed The log will be sent when the log is full which will depend on the volume of traffic Hourly Daily Weekly The log is sent on the interval specified If Daily is selected the log is sent at...

Page 109: ...in Ping Button After entering the IP address click this button to start the Ping procedure The results will be displayed in the Ping Results pane DNS Lookup Internet Name Enter the Domain name or URL for which you want a DNS Domain Name Server lookup Note that if the address in on the Internet and no connection currently exists you could get a Timeout error In that case wait a few seconds and try ...

Page 110: ...elow Port Number Enter a port number between 1 and 65535 The default for HTTP Web connections is port 80 but using port 80 will prevent the use of a Web Virtual Server on your LAN So using a different port number is recommended The default value is 8080 The port number must be specified in your Browser when you connect See the following section for details Access Permission Allow Remote Access Sel...

Page 111: ...d start your Web Browser 2 In the Address bar enter http followed by the Internet IP Address of the WN 300ARM VPN If the port number is not 80 the port number is also required After the IP Address enter followed by the port number e g http 123 123 123 123 8080 This example assumes the WAN IP Address is 123 123 123 123 and the port number is 8080 3 You will then be prompted for the login name and p...

Page 112: ...tion Protocol If using Windows 2000 Data center Server as a software Router enable RIP on the WN 300ARM VPN and ensure the following Windows 2000 settings are correct Open Routing and Remote Access In the console tree select Routing and Remote Access server name IP Routing RIP In the Details pane right click the interface you want to configure for RIP version 2 and then click Properties On the Gen...

Page 113: ...rties as required then click the Edit button to save the changes to the selected entry Buttons Add Add a new entry to the Static Routing table using the data shown in the Properties area on screen The entry selected in the list is ignored and has no effect Edit Update the current Static Routing Table entry using the data shown in the table area on screen Delete Delete the current Static Routing Ta...

Page 114: ...ddress Normally 0 0 0 0 but check your router documentation Network Mask Normally 0 0 0 0 but check your router documentation Gateway IP Address The IP Address of the WN 300ARM VPN Metric 1 4 Other Routers on the Local LAN Other routers on the local LAN must use the WN 300ARM VPN s Local Router as the Default Route The entries will be the same as the WN 300ARM VPN s local router with the exception...

Page 115: ...ss C Gateway IP Address 192 168 0 100 WN 300ARM VPN s local Router Metric 2 Entry 2 Segment 2 Destination IP Address 192 168 2 0 Network Mask 255 255 255 0 Standard Class C Gateway IP Address 192 168 0 100 Metric 3 6 7 For Router A s Default Route Destination IP Address 0 0 0 0 Network Mask 0 0 0 0 Gateway IP Address 192 168 0 1 WN 300ARM VPN s IP Address 8 9 For Router B s Default Route Destinati...

Page 116: ... on the Administration menu You will see a screen like the following Figure Router Upgrade Screen To perform the Firmware Upgrade 1 Click the Browse button and navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear in the Upgrade File field 3 Click the Upload button to commence the firmware upgrade AirLive WN 300ARM VPN User s Manual 114 ...

Page 117: ... in Modem mode the IP address does not change but the DHCP server is disabled However your PC will usually retain the IP address provided by the DHCP Server so the connection will be automatically re established You then need to ensure that the IP address of this modem is suitable for your LAN You need to have a DHCP Server on your LAN to provide IP addresses to the Wireless clients using this Acc...

Page 118: ...AN set IP address mask and gateway This is the same as in Router mode except that the DHCP server is not available while in Modem mode Wireless this screen and related sub screens is the same as in Router mode Password this screen is the same as in Router mode Upgrade FW this screen is the same as in Router mode Status displays current settings and status See the following section for details Bind...

Page 119: ...any operations or make any changes to the network traffic passing through it You need to have a DHCP Server on your LAN to provide IP addresses to the Wireless clients using this Access Point This mode is also called Bridge Mode After changing the mode this device will restart which will take a few seconds The menu will also change depending on the mode you are in Operation Operation is automatic ...

Page 120: ...Connection UpStream Connection Speed If connected displays the speed for the Up Stream upload ADSL Connection VC 1 8 Status For each VC Virtual Circuit the current status is displayed This will be either Enabled or Disabled ADSL Details Click this button to open a sub window and view the details of each VC Virtual Circuit LAN IP Address The IP Address of the WN 300ARM VPN Network Mask The Network ...

Page 121: ...een Wireless AP This indicates whether or not the Wireless Access Point feature is enabled Broadcast Name This indicates whether or not the SSID is Broadcast This setting is on the Wireless screen System Device Name The current name of the Router This name is also the hostname for users with an Home type connection Firmware Version The version of the current firmware installed Buttons ADSL Details...

Page 122: ...s a Fixed Static IP address ensure that it is using an IP Address within the range 192 168 0 2 to 192 168 0 254 and thus compatible with the WN 300ARM VPN s default IP Address of 192 168 0 1 Also the Network Mask should be set to 255 255 255 0 to match the WN 300ARM VPN In Windows you can check these settings by using Control Panel Network to check the Properties for the TCP IP protocol Internet A...

Page 123: ...C and the WN 300ARM VPN must have the same setting for WEP The default setting for the WN 300ARM VPN is disabled so your wireless station should also have WEP disabled If WEP is enabled on the WN 300ARM VPN your PC must have WEP enabled and the key must match If the WN 300ARM VPN s Wireless screen is set to Allow Trusted PCs only then each of your Wireless stations must have been designated as Tru...

Page 124: ... interference You can experiment by switching other devices Off and see if this helps Any noisy devices should be shielded or relocated RF Shielding Your environment may tend to block transmission between the wireless stations This will mean high access speed is only possible when close to the WN 300ARM VPN ...

Page 125: ...Stations and a single Access Point all using the same ID SSID form a Basic Service Set BSS Using the same SSID is essential Devices with different SSIDs are unable to communicate with each other ESS A group of Wireless Stations and multiple Access Points all using the same ID ESSID form an Extended Service Set ESS Different Access Points within an ESS can use different Channels In fact to reduce i...

Page 126: ...of the following WEP Off 64 Bit 128 Bit Key For 64 Bit encryption the Key value must match For 128 Bit encryption the Key value must match WEP Authentication Open System or Shared Key WPA PSK WPA PSK is another standard for encrypting data before it is transmitted This is a later standard than WEP Wired Equivalent Privacy and provides greater security for your data Data is encrypted using a 256Bit...

Page 127: ...e a client login on the Radius Server Each user must have a user login on the Radius Server Each user s wireless client must support 802 1x and provide the login data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required Wireless LAN Configuration To allow Wireless Stations to use the Access Point the Wireless Stations ...

Page 128: ...s one in each direction If IKE Internet Key Exchange is used to generate and exchange keys there are also SA s for the IKE connection as well as the IPsec connection There are two security modes possible with IPSec Transport Mode the payload data part of the packet is encapsulated through encryption but the IP header remains in the clear unchanged The Wireless ADSL Router does NOT support Transpor...

Page 129: ...s used the parameters settings for the IKE SA Security Association Generally you will need at least one 1 VPN Policy for each remote site for which you wish to establish VPN connections It is possible and sometimes necessary to have multiple Policies for the same remote site However you should only Enable one 1 policy at a time VPN Configuration The general rule is that each endpoint must have mat...

Page 130: ...endpoint The 2 LANs MUST use different IP address ranges IKE parameters If using IKE recommended the IKE parameters must match except for the SA lifetime which can be different IPsec parameters The IPsec parameters at each endpoint must match ...

Page 131: ... Protocol TCP IP Network Interface 4 10 100BaseT RJ45 LAN connection 1 RJ11 for ADSL line LEDs 15 Power Adapter 12VDC 1A External Wireless Interface Standards IEEE802 11b IEEE802 11g 802 11n Draft Frequency 2 4 to 2 4835GHz Industrial Scientific Medical Band Channels Maximum 14 Channels depending on regulatory authorities Modulation CCK DQPSK DBPSK BPSK QPSK 16 QAM 64 QAM OFDM Data Rate Up to 270 ...

Search results

Summary of Contents for WN-300ARM-VPN

Reviews:

Related manuals for WN-300ARM-VPN

Brands by name

Popular brands

AirLive WN-300ARM-VPN, User Manual

Search results

Summary of Contents for WN-300ARM-VPN

Reviews:

Related manuals for WN-300ARM-VPN

Brands by name

Popular brands