manualshive.com logo in svg

Comet Labs WRB54+, User Manual

Share
Download
Comet Labs WRB54+ User Manual Download Page 42

 

42

IPSec VPN supports two kinds of key-obtained methods: manual key and automatic key exchange. 

Manual key approach indicates that two end VPN gateways setup authenticator and encryption key by 

system managers manually. However, IKE approach will perform automatic Internet key exchange. 

System managers of both end gateways only need set the same pre-shared key.   

Function of Buttons 

More

: To setup detailer configuration for manual key or IKE approaches by clicking the "More" 

button. 

 

3.6.5.1 VPN Settings – IPSEC 

 

 

 

VPN Settings - IKE 

There are three parts that are necessary to setup the configuration of IKE for the dedicated tunnel: basic 

setup, IKE proposal setup, and IPSec proposal setup.   

Basic setup includes the setting of following items: local subnet, local netmask, remote subnet, remote 

netmask, remote gateway, and pre-shared key. The tunnel name is derived from previous page of VPN 

setting. IKE proposal setup includes the setting of a set of frequent-used IKE proposals and the 

selecting from the set of IKE proposals. Similarly, IPSec proposal setup includes the setting of a set of 

frequent-used IPSec proposals and the selecting from the set of IPSec proposals.   

 

Basic setup:   

Local subnet

 

The subnet of LAN site of local VPN gateway. It can be a host, a partial subnet, and the whole subnet 

of LAN site of local gateway.   

Summary of Contents for WRB54+

Page 1: ...1 User s Manual Wireless Internet Broadband Router Model Nr WRB54 English version...

Page 2: ...und to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against radio interference in a commercial en...

Page 3: ...ess Broadband Router 12 3 1 Start up and Log in 13 3 2 Status 14 3 3 Wizard 15 3 4 Basic Setting 16 3 5 Forwarding Rules 25 3 6 Security Settings 29 3 7 Advanced Settings 52 3 8 Toolbox 66 Appendix A...

Page 4: ...Firewall All unwanted packets from outside intruders are blocked to protect your Intranet l DHCP server supported All of the networked computers can retrieve TCP IP settings automatically from this p...

Page 5: ...to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address of the source and destination l Domain Filter Supported let...

Page 6: ...ted Because SNMP this function has many versions anyway the router supports V1 and V2c l Routing Table Supported Now the router supports static routing and two kinds of dynamic routing RIP1 and RIP2 l...

Page 7: ...7 Packing List l Wireless broadband router unit l Installation CD ROM l Power adapter l CAT 5 UTP Fast Ethernet cable...

Page 8: ...Blinking This product is functioning properly On The WAN port is linked WAN WAN port activity Green Blinking The WAN port is sending or receiving data WLAN Wireless activity Green Blinking Sending or...

Page 9: ...Rear Panel Ports Port Description 5VDC Power inlet DC 5V 1 5A minimum WAN the port where you will connect your cable or DSL modem or Ethernet router Port 1 4 the ports where you will connect networke...

Page 10: ...LAN ports of this product b Wireless LAN connection locate this product at a proper position to gain the best transmit performance Figure 2 3 Setup of LAN and WAN connections for this product 3 Setup...

Page 11: ...automatically that is via DHCP server of this product After installing the TCP IP communication protocol you can use the ping command to check if your computer has successfully connected to this produ...

Page 12: ...lle e es s ss s s B B Br r ro o oa a ad d db b ba a an n nd d d R R Ro o ou u ut t te e er r r This product provides Web based configuration scheme that is configuring by your Web browser such as Net...

Page 13: ...is established you will see the web user interface of this product There are two appearances of web user interface for general users and for system administrator To log in as an administrator enter t...

Page 14: ...t s working status A WAN Port Status If the WAN port is assigned a dynamic IP there may appear a Renew or Release button on the Sidenote column You can click this button to renew or release IP manuall...

Page 15: ...15 3 3 Wizard Setup Wizard will guide you through a basic configuration procedure step by step Press Next...

Page 16: ...16 Setup Wizard Select WAN Type For detail settings please refer to3 4 1 primary setup 3 4 Basic Setting...

Page 17: ...17 3 4 1 Primary Setup WAN Type Virtual Computers Press Change...

Page 18: ...SP assigns you a static IP address B Dynamic IP Address Obtain an IP address from ISP automatically C Dynamic IP Address with Road Runner Session Management e g Telstra BigPond D PPP over Ethernet Som...

Page 19: ...quires it Otherwise leave it blank 3 Maximum Idle Time the amount of time of inactivity before disconnecting your PPPoE session Set it to zero or enable Auto reconnect to disable this feature 4 Maximu...

Page 20: ...s you to setup the one to one mapping of multiple global IP address and local IP address Global IP Enter the global IP address assigned by your ISP Local IP Enter the local IP address of your LAN PC c...

Page 21: ...llowing items 1 DHCP Server Choose Disable or Enable 2 Lease Time this feature allows you to configure IP s lease time DHCP client 3 IP pool starting Address IP pool starting Address Whenever there is...

Page 22: ...TSI channel 7 for Japan 3 WEP Security Select the data privacy algorithm you want Enabling the security can protect your data while it is transferred from one station to another The standardized IEEE...

Page 23: ...nction is enable the Wireless user must authenticate to this router first to use the Network service RADIUS Server IP address or the 802 1X server s domain name RADIUS Shared Key Key value shared by t...

Page 24: ...24 3 4 4 Change Password You can change Password here We strongly recommend you to change the system password for security reason...

Page 25: ...25 3 5 Forwarding Rules 4 5 1 Virtual Server...

Page 26: ...equests to this port will be redirected to the computer specified by the Server IP Virtual Server can work with Scheduling Rules and give user more flexibility on Access control For Detail please refe...

Page 27: ...of Special Applications fails to make an application work try setting your computer as the DMZ host instead 1 Trigger the outbound port number issued by the application 2 Incoming Ports when the trig...

Page 28: ...o be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications NOTE This feature should be used only when needed Non standard...

Page 29: ...29 3 6 Security Settings...

Page 30: ...w all to pass except those match the specified rules 2 Deny all to pass except those match the specified rules You can specify 8 rules for each direction inbound or outbound For each rule you can defi...

Page 31: ...rol For Detail please refer to Scheduling Rule Each rule can be enabled or disabled individually Inbound Filter To enable Inbound Packet Filter click the check box next to Enable in the Inbound Packet...

Page 32: ...net news port 119 and transfer files via FTP port 21 Others are all allowed After Inbound Packet Filter setting is configured click the save button Outbound Filter To enable Outbound Packet Filter cli...

Page 33: ...92 168 0 123 which is very limited to special functions It is not allowed to send mail port 25 receive mail port 110 and browse Internet port 80 port 53 DNS is necessary to resolve the domain name Sec...

Page 34: ...2 168 0 200 is not allowed totransfer files via FTP port 21 Second filter 192 168 0 219 can do everything except read net news port 119 Others are allowed After Outbound Packet Filter setting is confi...

Page 35: ...n when someone accesses the specific URLs Privilege IP Addresses Range Setting a group of hosts and privilege these hosts to access network without restriction Domain Suffix A suffix of URL to be rest...

Page 36: ...ion will be record in log file 2 URL include www sina com will not be blocked but the action will be record in log file 3 URL include www google com will be blocked but the action will not be record i...

Page 37: ...o input a keyword only In other words Domain filter can block specific website while URL Blocking can block hundreds of websites by simply a keyword URL Blocking Enable Checked if you want to enable U...

Page 38: ...on will be record in log file 2 URL include sina will be blocked but the action will be record in log file 3 URL include cnnsi will not be blocked but the action will be record in log file 4 URL inclu...

Page 39: ...his device If a client is denied to connect to this device it means the client can t access to the Internet either Choose allow or deny to allow or deny the clients whose MAC addresses are not in the...

Page 40: ...allow the corresponding client to connect to this device A When Association control is checked check A will allow the corresponding client to associate to the wireless LAN In this page we provide the...

Page 41: ...gorithms VPN enable item VPN protects network information from ill network inspectors But it greatly degrades network throughput Enable it when you really need a security tunnel It is disabled for def...

Page 42: ...ecessary to setup the configuration of IKE for the dedicated tunnel basic setup IKE proposal setup and IPSec proposal setup Basic setup includes the setting of following items local subnet local netma...

Page 43: ...gateway Pre shared key The first key that supports IKE mechanism of both VPN gateways for negotiating further security keys The pre shared key must be same for both end gateways Function of Buttons S...

Page 44: ...e of Life Time Unit If the value of unit is second the value of life time represents the life time of dedicated VPN tunnel between both end gateways Its value ranges from 300 seconds to 172 800 second...

Page 45: ...IPSec proposal to be focused First char of the name with 0x00 value stands for the proposal is not available DH group There are three groups can be selected group 1 MODP768 group 2 MODP1024 group 5 M...

Page 46: ...e ranges from 20 480 KBs to 2 147 483 647 KBs Life time unit There are two units can be selected second and KB Proposal ID The identifier of IPSec proposal can be chosen for adding the proposal to the...

Page 47: ...When using VPN Dynamic IP Setting this router is working as a Dynamic VPN server Dynamic VPN Server will not check VPN client IP information so user can build VPN tunnel with VPN gateway from any rem...

Page 48: ...e L2TP tunnels for L2TP clients Each tunnel can accept more than one client User is required to configure Virtual IP of L2TP Server Authentication Protocol L2TP Tunnel Name and User Account Password V...

Page 49: ...clients Each tunnel can accept more than one client User is required to configure Virtual IP of PPTP Server Authentication Protocol PPTP Tunnel Name and User Account Password Virtual IP of PPTP Serve...

Page 50: ...tion to specified a group of trusted IP addresses For example 10 1 2 0 24 NOTE When Remote Administration is enabled the web server port will be shifted to 88 You can change web server port to other p...

Page 51: ...S attack comes from the Internet Currently the router can detect the following DoS attack SYN Attack WinNuke Port Scan Ping of Death Land Attack etc VPN PPTP IPSec Pass Through Please enable this feat...

Page 52: ...52 3 7 Advanced Settings...

Page 53: ...d Time by NTP Protocol Time Server Select a NTP time server to consult UTC time Time Zone Select a time zone where this device locates Set Date and Time manually Selected if you want to Set Date and T...

Page 54: ...ess for Syslog Host IP of destination where syslogs will be sent to Check Enable to enable this function E mail Alert Enable Check if you want to enable Email alert send syslog via email SMTP Server I...

Page 55: ...to separate these email addresses E mail Subject The subject of email alert This setting is optional Username and Password To fill some SMTP server s authentication requirement you may need to input...

Page 56: ...time you connect your Internet service provider Before you enable Dynamic DNS you need to register an account on one of these Dynamic DNS servers that we list in provider field To enable Dynamic DNS...

Page 57: ...57 Example After Dynamic DNS setting is configured click the save button...

Page 58: ...unction If Local is checked this device will response request from LAN If Remote is checked this device will response request from WAN Get Community Setting the community of GetRequest your device wil...

Page 59: ...ich s get community is set as public 2 This device will response to SNMP client which s set community is set as private 3 This device will response request from both LAN and WAN 4 This device will sen...

Page 60: ...to setup the functions of static and dynamic routing Dynamic Routing Routing Information Protocol RIP will exchange information about destinations for computing routes throughout the network Please se...

Page 61: ...168 0 103 1 So if for example the client3 wanted to send an IP data gram to 192 168 10 2 it would use the above table to determine that it had to go via 192 168 0 103 a gateway And if it sends Packets...

Page 62: ...62 3 7 6 Schedule Rule You can set the schedule time to decide which service will be turned on or off Select the enable item Press Add New Rule...

Page 63: ...63 You can write a rule name and set which day and what time to schedule from Start Time to End Time The following example configure ftp time as everyday 14 10 to 16 20...

Page 64: ...you want to Enable the Scheduler Edit To edit the schedule rule Delete To delete the schedule rule and the rule of the rules behind the deleted one will decrease one automatically Schedule Rule can be...

Page 65: ...65 Exanple1 Virtual Server Apply Rule 1 ftp time everyday 14 10 to 16 20 Exanple2 Packet Filter Apply Rule 1 ftp time everyday 14 10 to 16 20...

Page 66: ...66 3 8 Toolbox...

Page 67: ...67 3 8 1 System Log You can View system log by clicking the View Log button...

Page 68: ...68 3 8 2 Firmware Upgrade You can upgrade firmware by clicking Firmware Upgrade button...

Page 69: ...bin file Once you want to restore these settings please clickFirmware Upgrade button and use the bin file you saved 3 8 4 Reset to default You can also reset this product to factory default by clicki...

Page 70: ...re the target device must be Wake on LAN enabled and you have to know the MAC address of this device say 00 11 22 33 44 55 Clicking Wake up button will make the router to send the wake up frame to the...

Page 71: ...omputer If not please refer to your network card manual Moreover the Section B 2 tells you how to set TCP IP values for working with this NAT Router correctly A 1 Install TCP IP Protocol into Your PC...

Page 72: ...h NAT Router 1 Click Start button and choose Settings then click Control Panel 2 Double click Network icon Select the TCP IP line that has been associated to your network card in the Configuration tab...

Page 73: ...73 b Don t input any value in the Gateway tab...

Page 74: ...tab B Configure IP manually a Select Specify an IP address in the IP Address tab The default IP address of this product is 192 168 0 1 So please use 192 168 0 xxx xxx is between 1 and 253 for IP Addre...

Page 75: ...75 b In the Gateway tab add the IP address of this product default IP is192 168 0 1 in the New gateway field and click Add button...

Page 76: ...76 c In the DNS Configuration tab add the DNS values which are provided by the ISP into DNS Server Search Order field and click Add button...

Page 77: ...t t tt t ti iin n ng g g g g gu u ui iid d de e e Example Win XP 2000 VPN Router Configuration on WIN 2000 is similar to XP 1 On Win 2000 XP click Start button select Run type secpol msc in the field...

Page 78: ...78 Double click Administrative Tools...

Page 79: ...79 Local Security Policy Settings Double click Local Security Policy...

Page 80: ...Create IP Security Policy Click the Next button enter your policy s name Here it is to_vpn_router Then click Next Introduction Dis select the Activate the default response rule check box and click Nex...

Page 81: ...81 Build 2 Filter Lists xp router and router xp Filter List 1 xp router In the new policy s properties screen select Use Add Wizard check box and then click Add button to create a new rule...

Page 82: ...82 click Add button...

Page 83: ...83 Enter a name for example xp router and dis select Use Add Wizard check box Click Add button...

Page 84: ...cific IP Address and fill in IP Address 192 168 1 1 In the Destination address field select A specific IP Subnet fill in IP Address 192 168 0 0 and Subnet mask 255 255 255 0 If you want to select a pr...

Page 85: ...85 Click OK button Then click OK button on the IP Filter List page...

Page 86: ...86 select Filter Action select Require Security then click Edit button...

Page 87: ...87 select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button...

Page 88: ...88 select Custom button...

Page 89: ...89 Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button...

Page 90: ...90 select Authentication Methods page click Add button...

Page 91: ...ect Use this string to protect the key exchange preshared key and enter your preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Se...

Page 92: ...92 configure The tunnel endpoint is specified by this IP address 192 168 1 254 Select Connection Type...

Page 93: ...93 select All network connections Tunnel 2 router xp In the new policy s properties page dis select Use Add Wizard check box and then click Add button to create a new rule...

Page 94: ...94 click Add button...

Page 95: ...95 Enter a name such as router xp and dis select Use Add Wizard check box Click Add button...

Page 96: ...cific IP Subnet fill in IP Address 192 168 0 0 and Subnet mask 255 255 255 0 In the Destination address field select A specific IP Address and fill in IP Address 192 168 1 1 If you want to select a pr...

Page 97: ...97 Click OK button Then click OK button on IP Filter List window...

Page 98: ...98 select Filter Action tab select Require Security then click Edit button...

Page 99: ...99 select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button...

Page 100: ...100 select Custom button...

Page 101: ...101 Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button...

Page 102: ...102 select Authentication Methods page click Add button...

Page 103: ...lect Use this string to protect the key exchange preshared key and enter the preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Se...

Page 104: ...104 Configure The tunnel endpoint is specified by this IP address 192 168 1 1 Select Connection Type...

Page 105: ...105 select All network connections...

Page 106: ...106 Configure IKE properties Select General Click Advanced...

Page 107: ...107 enable Master key perfect forward security PFS configure Authenticate and generate a new key after every 10000 seconds click Methods click Add button...

Page 108: ...ure Integrity algorithm SHA1 Configure Encryption algorithm 3DES Configure Diffie Helman group Medium 2 Settings on VPN router VPN Router Wan IP address 192 168 1 254 Lan IP address 192 168 0 1 PC 192...

Page 109: ...109 VPN Settings VPN Enable Max number of tunnels 2 ID 1 Tunnel Name 1 Method IKE Press More...

Page 110: ...0 VPN Settings Tunnel 1 IKE Tunnel 1 Local Subnet 192 168 0 0 Local Netmask 255 255 255 0 Remote Subnet 192 168 1 1 Remote Netmask 255 255 255 255 Remote Gateway 192 168 1 1 Preshare Key my preshare k...

Page 111: ...111 VPN Settings Tunnel 1 Set IKE Proposal ID 1 Proposal Name 1 DH Group Group2 Encrypt Algorithm 3DES Auth Algorithm SHA1 Life Time 10000 Life Time Unit Sec...

Page 112: ...112 VPN Settings Tunnel 1 Set IPSec Proposal ID 1 Proposal Name proposal1 DH Group Group2 Encap Protocol ESP Encrypt Algorithm DES Auth Algorithm MD5 Life Time 10000 Life Time Unit Sec...

Page 113: ...113 User can view VPN connection process in System Log page and correct their settings Phase1 is related to IKE settings Phase2 is related to IPSEC settings...

Page 114: ...d d di iix x x C C C P P PP P PT T TP P P a a an n nd d d L L L2 2 2T T TP P P C C Co o on n nf f fi iig g gu u ur r ra a at t ti iio o on n ns s s 1 First please go to the Network connection 2 Connec...

Page 115: ...115 3 Choose Virtual Private Network 4 Do not dial to initial connection...

Page 116: ...116 5 Input the router wan ip address 6 Then ok please input username and password as you setup in the router...

Page 117: ...117 7 Select the type of VPN...

Page 118: ...g any pcs in the lan 192 168 0 x L2TP However the router is the also vpn l2tp server and supports three Authentication Protocols PAP CHAP and MSCPAP And the settings are similar with PPTP But MS opera...

Page 119: ...119 Then the steps refer to pptp settings...

Page 120: ...PC2 Microsoft Windows XP Professional with Service Pack 1a Z Com XI 725 wireless LAN USB adapter Driver version 1 7 29 0 Driver date 10 20 2001 Authentication Server Windows 2000 RADIUS server with S...

Page 121: ...le the 802 1X check the Enable checkbox 2 Enter the RADIUS server IP 3 Enter the shared key The key shared by the RADIUS server and DUT 4 We will change 802 1X encryption key length to fit the variabl...

Page 122: ...122 Figure 2 Enable IEEE 802 1X access control...

Page 123: ...ess Point 3 Set authentication type of wireless client and RADIUS server both to EAP_TLS 4 Disable the wireless connection and enable again 5 The DUT will send the user s certificate to the RADIUS ser...

Page 124: ...124 Figure 4 Certificate information on PC1 Figure 5 Authenticating...

Page 125: ...C2 5 Windows XP will prompt that the authentication process is success or fail and end the authentication procedure 6 Terminate the test steps when PC2 get dynamic IP and PING remote host successfully...

Page 126: ...R once to show the console mode commands Just type RR command to restore the factory setting Please refer to User Manual for the details 2 Restore with RESET button First turn off the router and press...

Reviews:

No comments

Brands by name

Popular brands

Load more brands