Comet Labs WRM54 User Manual Download

Page: 44 / 127

4.6.5.1 VPN Settings – IPSEC

VPN Settings - IKE

There are three parts that are necessary to setup the configuration of IKE for the dedicated tunnel:

basic setup, IKE proposal setup, and IPSec proposal setup.

Basic setup includes the setting of following items: local subnet, local netmask, remote subnet,

remote netmask, remote gateway, and pre-shared key. The tunnel name is derived from previous

page of VPN setting. IKE proposal setup includes the setting of a set of frequent-used IKE proposals

and the selecting from the set of IKE proposals. Similarly, IPSec proposal setup includes the setting of

a set of frequent-used IPSec proposals and the selecting from the set of IPSec proposals.

Basic setup:

Local subnet

The subnet of LAN site of local VPN gateway. It can be a host, a partial subnet, and the whole subnet

of LAN site of local gateway.

Local netmask

Local netmask combined with local subnet to form a subnet domain.

Remote subnet

The subnet of LAN site of remote VPN gateway, it can be a host, a partial subnet, and the whole

subnet of LAN site of remote gateway.

Summary of Contents for WRM54

Page 1: ...1 Wireless 802 11g Router with ADSL Modem and 4 Port switch built in User s Manual Version 1 01 Dec 2003...

Page 2: ...limits are designed to provide reasonable protection against radio interference in a commercial environment This equipment can generate use and radiate radio frequency energy and if not installed and...

Page 3: ...Status 15 4 3 Wizard 16 4 4 Basic Setting 17 4 5 Forwarding Rules 29 4 6 Security Settings 33 4 7 Advanced Settings 50 4 8 Toolbox 61 Chapter 5 Print Server 65 5 1 Configuring on Windows 95 98 Platfo...

Page 4: ...me wan types Ethernet Over ATM RFC 1483 Bridged without NAT Ethernet Over ATM RFC 1483 Bridged with NAT IP over ATM RFC 1483 Routed Classical Ip over ATM RFC 1577 PPP over ATM RFC 2364 PPP over Ethern...

Page 5: ...ack in 802 11g mode 11M 5 5M 2M 1M data rate with auto fallback in 802 11b mode Security functions z Packet filter supported Packet Filter allows you to control access to a network by analyzing the in...

Page 6: ...sent the router has 3 ddns dyndns TZO com and dhs org z SNMP Supported Because SNMP this function has many versions anyway the router supports V1 and V2c z Routing Table Supported Now the router suppo...

Page 7: ...en Blinking This product is functioning properly On The ADSL is linked SYNC ADSL Synchro Green Blinking This router is trying to connect to your ISP TX RX ADSL TX RX Green Blinking The ADSL is sending...

Page 8: ...Broadband Router on a desk or other flat surface or you can mount it on a wall For optimal performance place your ADSL Wireless Broadband Router in the center of your office or your home in a location...

Page 9: ...able to connect your printer to the printer port of this product Optional 5 Power on Connecting the power cord to power inlet and turning the power switch on this product will automatically enter the...

Page 10: ...tomatically that is via DHCP server of this product After installing the TCP IP communication protocol you can use the ping command to check if your computer has successfully connected to this product...

Page 11: ...Printer 5 3 Configuring on Windows 2000 and XP Platforms It is not necessary to setup any program and the print server can work Step 1 Insert the installation CD ROM into the CD ROM drive The followin...

Page 12: ...Step 4 When the following window is displayed click on the Finish button Select the item to restart the computer and then click the OK button to reboot your computer Step 4 After rebooting your compu...

Page 13: ...r r re e el l le e es s ss s s B B Br r ro o oa a ad d db b ba a an n nd d d R R Ro o ou u ut t te e er r r This product provides Web based configuration scheme that is configuring by your Web browser...

Page 14: ...n is established you will see the web user interface of this product There are two appearances of web user interface for general users and for system administrator To log in as an administrator enter...

Page 15: ...de Ready Not ready Printing and Device error When a job is printing there may appear a Kill Job button on the Side note column You can click this button to kill current printing job manually C Statist...

Page 16: ...16 4 3 Wizard Setup Wizard will guide you through a basic configuration procedure step by step Press Next Setup Wizard Select WAN Type For detail settings please refer to 4 4 1 primary setup...

Page 17: ...17 4 4 Basic Setting 4 4 1 Primary Setup WAN Type Press Change...

Page 18: ...2 WAN Type WAN connection type of your ISP You can click Change button to choose a correct one from the following five options A Ethernet Over ATM RFC 1483 Bridged without NAT B Ethernet Over ATM RFC...

Page 19: ...IP settings WAN IP Address WAN Subnet Mask WAN Gateway and Primary Secondary DNS Your ISP also specifies these settings VPI VCI Numbers The channel settings provided by your ISP Schedule Type The sett...

Page 20: ...P Address Obtain an IP address from ISP automatically Host Name optional Required by some ISPs for example Home 1 Renew IP Forever this feature enables this product to renew your IP address automatica...

Page 21: ...static mode you have to set the following WAN setting manually WAN IP Address WAN Subnet Mask WAN Gateway and Primary Secondary DNS Your ISP assigns these settings VPI VCI Numbers The channel setting...

Page 22: ...ou select static mode you have to set the following WAN setting manually WAN IP Address WAN Subnet Mask WAN Gateway and Primary Secondary DNS Your ISP assigns these settings VPI VCI Numbers The channe...

Page 23: ...23 4 4 1 5 PPP over ATM RFC 2364 Press More...

Page 24: ...ture If Auto reconnect is enabled this product will automatically connect to ISP after system is restarted or connection is dropped VPI VCI Numbers The channel settings provided by your ISP Schedule T...

Page 25: ...no activity disconnect to your PPPoE session You can also set it to zero or enable Auto reconnect to disable this feature If Auto reconnect is enabled this product will automatically connect to ISP a...

Page 26: ...M feature for virtual channel First click on the Enable or Disable circle for the settings of OAM Function Activation De activation Loop back and Fault Management individually Then click on the Save b...

Page 27: ...Disable or Enable 2 Lease Time this feature allows you to configure IP s lease time DHCP client 3 IP pool starting Address IP pool starting Address Whenever there is a request the DHCP server will aut...

Page 28: ...g the security can protect your data while it is transferred from one station to another The standardized IEEE 802 11 WEP 128 or 64 bit is used here 4 WEP Key 1 2 3 4 When you enable the 128 or 64 bit...

Page 29: ...ver and this router This key value is consistent with the key value in the RADIUS server 4 4 4 Change Password You can change Password here We strongly recommend you to change the system password for...

Page 30: ...world If you wish you can make some of them accessible by enabling the Virtual Server Mapping A virtual server is defined as a Service Port and all requests to this port will be redirected to the com...

Page 31: ...not work with a pure NAT router The Special Applications feature allows some of these applications to work with this product If the mechanism of Special Applications fails to make an application work...

Page 32: ...o be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications NOTE This feature should be used only when needed Non standard...

Page 33: ...33 4 6 Security Settings 4 6 1 Packet Filter...

Page 34: ...tination IP address you can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 1 4 3 2 254 An empty implies all IP addresses For source or destination port you can define a single por...

Page 35: ...ample 1 1 2 3 100 1 2 3 149 They are allow to send mail port 25 receive mail port 110 and browse the Internet port 80 1 2 3 10 1 2 3 20 They can do everything block nothing Others are all blocked Exam...

Page 36: ...ort 119 and transfer files via FTP port 21 Others are all allowed After Inbound Packet Filter setting is configured click the save button Outbound Filter To enable Outbound Packet Filter click the che...

Page 37: ...ey are allowed to send mail port 25 receive mail port 110 and browse Internet port 80 port 53 DNS is necessary to resolve the domain name 192 168 0 10 192 168 0 20 They can do everything block nothing...

Page 38: ...2 168 0 100 192 168 0 119 They can do everything except read net news port 119 and transfer files via FTP port 21 Others are allowed After Outbound Packet Filter setting is configured click the save b...

Page 39: ...on when someone accesses the specific URLs Privilege IP Addresses Range Setting a group of hosts and privilege these hosts to access network without restriction Domain Suffix A suffix of URL to be res...

Page 40: ...ion will be record in log file 2 URL include www sina com will not be blocked but the action will be record in log file 3 URL include www google com will be blocked but the action will not be record i...

Page 41: ...ice If a client is denied to connect to this device it means the client can t access to the Internet either Choose allow or deny to allow or deny the clients whose MAC addresses are not in the Control...

Page 42: ...e corresponding client to connect to this device A When Association control is checked check A will allow the corresponding client to associate to the wireless LAN In this page we provide the followin...

Page 43: ...e VPN greatly degrades network throughput the allowable maximum number of tunnels is limited Be careful to set the value for allowing the number of tunnels can be created simultaneously Its value rang...

Page 44: ...cludes the setting of a set of frequent used IKE proposals and the selecting from the set of IKE proposals Similarly IPSec proposal setup includes the setting of a set of frequent used IPSec proposals...

Page 45: ...ls for the dedicated tunnel Select IPSec proposal Click the button to setup a set of frequent used IPSec proposals and select from the set of IKE proposals for the dedicated tunnel VPN Settings Set IK...

Page 46: ...ts the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways Its value ranges from 20 480 KBs to 2 147 483 647 KBs Life time unit There are two uni...

Page 47: ...8 group 2 MODP1024 group 5 MODP1536 But none also can be selected here for IPSec proposal Encapsulation protocol There are two protocols can be selected ESP and AH Encryption algorithm There is two al...

Page 48: ...ls from the pool can be applied to the dedicated tunnel as shown in the proposal index list Function of Buttons Add to button Click it to add the chosen proposal indicated by proposal ID to IPSec Prop...

Page 49: ...t too Administrator Time out The time of no activity to logout automatically Set it to zero to disable this feature Discard PING from WAN side When this feature is enabled any host on the WAN cannot p...

Page 50: ...50 4 7 Advanced Settings 4 7 1 System Time...

Page 51: ...y NTP Protocol Time Server Select a NTP timeserver to consult UTC time Time Zone Select a time zone where this device locates Set Date and Time manually Selected if you want to Set Date and Time manua...

Page 52: ...Enable Check if you want to enable Email alert send syslog via email SMTP Server IP and Port Input the SMTP server IP and port which are contacted If you do not specify port number the default value...

Page 53: ...wishing to reach your host only needs to know the name of it Dynamic DNS will map the name of your host to your current IP address which changes each time you connect your Internet service provider B...

Page 54: ...Username E mail Password Key You will get this information when you register an account on a Dynamic DNS server Example After Dynamic DNS setting is configured click the save button 4 7 4 SNMP Settin...

Page 55: ...f Local is checked this device will response request from LAN If Remote is checked this device will response request from WAN Get Community Setting the community of GetRequest your device will respons...

Page 56: ...community is set as public 2 This device will response to SNMP client which s set community is set as private 3 This device will response request from both LAN and WAN 4 This device will send SNMP Tra...

Page 57: ...tocol RIP will exchange information about destinations for computing routes throughout the network Please select RIPv2 only if you have different subnet in your network Otherwise please select RIPv1 i...

Page 58: ...0 216 Each rule can be enabled or disabled individually After routing table setting is configured click the save button 4 7 6 Schedule Rule You can set the schedule time to decide which service will b...

Page 59: ...you want to Enable the Scheduler Edit To edit the schedule rule Delete To delete the schedule rule and the rule of the rules behind the deleted one will decrease one automatically Schedule Rule can be...

Page 60: ...60 Exanple1 Virtual Server Apply Rule 1 ftp time everyday 14 10 to 16 20 Exanple2 Packet Filter Apply Rule 1 ftp time everyday 14 10 to 16 20...

Page 61: ...61 4 8 Toolbox 4 8 1 System Log You can View system log by clicking the View Log button...

Page 62: ...clicking Firmware Upgrade button 4 8 3 Backup Setting You can backup your settings by clicking the Backup Setting button and save it as a bin file Once you want to restore these settings please click...

Page 63: ...Reset to default You can also reset this product to factory default by clicking the Reset to default button 4 8 5 Reboot You can also reboot this product by clicking the Reboot button 4 8 6 Miscellane...

Page 64: ...device must be Wake on LAN enabled and you have to know the MAC address of this device say 00 11 22 33 44 55 Clicking Wake up button will make the router to send the wake up frame to the target devic...

Page 65: ...inished the software installation procedure described in Chapter 3 your computer has possessed the network printing facility provided by this product For convenience we call the printer connected to t...

Page 66: ...ails item 3 Choose the PRTmate All in 1 from the list attached at the Print To item Be sure that the Printer Driver item is configured to the correct driver of your server printer 4 Click on the butto...

Page 67: ...k the OK button 5 2 Configuring on Windows NT Platforms The configuration procedure for a Windows NT platform is similar to that of Windows 95 98 except the screen of printer Properties Compared to th...

Page 68: ...Windows 2000 and XP have built in LPR client users could utilize this feature to Print You have to install your Printer Driver on LPT1 or other ports before you enter the following sequence 1 Open Pr...

Page 69: ...69 3 Select Standard TCP IP Port and then click New Port 4 Click Next and then provide the following information Type address of server providing LPD that is our NAT device 192 168 0 254...

Page 70: ...70 5 Select Custom and then click Settings 6 Select LPR type lp lowercase letter in Queue Name And enable LPR Byte Counting Enabled...

Page 71: ...71 7 Apply your settings...

Page 72: ...ase follow the traditional configuration procedure on Unix platforms to setup the print server of this product The printer name is lp In X Windows for example In Red hat Platforms Please follow the be...

Page 73: ...73 1 Start from the Red Hat System Setting Printing 2 Click Add Forward...

Page 74: ...74 3 Enter the Pinter Name Comments then forward 4 Select LPD protocol and then forward...

Page 75: ...75 5 Enter the router LAN IP Address and the queue name lp Then forward 6 Select the Printer Brand and Model Name Then Forward 7 Click Apply to finish setup...

Page 76: ...u can manual set it or via the tool printtool in X windows PS The spool name is lp all lowercase letter Below is my setting etc printcap lp sd var spool lpd lp mx 0 sh rm 192 168 0 254 rp lp key point...

Page 77: ...PC 1 First go to Printer center Printer list and add printer 2 Choose IP print and setup printer ip address router Lan ip address 3 Disable Default Queue of Server And fill in lp in Queue name item 4...

Page 78: ...computer If not please refer to your network card manual Moreover the Section B 2 tells you how to set TCP IP values for working with this NAT Router correctly A 1 Install TCP IP Protocol into Your P...

Page 79: ...NAT Router 1 Click Start button and choose Settings then click Control Panel 2 Double click Network icon Select the TCP IP line that has been associated to your network card in the Configuration tab...

Page 80: ...80 b Don t input any value in the Gateway tab c Choose Disable DNS in the DNS Configuration tab...

Page 81: ...t IP address of this product is 192 168 0 254 So please use 192 168 0 xxx xxx is between 1 and 253 for IP Address field and 255 255 255 0 for Subnet Mask field b In the Gateway tab add the IP address...

Page 82: ...82 c In the DNS Configuration tab add the DNS values which are provided by the ISP into DNS Server Search Order field and click Add button...

Page 83: ...t t tt t ti i in n ng g g g g gu u ui i id d de e e Example Win XP 2000 VPN Router Configuration on WIN 2000 is similar to XP 1 On Win 2000 XP click Start button select Run type secpol msc in the fiel...

Page 84: ...84 Double click Administrative Tools...

Page 85: ...85 Local Security Policy Settings Double click Local Security Policy...

Page 86: ...Create IP Security Policy Click the Next button enter your policy s name Here it is to_vpn_router Then click Next Introduction Deselect the Activate the default response rule check box and click Next...

Page 87: ...87 Build 2 Filter Lists xp router and router xp Filter List 1 xp router In the new policy s properties screen select Use Add Wizard check box and then click Add button to create a new rule...

Page 88: ...88 click Add button...

Page 89: ...89 Enter a name for example xp router and deselect Use Add Wizard check box Click Add button...

Page 90: ...cific IP Address and fill in IP Address 192 168 1 1 In the Destination address field select A specific IP Subnet fill in IP Address 192 168 0 0 and Subnet mask 255 255 255 0 If you want to select a pr...

Page 91: ...91 Click OK button Then click OK button on the IP Filter List page...

Page 92: ...92 select Filter Action select Require Security then click Edit button select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button...

Page 93: ...93 select Custom button Select Data integrity and encryption ESP Configure Integrity algorithm MD5...

Page 94: ...94 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button...

Page 95: ...95 select Authentication Methods page click Add button...

Page 96: ...ct Use this string to protect the key exchange pre shared key and enter your pre shared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel S...

Page 97: ...97 configure The tunnel endpoint is specified by this IP address 192 168 1 254 Select Connection Type...

Page 98: ...98 select All network connections Tunnel 2 router xp In the new policy s properties page deselect Use Add Wizard check box and then click Add button to create a new rule...

Page 99: ...99 click Add button...

Page 100: ...100 Enter a name such as router xp and unselect Use Add Wizard check box Click Add button...

Page 101: ...ecific IP Subnet fill in IP Address 192 168 0 0 and Subnet mask 255 255 255 0 In the Destination address field select A specific IP Address and fill in IP Address 192 168 1 1 If you want to select a p...

Page 102: ...102 Click OK button Then click OK button on IP Filter List window...

Page 103: ...103 select Filter Action tab select Require Security then click Edit button...

Page 104: ...104 select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button...

Page 105: ...105 select Custom button...

Page 106: ...106 Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button...

Page 107: ...107 select Authentication Methods page click Add button...

Page 108: ...ect Use this string to protect the key exchange pre shared key and enter the pre shared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel S...

Page 109: ...109 Configure The tunnel endpoint is specified by this IP address 192 168 1 1 Select Connection Type...

Page 110: ...110 select All network connections...

Page 111: ...111 Configure IKE properties Select General Click Advanced...

Page 112: ...112 enable Master key perfect forward security PFS configure Authenticate and generate a new key after every 10000 seconds click Methods click Add button...

Page 113: ...re Integrity algorithm SHA1 Configure Encryption algorithm 3DES Configure Diffie Helman group Medium 2 Settings on VPN router VPN Router Wan IP address 192 168 1 254 Lan IP address 192 168 0 254 PC 19...

Page 114: ...114 VPN Settings VPN Enable Max number of tunnels 2 ID 1 Tunnel Name 1 Method IKE Press More...

Page 115: ...VPN Settings Tunnel 1 IKE Tunnel 1 Local Subnet 192 168 0 0 Local Netmask 255 255 255 0 Remote Subnet 192 168 1 1 Remote Netmask 255 255 255 255 Remote Gateway 192 168 1 1 Pre shared Key my preshare...

Page 116: ...116 VPN Settings Tunnel 1 Set IKE Proposal ID 1 Proposal Name 1 DH Group Group2 Encrypt Algorithm 3DES Auth Algorithm SHA1 Life Time 10000 Life Time Unit Sec...

Page 117: ...117 VPN Settings Tunnel 1 Set IPSec Proposal ID 1 Proposal Name proposal1 DH Group Group2 Encaps Protocol ESP Encrypt Algorithm DES Auth Algorithm MD5 Life Time 10000 Life Time Unit Sec...

Page 118: ...118 User can view VPN connection process in System Log page and correct their settings Phase1 is related to IKE settings Phase2 is related to IPSEC settings...

Page 119: ...date 03 05 2003 PC2 Microsoft Windows XP Professional with Service Pack 1a Z Com XI 725 wireless LAN USB adapter Driver version 1 7 29 0 Driver date 10 20 2001 Authentication Server Windows 2000 RADI...

Page 120: ...Setup DUT 1 Enable the 802 1X check the Enable checkbox 2 Enter the RADIUS server IP 3 Enter the shared key The key shared by the RADIUS server and DUT 4 We will change 802 1X encryption key length t...

Page 121: ...121 Figure 2 Enable IEEE 802 1X access control...

Page 122: ...ess Point 3 Set authentication type of wireless client and RADIUS server both to EAP_TLS 4 Disable the wireless connection and enable again 5 The DUT will send the user s certificate to the RADIUS ser...

Page 123: ...123 Figure 4 Certificate information on PC1 Figure 5 Authenticating...

Page 124: ...PC2 5 Windows XP will prompt that the authentication process is success or fail and end the authentication procedure 6 Terminate the test steps when PC2 get dynamic IP and PING remote host successfull...

Page 125: ...cute the SR command to save the changes you have made For example IP 192 168 0 254 PW admin SR Reset to factory Default There are 3 methods to reset to default 1 Restore with console mode Please notic...

Page 126: ...go to step2 2 Turn off the router and press the RESET button in And then power on the router and hold the RESET button down until The SYS and or SYNC LED or Status LED start flashing For a moment the...

Page 127: ...successfully please use Reset Button reset to default the router If failed the program will ask to redo again from Step 2 Contact us Comet Labs Company URL www cometlabs com FAQ support support comet...

Search results

Summary of Contents for WRM54

Reviews:

Related manuals for WRM54

Brands by name

Popular brands

Comet Labs WRM54, User Manual

Search results

Summary of Contents for WRM54

Reviews:

Related manuals for WRM54

Brands by name

Popular brands