manualshive.com logo in svg

D-Link DRO-250i, User Manual

Share
Download
D-Link DRO-250i User Manual Download Page 79

                                                                                                     

Configuring DRO-250i                   

 
 

DRO-250i User Manual              

          

  

78 

can choose between DES and 3DES encryption methods. The key length 
for the 3DES algorithm is three times as long as the DES key, and is 
therefore more likely to be secure. User must choose exactly the same IKE 
encryption algorithm on both ends of a VPN tunnel. 
 

Phase 2 Proposal

 

PFS Mode

 - This drop-down menu allows user to specify the mode that 

will be used for IPSec Perfect Forward Security (PFS). The choices are 
Disable, Group 1, and Group 2. Group 1 uses 768-bit encryption, , Group 
2 uses 1024-bit encryption and Disable disables the PFS mode. User must 
use exactly the same PFS encryption mode on both ends of the VPN 
tunnel. 

IPSec Operation

 - This drop-down menu allows the  user to select the 

level of encryption that will be applied to packets that are sent between the 
two endpoints of a VPN tunnel. ESP - specifies that the entire packet will 
be encrypted (by the DES or 3DES algorithm, as selected in ESP tranform 
field) and authenticated (by the MD5 or SHA algorithm, as selected in 
ESP Authentication field). AH - specifies that only the authentication 
algorithm (MD5 or SHA, as selected below) will be used. When AH is 
selected, the data portion of packets sent between the two endpoints of a 
VPN tunnel will not be encrypted. 

IPsec Life Duration

 - Similar as IKE Life Duration, it's used for life 

duration of phase 2 key (in seconds). When it  expires the two peer site 
should trigger phase 2 negotiation again, to set up a new phase 2 key. 

ESP Transform

 - This drop-down menu allows user to select the 

encryption algorithm that will be used when ESP is selected in the IPSec 
Operation drop-down menu above. User can choose between Null - no 
encryption, DES - using DES encryption, 3DES - using triple DES 
encryption and AES - using AES encryption. User must select the exact 
same ESP transform (encryption algorithm) on both ends of a VPN tunnel. 

ESP Auth

 - This drop-down menu allows user to select the encryption 

algorithm that will be used when ESP is selected in the IPSec Operation 
drop-down menu above. User can choose between Null - no authorization, 

Summary of Contents for DRO-250i

Page 1: ...DRO 250i Router Users Guide Rev 1 0 MAY 2006 ...

Page 2: ...the DRO 250i to your network 17 2 4 Configuration via Web Browser 18 CONFIGURATION THROUGH WEB 20 3 2 Interfaces 20 3 2 1 Interfaces LAN 20 3 2 2 Interfaces WAN 1 22 3 2 3 Interfaces WAN2 23 3 2 3 1 Mode Settings 23 3 2 3 2 WAN2 Dial Up 24 3 2 3 2 1Dial Up Connection Settings 24 3 2 3 2 2Dial Up Dial out 27 3 2 3 2 3Dial Up Dial In 30 3 2 3 3 WAN2 Dial 33 3 2 4 Interfaces WAN3 35 3 2 5 Interfaces ...

Page 3: ...Advanced FIREWALL 66 3 4 6 1 Firewall Interface Configuration 66 3 4 6 2 Firewall POLICY 68 3 4 6 3 Firewall IDS Configuration 71 3 4 7 Advanced VPN 74 3 4 7 1 VPN VPN IPSEC 74 3 4 7 2 VPN Tunnel 76 3 4 7 3 VPN Tunnel Table 80 3 4 8 Advanced Load Balancing 81 3 4 8 1 Load Balancing Policy Based 81 3 4 8 2 Load Balancing Weight Based 83 3 4 9 Advanced Link Detection 84 3 4 10 Advanced SNMP 86 3 4 1...

Page 4: ... 2 Status Route Table 112 3 8 3 Status Multicast 113 3 8 4 Status NAT Info 115 3 8 5 Status IPsec Status 116 3 8 6 Status Log 118 3 8 6 1 Status Log Intrusion Log 118 3 8 6 2 Status Log Blocking Log 120 3 8 6 3 Status Log Session Log 121 3 8 6 4 Status Log IPSec Log 122 3 8 6 5 Status Log Black list 123 3 8 7 Status Traffic 124 3 8 8 Status ISDN 125 3 8 9 Status WAN4 Dial 126 3 9 HELP 128 APPENDIX...

Page 5: ...w network services to capitalize on opportunities with the growing SOHO enterprise market D Link s DRO 250i Router is designed for small and medium enterprises It has 1 LAN port and 4 WAN ports The supported WAN Ports are 2 Mbps V 35 interface 64 128kbps ISDN Leased Dialup interface Ethernet PPPoE WAN re configurable as DMZ interface Aux port It supports Manual and Automatic Back Up feature When a...

Page 6: ...rts The Product has 4 WAN ports V 35 WAN Interface V 35 can be connected to 2 Mbps Leased Modem ISDN WAN Interface ISDN S T Port is connected to either a dial up line or a dedicated leased line It also supports bandwidth on Demand BOD Following protocols are only supported within ISDN sub system Layer 2 protocol HDLC Layer 3 protocol Trans Dial on Demand The dial on demand feature allows the produ...

Page 7: ...uses only Sync PPP MLPPP is used in conjunction with 128 Kbps line Ethernet WAN Interface This Ethernet interface can be used to connect the WAN interface by using any broadband modem It can be connected in the following 3 modes 1 Dynamic connection Using the DHCP client it will get connect to the broadband 2 PPPoE Point to Point link over Ethernet It is the widely used mode to connect broadband n...

Page 8: ...formation Protocol or RIP as it is more commonly called is one of the most enduring of all routing protocols DRO 250i supports both the versions of V1 and V2 OSPF Short for Open Shortest Path First an interior gateway routing protocol developed for IP networks based on the shortest path first or link state algorithm DRO 250 supports both the version of OSPF Static Routing Static routes are special...

Page 9: ...vice DoS and Distributed Denial of Service DDoS Filter like IP address port domain name Mac address URL etc Virtual servers Port forwarding VPN Using the DRO 250i integrated VPN you can provide a secure connection between widely separated office networks or securely link telecommuters or travellers to the office network An encrypted traffic tunnel is created between DRO 250i protected networks or ...

Page 10: ...anager This feature allows network administrators to manage network performance find and solve network problems and plan for network growth Multicasting Internet Protocol IP multicast is a bandwidth conserving technology that reduces traffic by simultaneously delivering a single stream of information to thousands of corporate recipients and homes Applications that take advantage of multicast inclu...

Page 11: ... the configurations onto the product as well as it can be downloaded to the local hard disk The same configuration can be uploaded to the device Web Based Configuration and Management The product provides SSL based secure user friendly Web Pages to configure and manage the device and the network Internet Access The product supports the TCP IP protocol which is the protocol language for the Interne...

Page 12: ...Introduction to DRO 250i DRO 250i User Manual 11 Chapter 2 and 3 will give the detail info on how to install configure the DRO 250i router ...

Page 13: ...Installing DRO 250i DRO 250i User Manual 12 INSTALLING DRO 250i 2 1 About the router This section will introduce hardware of the router Front View Rear View CHAPTER2 ...

Page 14: ...ion Designation 1 Power On ON OFF 2 WAN1 V 35 Ready ON Interface is up OFF Interface is down 3 WAN1 V 35 Link ACT ON There is activity on this interface OFF There is no activity on this interface Blinking There is activity through v 35 interface 4 WAN2 ISDN Link ON Physical link is up OFF Physical link is down 5 WAN2 ISDN B1 ON B1 Connected OFF B1 Disconnected ...

Page 15: ... OFF Receive Activity off 10 WAN3 DMZ Link ON Physical link is up OFF Physical link is down 11 WAN3 DMZ Tx ON Transmission Activity on OFF Transmission Activity off 12 WAN3 DMZ Rx ON Receive Activity on OFF Receive Activity off 13 SWT F Restores the factory settings 14 SWT R Hard reset for board Interfaces Description V 35 DTE WAN1 WAN Port LAN Ethernet 10BaseT for LAN Port RJ 45 WAN3 DMZ WAN3 Por...

Page 16: ...UT 85 265 VAC Input Voltage 230 VAC 2 2 Unpacking the DRO 250i DRO 250i Package Contents The DRO 250i package contains the following items The DRO 250i router 1 Blue cross over Ethernet Cables 3 Grey Straight Ethernet Cables 1 V 35 Cables 1 power cord User Manual CD Quick Install Guide 2 1 2 ...

Page 17: ...e make sure the unit has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate airflow and cooling Dimensions 440 96 x 194 81 x 44 mm Rack mount 1U standard Weight 2 5 Kg Power requirements Power consumption 6 6W AC input voltage 85 to 265 VAC AC input current 1 6 A Frequency 50 Hz Environmental specifications Operating Temperature 32 to 104 0 F 0 to 55 0 C Storage Temperature 13...

Page 18: ...nect the LAN interface to the hub or switch connected to your internal network using cross cable Connect the V 35 DTE WAN Port to a 2 Mbps Leased Line modem Computers that act as servers Mail Server FTP Servers etc to provide Internet services should be connected to DMZ Port using an Ethernet Cable Connect the WAN2 interface to the ISDN NT1 Connect an analog modem to the Aux Port Power OFF before ...

Page 19: ...oaded on to the flash 2 Router supports WEB based management feature to configure the board Internet Explorer Version 5 5 and above is the preferred browser Connect the PC to the LAN port of Router and open internet explorer browser with the following https IP address of Router s LAN interface i e https 192 168 100 254 connection on Internet Explorer This will bring the login page of Router on the...

Page 20: ...Introduction to DRO 250i DRO 250i User Manual 19 D Link Welcome Page will appear and you can browse through the web page ...

Page 21: ...o be a 192 168 0 x network with a subnet mask of 255 255 255 0 user might assign the Router an IP address of 192 168 0 1 and configure its DHCP server to assign addresses in the range between 192 168 0 2 to 192 168 0 100 The default gateway setting for computers on the LAN side will be the DRO 250i s IP address which in this case is 192 168 0 1 Saving all of this information to the DRO 250i s flas...

Page 22: ...can configure its DHCP server with the appropriate IP address range and subnet mask and then assign an IP address from the same range This way a computer on the LAN side of network can always get the proper network addressing information by DHCP from the Router simply by being restarted Click on Interface LAN to get the web page as shown below ...

Page 23: ...DNS address es provided to user by ISP Each IP address entered in the fields must be in the appropriate IP form which is four IP octets separated by a dot x x x x The Router will not accept the IP address if it is not in this format Protocol CiscoHDLC Sync PPP user can select the sync protocol which can be either cisco HDLC or Sync PPP User should confirm the protocol supported by the ISP and then...

Page 24: ...ettings and the web page open as shown below This page allows user to configure ISDN in either Leased or Dialup If the user selects Leased on this page and clicks apply then only leased configuration page will be shown If user wants to configure for dialup then he she has to select dialup from this page and then click apply ...

Page 25: ...needs to be applied depending on the new connection type selected Click on Interfaces WAN2 Dial up Connection Settings and the web page open as shown below My Phone Number My Phone number is user s own telephone number with an area code included if ISDN port is directly connected to the phone socket Otherwise if it is connected to a PBX then provide the MSN phone number stored in the PBX E g If th...

Page 26: ...lin Dialout User can configure dial out and dial in 128k 64K Dialin 64K Dialout User can configure first channel B1 for dial out and second channel B2 for dial in 2 64K Dialout Users can configure two channels B1 B2 with two different dialout configurations 2 64K Dialin Users can configure two channels B1 B2 with two different dialin configurations BOD Dialout User can configure Bandwidth on deman...

Page 27: ...pplied Automatic apply of dialout pages Dialout page will be applied with appropriate profile if he she has configured it previously User has to configure profile for each connection type i e 64K B1 64K B2 and 128K at least once If user has selected connection type as 128K dialin dialout or BOD dialout and he has configured a profile for this connection type then that profile will automatically be...

Page 28: ...onfigured previously Same if user selects dialup in mode settings page and press apply then ISDN dialup pages connections page dialout dialin will be automatically applied if they were configured previously 3 2 3 2 2 Dial Up Dial out Click on Interfaces WAN2 Dialup Dial Out and the web page open as shown below This page has the parameters required for establishing the internet connection with the ...

Page 29: ...B1 channel is selected automatically When the Connection type is 128kbps dial out dial in only Channel 1 B1 will be enabled User can see the status of two channels in the status page Profile table will show which profile has been selected for which channel This page only configures the particular channel with ISP profile To initiate a dial go to ISDN STATUS page and click Dial Local IP address Fil...

Page 30: ...ISP excluding the Area Code and Dial Prefix Alternate Phone Number Enter the alternate phone number of the ISP excluding the Area Code and Dial Prefix If primary phone number is busy then alternate phone number will be dialed automatically User Name Enter the user name given by the ISP provider It can be 20 characters long Password Enter the password given by the ISP provider It can be 20 characte...

Page 31: ...disable auto hang up Retries Enter the number of times user wants the system to retry the dialing to connect to ISP if it is not connected It is a single digit number 3 2 3 2 3Dial Up Dial In Dial in Click on Interfaces WAN2 Dial up Dial in Dial In and the web page open as shown below This page has the parameters required for establishing Dialin connection User can configure either channel 1 or ch...

Page 32: ...n connections will be accepted from any phone number Local IP Enter the IP address to be assigned for the Dialin connection one at end It is in the form of four IP octets separated by a dot x x x x Unnumbered This interface can be configured as an unnumbered interface Netmask Enter the subnet mask in dotted decimal i e A B C D format Remote IP Enter the IP address to be assigned to the remote end ...

Page 33: ...ser name to be given to Dialin user It can be 20 characters long Password Enter the password to be given to the Dialin user It can be 20 characters long Phone Number Enter the phone number of the Dialin user including area code for e g if the Dialin user area code is 080 and phone number is 26788345 then enter 08026788345 in this field This number is used to allow Dialin connection in case the SEC...

Page 34: ...d connection type 128K dialin dialout then he can enter a user account on channel1 If user has selected connection type 64kdialin 64kdialout then user should enter a user account on channel2 If user has selected connection type 2 64kdialin then he can enter two different phone numbers on two channels 3 2 3 3 WAN2 Dial Click on Interfaces WAN2 Dial and the web page opens as shown below Physical Lin...

Page 35: ...OWN Channel 2 Status This will show UP when Channel2 B2 is up otherwise it will show DOWN Channel 1 and Channel 2 Status Connection Type This will show the connection type and whether channel is being used as dial out or dial in Local IP address This will show Local IP address Remote IP address This will show Remote IP address ...

Page 36: ...ation for your DRO 250i and to choose the protocol by which your DRO 250i will receive its WAN3 network settings WAN3 Settings Static IP address Select this option to set static IP information You will need to enter the IP address subnet mask and gateway address provided to you by your ISP The default gateway field specified here will be used by Load balancing feature to route packets through this...

Page 37: ...Protocol DHCP Use this setting if your ISP instructs you to use DHCP or to automatically obtain an IP address A server on your ISP s network will then automatically send the necessary IP address information to your DRO 250i Host Name Hostname is the name assigned to the DRO 250i which will be displayed in the DHCP server list to which the device is connected Renew Release Renew button will help th...

Page 38: ...ce When this is not selected DRO 250i will obtain an IP address automatically for your PPPoE connection User Name Enter your PPPoE username Password Enter your PPPoE password Idle Timeout In seconds This is the time interval which if there is no network traffic between your local network and your ISP your PPPoE connection will be disconnected Host Name Hostname is the desired access concentrator s...

Page 39: ...ing as DMZ port then user can check the option of Ethernet WAN and click on Apply Button After clicking on Apply button the port will start behaving as Ethernet WAN It works vice versa too Unnumbered Interfaces Only point to point interfaces can be configured as an unnumbered interface An unnumbered interface borrows the LAN IP address by default The user can edit this and configure a custom IP ad...

Page 40: ... Name User must give the account a name This can be anything user likes but if user has more than one account each name must be unique Phone No Specify the phone number to dial Authentication type Password Authentication Protocol PAP The client authenticates itself by sending a user name and an optionally encrypted password to the server which the server compares to its secret database Challenge H...

Page 41: ...k your provider for more info Idle Timeout In Seconds If there is no activity on the line then the connection gets disconnected after the time entered in this field IP Settings Check this if ISP uses dynamic IP address assignment In this case IP address will change every time user establishes a connection Otherwise uncheck it If ISP has given user a static IP address Then user will need to enter t...

Page 42: ...ction It is in dotted decimal i e A B C D format Local IP Enter the IP address to be assigned for the Dial In connection It is in dotted decimal i e A B C D format Unnumbered This interface can be configured as an unnumbered interface Idle Time In Seconds If there is no activity on the line then the connection gets disconnected after elapsing of the time entered in this field Authentication Select...

Page 43: ...uring user accounts for Dial In connections Click on Interfaces WAN4 Dial In User Account and page opens up as shown below User Name Enter the user name to be given to Dial In user It can be of 20 characters long Password Enter the password to be given to the Dial In user It can be of 20 characters long ...

Page 44: ...Initialization String 0 String used to initialize the modem It is specific for a modem The default value is ATZ Initialization String 1 If modem has two initialization strings then provide second one otherwise leave it blank Init Response Provide Init response string for modem the default value is OK Dial String Provide dial command for modem the default value is ATDT Connect Response Provide conn...

Page 45: ... No Dial Tone Response Provide no dial tone response string for modem the default value is NO DIAL TONE Ring Response Provide ring response string for modem the default value is RING Answer Response Provide answer response string for modem the default value is CONNECT Modem Time Out This is the time required to wait for the CONNECT response from modem A setting of about 30 seconds should be suffic...

Page 46: ...e web page opens up as shown below Flow control Select the appropriate flow control i e CRTSCT hardware XON XOFF software or NONE no flow control The recommended setting is hardware flow control Line termination Choose the correct character sequence for modem Most modems will use CR LF however some modems need different settings Connection speed Bits per second Choose from the list of connection s...

Page 47: ... this interface 2 Auto If the primary interface goes down the backup interface configured for this will be connected automatically In addition to this all features pertaining to the backup interface will be applied automatically 3 Manual If primary interface goes down backup interface won t be connected automatically If user connects the backup manually all the features like NAT Virtual Server and...

Page 48: ...cannot be made a primary interface 3 When auto backup is selected all configurations other than Virtual Server and VPN made for a backup interface will be applied automatically like the connection type for the WAN interface Static Routes configured on this interface NAT configured on this interface etc 4 An interface cannot be connected manually if it is made a backup interface in auto mode 5 An i...

Page 49: ...rnet WAN called WAN3 User can check the option if he she wants After checking the proper option i e DMZ or Ethernet WAN checked physical port will behave in that manner For example if currently the port is working as DMZ port and then user can check the option of Ethernet WAN and then click on Apply After which the device and the port will start behaving as Ethernet WAN It works vice versa too ...

Page 50: ...terface name e g LAN WAN1 and WAN2 etc Interface WAN2 ISDN can be configured as a single 64kbps single 128kbps or 2 64kbps channels In case of a single channel user can add routes for B1 only In case of two channels routes can be configured for both B1 and B2 Destination Network IP address Destination Network IP address for which route is to be added Subnet Mask Specify the subnet mask for the des...

Page 51: ...h the user has entered these entries is up 2 Entries with grey colour are inactive entries the interface for which the user has entered these entries is down RIP Settings RIP page allows user to configure the RIP Routing Protocol In the web page user can also customize RIP settings for every interface RIP Version RIP version can be either 1 or 2 Redistribute Static Connected and OSPF routes can be...

Page 52: ... channels In case of a single channel only B1 will be configurable by the user In case of two channels both B1 and B2 can be configured Enable Enable or disable RIP on the particular interface Send Version The interface can use the global default RIP version to send RIP messages or be configured to use a specific RIP version Receive Version The interface can use the global default RIP version to r...

Page 53: ...ult multicast behaviour OSPF Settings OSPF page allows user to configure the OSPFv2 Routing Protocol Router Id Set the Router ID of the OSPF Router This is of the 4 octet form as IP address format Redistribute Static Connected and RIP routes can be redistributed into the OSPF table OSPF Daemon Start or Stop the OSPF Daemon Interface Settings Configure interface specific OSPF settings ...

Page 54: ... in the form of an IP address If you have a decimal format Area ID it can be converted to the IP address format For more details refer to the procedure at the end of this section Metric Value Metric value of the interface 1 65535 Priority The priority of this interface This field is used in the designated router election algorithm Maximum value of priority is 255 Authentication Type Type of Authen...

Page 55: ...rea id as a hexadecimal number with 8 hex digits For example area id 268 is 0x0000010C in hexadecimal format Step 2 The dotted format a b c d can be obtained from this hexadecimal number The first two digits represent a the next two digits b next two digits c and the last two digits represent d For example in 0x0000010C a 00 i e 0 b 00 i e 0 c 01 i e 1 d 0C i e 12 Step 3 So Area ID 268 in dotted f...

Page 56: ...er The Router can be a DHCP server for LAN assigning IP addresses subnet mask etc DHCP Server Status This allows user to Enable or Disable the DHCP Server feature on the Router The default is Enabled Starting IP address This is the first IP address in a range that the Router will assign to a computer on network This IP address cannot be the same as the IP address assigned to the Router nor can it ...

Page 57: ...nds Auto Configuration This field allows the user to specify whether or not the Router will assign the following network settings to the computers on user s network If Enable Auto Configuration is chosen then DNS Proxy is enabled in the Router The default network settings for the systems in the user s network will be obtained automatically from ISP by the Router If Disable Auto Configuration is ch...

Page 58: ... optional Check disables checkbox to disable secondary DNS DHCP client table shows the client computers to which the IP addresses have been assigned by DHCP The DHCP Client Table will show the Host Name IP address MAC Address and Expire Time of the DHCP lease for each client computer ...

Page 59: ...to get the web page as shown below DHCP Reservation is a method of assigning the static IP address to a defined MAC Address System administrator can use this feature to configure the static IP address for some of the systems in the LAN These IP address however will fall in the DHCP server configured IP address range ...

Page 60: ...ace name corresponding to the DNS Server IP entered If Two or more interfaces have the same DNS Server select the interface type as DEFAULT The interface with DEFAULT type will have the highest priority All the static DNS entries are displayed in gray color and all the dynamic DNS entries are displayed in yellow color In the DHCP Server Setting page Enable the Auto Configuration for the computers ...

Page 61: ...Configuration Click on Advanced NAT Interface Configuration to get the web page as shown below NAT can be Enabled Disabled on the specific interface on this page Enable the interface on which the NAT is to be applied and then click Apply To configure the NAT visit NAT configuration Page ...

Page 62: ...e the configuration in the Interface Configuration webPage WAN Interface Select the WAN Interface from the drop down menu on which the NAT Configuration entry has to be made NAT Type Select the type of NAT to be applied on the interface from the drop down menu The types that can be configured are Many To One Any IP from Private network passing through the NAT enabled interface are mapped to the si...

Page 63: ...t IP and the end IP to configure a range of IPs In case of single IP please enter the same IP in both the fields Global IP Specify the start IP and the end IP to configure a range of IPs In case of single IP please enter the same IP in both the fields A table is displayed showing the NAT configurations made by the user The entry can be enabled or disabled by clicking the view button For Eg To disa...

Page 64: ... One To One IP range should not overlap with the existing Many To Many or Many to One entry for any given interface 3 4 4 NAT Advanced NAT Click on Advanced NAT Advanced NAT to get the screen as shown below The NAT can be disabled between 2 interfaces If Advanced NAT is applied for Interface 1 and Interface 2 then sessions passing through the Interface2 and generated from interface1 are not NATed ...

Page 65: ...remote clients to the server running the specified service on LAN by translating the global IP to the user s Private IP address Remember that the Global IP address must be within the range specified on the NAT Settings page and that the Private IP address must be within the range specified for LAN Interface Name This is the WAN interface which will be used for the servers Private IP This is the IP...

Page 66: ...is that the protocol is identified by name For example the Simple Mail Transfer Protocol SMTP in the drop down menu is used to send receive e mail It uses the TCP transport protocol and port number 25 This information will be entered for user if user selects SMTP from the Protocol drop down menu Port Number Select the TCP or UDP port number which the application will use for its connections The ch...

Page 67: ...n be enabled disabled on a particular Interface with this field Security Type Interfaces can be set to either trusted or un Trusted type on this field If the security type is set to Trusted then Outbound Policies will be applied on that interface if the security type is set to Un Trusted then Inbound Policies will be applied on that interface If more than one interface is of same security type the...

Page 68: ...nfigures LAN as Un trusted then user needs to configure Remote Access for getting the web configuration So before configuring LAN as un trusted user should enter the IP of the LAN PC which is configuring the DRO 250i in the Remote access configuration web page ...

Page 69: ...nd that policy will be activated whenever that time comes One week policy is also used for the same purpose Please remember that if there is any Always policy above the One time or One week then Always policy will be active So please keep One time and One week policies on the top of the Always policies so that they can become active when their time arrives User can disable any particular policy if...

Page 70: ...und packet it will also go through IP Range Filter Domain Filter and MAC Filter check When Disable is selected all packets will pass through the firewall IP Range Filter Status When Enable is selected the IP Filter will be applied to packets going to the WAN The packet in the IP filter list will be dropped When Disable is selected the packet in the IP filter list will not be dropped MAC Filter Sta...

Page 71: ... You can enter a range of port numbers for which the current policy rules will be applied If you have only one port number to enter enter it in both fields Direction This allows you to specify the source of network traffic for which the current policy entry will be applied from the Internet Inbound or from your LAN Outbound IP Range Filter The IP Range Filter page allows you to deny access to the ...

Page 72: ...ernet based on URL Domain Name String 3 4 6 3 FIREWALL IDS Configuration Click Advanced Firewall IDS to get the screen as shown below IDS Configuration IDS Intrusion Detection System detects few of the known Attacks The attacks detected by the IDS system can be configured in the IDS Configuration webpage The user can enable detection of the attacks by checking the checkboxes The attacks are classi...

Page 73: ... SYN ACK attack FIN attack RESET attack are detected under this category These attacks exploit the TCP 3 way handshake Port scan Attack Netbus scan Back orifice scan Echo chargen scan UDP echo scan Chargen scan IMAP scan are detected under this category Particular ports are scanned under this attack Land Attack The Land attack involves the perpetrator sending spoofed packet s with the SYN flag set...

Page 74: ...te Ascend router reboot by sending it a UDP packet containing special data on port 9 discard The Attacks are logged in the Intrusion Log webpage The IPs of the attacker are blacklisted for prevention of further Attacks from the same IP Check all the checkboxes for effective Intrusion Detection System ...

Page 75: ...ata origin authentication protection against replay attacks and confidentiality for each IPSec packet This is achieved by using headers and trailers on each packet which provide core pieces of information pertaining to authentication data integrity and confidentiality The AH Authentication Header addresses data origin authentication data integrity and replay protection The ESP Encapsulating Securi...

Page 76: ...hat the AH offer as well IPSec Passthrough Click Enable to allow IPSec packets to pass through the router to the destination computer on your LAN When IPSec Pass through is enabled the Router will allow IPSec packets to reach their destination computer on your LAN IPSec Status Click Enable to make the IPSec settings active ...

Page 77: ...tered The Tunnel ID is sometimes called the Negotiation ID of the remote gateway Tunnel Source Interface The WAN interface name which serves as the tunnel source endpoint Interface WAN2 ISDN can be configured as a single 64 128kbps or 2 64kbps channels When two 64kbps channels have been configured either of the channels B1 or B2 can be selected as the tunnel source Termination IP The IP address of...

Page 78: ...d the two peer site should trigger phase 1 negotiation again to set up a new phase 1 key phase 2 negotiation also will be triggered IKE Hash This drop down menu allows user to select the algorithm that will be used to ensure that the messages exchanged between the two IPSec VPN tunnel endpoints have been received exactly as it was sent In other words a Hash algorithm is used to generate a binary n...

Page 79: ...lected in ESP tranform field and authenticated by the MD5 or SHA algorithm as selected in ESP Authentication field AH specifies that only the authentication algorithm MD5 or SHA as selected below will be used When AH is selected the data portion of packets sent between the two endpoints of a VPN tunnel will not be encrypted IPsec Life Duration Similar as IKE Life Duration it s used for life durati...

Page 80: ...pe of network definition for the range of IP addresses on the remote LAN that will be allowed to access the VPN At the time of the writing of this manual only the Subnet type is supported Target Network Address This specifies the remote host machines that can be accessible from a VPN tunnel This is specified as a combination of Network Address and number of bitmask e g If user need to access remot...

Page 81: ... on Advanced VPN Tunnel Table to get the web page as shown below The Tunnel Table displays the current tunnel setup Click on the View icon corresponding to a given Tunnel ID to display its current Tunnel Settings Click on Delete icon to remove the tunnel with its configuration ...

Page 82: ...n or load balancing A set of parameters such as Source IP Destination IP Inbound Interface Protocol and source Destination Ports are used to identify and direct the traffic out of a specific Outbound Interface Policy Based Routing Clicking on this check box will enable Policy routing in the Router Outbound Interface The network traffic which matches with all the below policy parameters will be sen...

Page 83: ...ll be applied on the network traffic regardless of its destination IP 2 Specific Setting this will allow user to configure the specific destination IP for which the Policy will be applied on the network traffic Protocol The network traffic whose protocol matches with this field will follow this policy Source Port Number Network traffic uses source port number to specify the type of application whi...

Page 84: ... WAN interface Load Balancing Click on this check box to enable disable the load balancing feature Interface WAN interfaces among which the load must be shared Status Enable Disable load balancing on this interface Weight Percentage of the load to be sent through this interface 1 Sum of weight of all enabled interfaces should be equal to 100 2 Load Balancing will distribute traffic only via connec...

Page 85: ... WAN Port on which link detection is to be performed WAN3 Link Detection Enable Disable Link Detection on this Interface Status This field displays the current status UP DOWN of the Ethernet WAN Interface Destination Type The destination can be Domain Name or IP address Destination IP Domain Domain Name or IP address which is directly connected to Ethernet WAN The link is considered UP DOWN depend...

Page 86: ... to reach the specified destination before confirming the status UP DOWN of the Link Delay between Retries Time in seconds between retry attempts ICMP Ping messages are used to determine the status of the link So the destination system should NOT be configured to block ICMP protocol ...

Page 87: ...evice through any SNMP manager In the current release user can only monitor the device configuration through SNMP Status Enable Disable User can enable or disable the status of SNMP by clicking the appropriate button System Contact The value to be given here specifies the contact person of this device in case of any faults The name specified here should be of STRING type Example Administrator or c...

Page 88: ...se the MIBs access rights are provided to the COMMUNITY A community can have READ or WRITE access READ Community This defines the COMMUNITY STRING for which the READ access is given WRITE Community This defines the COMMUNITY STRING for which the WRITE access is provided The WRITE community has both READ as well as WRITE permissions READ and WRITE community strings are used for authentication with ...

Page 89: ...ssage Digest 5 MD5 or Secure Hash Algorithm SHA Authentication Password This creates an Authentication Password for SNMPv3 users The pass phrases be at least eight characters long Privacy Protocol The SNMPv3 privacy facility enables managers and agents to encrypt messages to prevent eavesdropping by third parties Here manager entity and agent entity must share a secret key All the traffic between ...

Page 90: ...50 are Cold Start Warm Start Authentication Failure TRAP Enable Disable This option is used by the user to enable disable TRAP from the web IP address IP address of the manager to whom traps should be sent TRAP Community A community name should be specified for which the Traps should be sent Here the user can specify the community name for sending Traps Only the members of this community can be ab...

Page 91: ...Configuring DRO 250i DRO 250i User Manual 90 about UnAuthorized User This option is used to enable disable the authentication trap ...

Page 92: ...tion on a particular interface If user selects disable option on an interface then it will not accept any multicast traffic on that interface So in order to use any multicast application through DRO 250i user should enable multicast on a particular interface Click on Multicast Multicast to get the web page as shown below ...

Page 93: ... Multicast on any interface then multicast routing can not be enabled on that interface Click on MULTICAST Multicast Routing to get the web page as shown below User can enable or disable multicast routing on any interface with the help of enable or disable option Candidate RP Choose the interface which should become Candidate RP Candidate RP Priority It is priority which is set for RP Rendezvous P...

Page 94: ...ty which is set for BSR Bootstrap Router Lesser number will be lower priority Threshold Data Rate It is the data rate at which SPT Source Path Tree is formed If user enters zero then it will switch to SPT if there is any traffic This rate is in Kilo Bytes The maximum limit is 50 000 KB ...

Page 95: ... en queued to them and de queued from them eg TBF RED Each device interface has 1 root qdisc Type of Queues Egress It is used to send packets out to the network adaptor e g PrioQ RED TBF Priority Queuing PQ Priority queuing PQ is the basis for a class of queue scheduling algorithms that are designed to provide a relatively simple method of supporting differentiated service classes In classic PQ pa...

Page 96: ...ajor 1 to major 3 by default so if your PRIO qdisc is called 12 tc filter traffic to 12 1 band 0 to grant it more priority Reiterating band 0 goes to minor number 1 band 1 to minor number 2 etc Handle Queues are identified by a handle major number minor number where the minor number is zero for queues Handles are used to associate classes or sub queues to queuing disciplines Parent Parent does not...

Page 97: ...minor number of the class to whom it TBF belongs Limit Limit is the number of bytes that can be queued waiting for tokens to become available i e maximum amount of time a packet can sit in the TBF Burst Burst is the size of the bucket in bytes This is the maximum amount of bytes that tokens can be available instantaneously In general larger shaping rates require a larger buffer For 10Mbps on Intel...

Page 98: ...eshold every arriving packet is marked When the average queue size is between the minimum and the maximum threshold each arriving packet is marked with probability p where p is a function of the average queue size Each time that a packet is marked the probability that a packet is marked from a particular connection is roughly proportional to that connection s share of the bandwidth at the gateway ...

Page 99: ...r determining how fast the average queue size is influenced by the real queue size Recommended burst 2 min max 3 avpkt Average Packet Size Specified in bytes Used with burst to determine the time constant for average queue size calculations Bandwidth This rate is used for calculating the average queue size after some idle time e g User can enter the values like limit as 256000 min as 12000 max as ...

Page 100: ...elongs to that qdisc class If the packet matches a filter it s placed in the class specified with the flow Id parameter Each packet that enters the root qdisc must end in a leaf class to send Parent Parent ID of the filter is going to be the queue class identified with the number major minor Parent minor number will always be 0 Prio This is the preference or priority of the filter being added Prio...

Page 101: ...ides flows matching this filter have to be sent directly to the class identify with number flow major flow minor All other parameters decide what has to be matched against the header of the packet Thus user does not need to enter the handle major It will be constant ...

Page 102: ...of the Router Username Enter the username for the account here User name can not be modified so the user name is always admin User can set a new password for this user name Old Password Enter the old password for the account here New Password This is the new password which will be set for the current user which is admin Confirm New Password Enter the new password again here to verify that the pass...

Page 103: ...he configuration back after reboot of the device Save Settings and Restart Device Here also user can save the configuration to the flash file system so that user can get the configuration back and restart the device Restore to Factory Default Settings Here user can restore the default settings to the device Restart the Device Here user can restart the device from the Web But this option will not s...

Page 104: ...ile for SSL Configuration 4 pkey der Private Key File for SSL Configuraiton upgrade tar is the upgrade file in other words it is a patch file which will be made available by Tech Support whenever any module or any feature is changed DRO 250i cfg is the file which contains the entire configuration of the DRO 250i User can configure the device and then download the configuration in cfg format on Loc...

Page 105: ...ed Set Type If IP address is selected user needs to enter the IP address in the IP address field and the number of packets user wants to send in the count number field three is usually sufficient and then click the Apply icon If domain name is selected user needs to enter the domain name in the text box IP Domain Name support is not available in this release The results will be displayed in the fi...

Page 106: ...rious time zones which are used to set the system time User can select any one of the time zone in which he she belongs Time Set Type User can select to use either manual or SNTP settings to set the time SNTP Settings Set Type There are two set types available in SNTP Setting User can use either IP address or Domain Name IP address User can enter the IP address of the remote server to set the syst...

Page 107: ...t http www ntp org Domain Name Alternatively user can also use domain name for setting up the time The domain name field allows the user to enter the complete domain name Manual Settings YYYY MM DD User can select the year month and date directly from the drop down menu HH MM SS To set the time manually user can select hour minute and seconds ...

Page 108: ...elect either enable or disable the Syslog feature If user selects the disable option and presses apply then no messages will be saved on the remote server Remote Server Enter the IP address of the remote server where user wants to keep the sys log files Sys Log level There are various sys log levels e g Alert Emergency Critical etc User can select any of the sys log level according to which sys lo...

Page 109: ... remote side then the Global IP should be entered here because DRO 250i will get the request from that Global IP If user wants to change any IP Address and remote access is already enabled then user should disable the remote access and enable it again After enabling it again user should change any IP Address and then only it will be effective If user changes any IP when remote access is enabled th...

Page 110: ...default Since there is no firewall so anybody can access your web configuration In order to use this tool configure firewall properly and block all the traffic which you do not need In that case if you will enable Remote access then only those IP which are configured can access the web configuration of DRO 250i ...

Page 111: ...IP address Subnet Mask Default Gateway Primary DNS Server and Secondary DNS Server System up Since tells user how long the system has been running It will give information in terms of number of hours minutes and seconds elapsed since the system restarted LAN Status MAC Address This is the MAC address of the Router on the LAN IP Address This is the Router current IP address on the LAN Subnet Mask T...

Page 112: ...ays which WAN interface is active at that moment IP Address This is the Router current IP address on the WAN Subnet Mask This is the subnet mask corresponding to the IP address above that is currently in use by the Router on the WAN Default Gateway Primary DNS Displays the IP address of the primary DNS on the WAN Secondary DNS Displays the IP address of the secondary DNS on the WAN ...

Page 113: ... web page as shown below This page shows all active routes static and dynamic The web page shows static routes in gray color and dynamic routes in yellow color Dynamic routes are learnt through routing protocols such as RIP and OSPF Static routes which are not currently active will not be shown on this web page ...

Page 114: ...is displayed on this web page User can look at the current connected groups in the network Remember that it will display all the groups which are in the LAN It displays all the members of that group Interface IP address is the IP address of the interface on which the multicast group is connected In most of the cases it will be LAN interface IP address since all the groups will be formed on the LAN...

Page 115: ...he source for a given multicast group If the entry shows then it means it is any source entry i e it is a wild card entry Group IP address Group IP address is the IP Address of the multicast group for which entry is made in the routing table RP IP address RP IP address is the IP Address of the rendezvous point for the given multicast group Flags This field shows the flags which tells the type of t...

Page 116: ...e Network Address on the NAT Sessions table Private IP address Port This is the IP address and port number of a computer or device on LAN that has an active NAT session Peer IP address Port This is the IP address and port number of a computer or device on the WAN that has an active connection with the Router Mapped IP Port This is the IP address and port number which is mapped to the peer IP ...

Page 117: ...acks and confidentiality for each IPSec packet This is achieved by using headers and trailers on each packet which provide core pieces of information pertaining to authentication data integrity and confidentiality The AH Authentication Header addresses data origin authentication data integrity and replay protection The ESP Encapsulating Security Payload header addresses the same features and also ...

Page 118: ...lick Enable to allow IPSec packets to pass through the router to the destination computer on LAN When IPSec Pass through is enabled the Router will allow IPSec packets to reach their destination computer on LAN IPSec Status Click Enable to make the IPSec settings active ...

Page 119: ...factory and are commonly used intrusion methods Events blocked attempts to connect to computers on LAN between computers on LAN or between computers on LAN and the WAN because they meet the criteria pre defined at the factory as being a commonly used intrusion method are recorded here in the Intrusion Detection Log Intrusion Time This is the time of intrusion It will be helpful for the user to kno...

Page 120: ...ce IP address and the TCP UDP port that the intrusion was attempted from Destination port Displays the source IP address and the TCP UDP port that the intrusion was attempted For ICMP flood Sync flood and ECHO storm attacks destination IP destination port source IP and source Port are logged as zero in the table shown in the web page These fields are not considered for intrusion detection as the c...

Page 121: ...defined by user on the Port Filter Policy page under Firewall Settings from the Advanced Settings tab Events blocked attempts to connect to computers on LAN between computers on LAN or between computers on LAN and the WAN because they meet the criteria user entered on the Port Filter Policy page are recorded here in the Blocking Log Transport Type The protocol used to make the connection attempt i...

Page 122: ...was blocked is displayed here 3 8 6 3 Status Log Session Log Click on Status Log Session Log to open the web page as shown below Session events when a computer on LAN accesses an application of service on the WAN are logged by the Router and are displayed on the Session Event Log Source port The IP address and TCP UDP port number of the computer or device that initiated the session is displayed he...

Page 123: ...splayed here 3 8 6 4 Status Log IPSec Log Click on Status Log IPSec Log to open the web page as shown below The Router maintains a table containing statistics concerning the IPSec protocol connection between the WAN and the LAN These statistics can be viewed on the IPSEC Statistics table Index This is the sequence of the IPSec log Description A brief description of the log entry will be displayed ...

Page 124: ...trusion attempt i e large number of packets consistent with a commonly used intrusion method are detected by the Router the IP address the protocol used and the corresponding port number is determined and entered into the Router Intruder Blacklist Once the intruder information is entered the Routers firewall will block packets from this location from crossing the Router i e from the WAN to the LAN...

Page 125: ...connection is displayed here 3 8 7 Status Traffic Click on Status Traffic to open the web page as shown below The Router keeps statistics of traffic that it receives or forwards User can view the amount of packets that are sent or received by the Router on the WAN port and the LAN port The traffic counters will be reset if the Router is rebooted ...

Page 126: ...OWN Channel1 Status This will show UP when Channel1 B1 is UP otherwise it will show DOWN Channel2 Status This will show UP when Channel2 B2 is UP otherwise it will show DOWN Channel1 and Channel2 Status Connection Type This will show connection type and whether channel is being used as dial out or dial in Local IP address This will show Local IP address Remote IP address This will show Remote IP a...

Page 127: ...n case of dial out which profile is being used Connection Type Shows the PPP Status whether it s Dial Out Dial In or Idle Local IP IP address to be assigned at end It is in dotted decimal A B C D format Subnet Mask It is in dotted decimal A B C D format Remote IP IP address to be assigned to the remote end It is in dotted decimal A B C D format User name It will show the connected profiles user na...

Page 128: ...RO 250i User Manual 127 Dial or Disconnect If connection is established the button caption shows disconnect otherwise dial Change Profile For dial out user can change the profile for changing the profile click on change profile ...

Page 129: ...guring DRO 250i DRO 250i User Manual 128 3 9 HELP Click Help to open this web page Here help is provided for all configurations For warranty policy and other details please visit our website www dlink co in ...

Page 130: ...In Case the user forgets the Password then he has to call up Technical support Once user gets the username and serial key from Technical support he she has to go the following URL https IP address of LAN port html Backup html To access this page user has to enter DRO250i as username and DRO250i as the password This web page will ask for username and serial key If user enters the username and seria...

Page 131: ...Configuring DRO 250i DRO 250i User Manual 130 Warranty Policy For warranty Policy and other details visit our website viz www dlink co in ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands