manualshive.com logo in svg

Digisol DG-LB1054UV, User Manual

Share
Download
Digisol DG-LB1054UV User Manual Download Page 72

 

                          

DG-LB1054UV User Manual

 

 

      

 

72

 

3.2.3.1  IPSec 

Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) 

communications by authenticating and encrypting each IP packet of a communication session. 

IPSec includes protocols for establishing mutual authentication between agents at the 

beginning of the session and negotiation of cryptographic keys to be used during the session. 

3.2.3.1.1 

IPSec VPN Tunnel Scenarios 

There are some common IPSec VPN connection scenarios as follows:   

 

Site to Site 

Description: The unit establishes IPSec VPN tunnels with security gateway in head 

quarter or branch offices. Either local or remote DG-LB1054UV  gateway which can be 

recognized by a static IP address or a FQDN can initiate the establishment of an IPSec 

VPN tunnel

Two peers of the tunnel have their own Intranets and the secure tunnel 

serves between these two subnets of hosts for data communication. 

 

 

 

Dynamic VPN 

Description: DG-LB1054UV supports remote peers without fixed IP address to establish 

an IPSec VPN tunnel with itself. The remote peer can be a client host or a network site 

with its Intranet. It must be noted that the remote peer has to initiate the tunnel 

establishing process first. 

Summary of Contents for DG-LB1054UV

Page 1: ...054UV LOAD BALANCING ROUTER WITH 2xFE WAN 1x3G 4G ENABLED USB 3xFE LAN User Manual V1 0 2015 04 06 As our products undergo continuous development the specifications are subject to change without prior...

Page 2: ...NG CONFIGURATIONS 14 3 1 BASIC NETWORK 18 3 1 1 WAN Setup 18 3 1 1 1 Physical Interface 19 3 1 1 2 Internet Setup 20 3 1 1 3 Load Balance 33 3 1 2 LAN VLAN Setup 36 3 1 2 1 Ethernet LAN 36 3 1 2 2 VLA...

Page 3: ...tions 64 3 2 2 QoS Quality of Service 65 3 2 2 1 QoS Configuration 66 3 2 2 2 Rule based QoS 66 3 2 2 2 1 Creating a QoS Rule based on IP Grouping 68 3 2 3 VPN Setup 71 3 2 3 1 IPSec 72 3 2 3 1 1 IPSe...

Page 4: ...69 86 3 2 5 2 SNMP 87 3 2 5 3 Telnet with CLI 88 3 2 5 4 UPnP 88 3 2 6 Certificate 89 3 2 6 1 My Certificates 89 3 2 6 2 Trusted Certificates 90 3 2 6 3 Issue Certificates 91 3 3 SYSTEM 91 3 3 1 Syste...

Page 5: ...their purchase the buyer and not this company its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any de...

Page 6: ...ful to avoid hackers attacking With embedded robust security and firewall function it s suitable for remote branch offices to access the corporate database servers located in headquarter data center t...

Page 7: ...or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher CD Installation Wizard Requirements Computer with the following Windows 7 8 Vista or XP with Service Pack 2 An installed Ethe...

Page 8: ...DG LB1054UV User Manual 8 1 2 3 Hardware Configuration Rear View Front View Auto MDI MDIX RJ 45 Ports Receptor for Power Adapter Reset Button Power ON OFF Switch USB...

Page 9: ...Orange in flash Device is in recovery mode or abnormal WAN Green Ethernet connection is established Green in flash data packet transferred through WAN OFF No Ethernet cable attached or Device not link...

Page 10: ...ugh an Ethernet cable Your PC or device will get an IP address automatically after connecting to this gateway 2 2 Easy Setup by Configuring Web UI You can browse web UI to configure the device Firstly...

Page 11: ...of this gateway is 192 168 123 254 If you change it you need to type the new IP address 2 It s strongly recommending that you change this login password from default value Select your language Select...

Page 12: ...User Manual 12 Press Next to start the Setup Wizard You can change the password of administrator here Configure with the Setup Wizard Step 1 Step 2 Select Time Zone Step 3 Select the interface and th...

Page 13: ...3 Step 4 Enter the WAN IP address subnet mask Gateway and the primary DNS Step 5 Enter the LAN IP address and Subnet Mask Step 6 Confirm the information as shown Step 7 Click on Apply The unit will re...

Page 14: ...in the IP Address of the device The default IP address is 192 168 123 254 In the configuration section you may want to check the connection status of the device to do Basic or Advanced Network setup o...

Page 15: ...User Manual 15 Afterwards you can go to Wizard Status Basic Network Advanced Network or System respectively on left hand side of web page Note You can see the Network Status screen below after you hav...

Page 16: ...You can also check status of wired clients at LAN Client List page other advanced function status at Firewall Status page VPN Status page or System Management Status page as shown below LAN Client St...

Page 17: ...DG LB1054UV User Manual 17 VPN Status System Management Status...

Page 18: ...th two or three WAN Interfaces to support different WAN types of connections You can configure one by one to get proper internet connection setup USB 3G 4G WAN The product has one USB port for 3G 4G a...

Page 19: ...e WAN 2 WAN 3 are disabled 1 Physical Interface Select the WAN interface from the available list For this device there are Ethernet 1 Ethernet 2 and 3G 4G items If you would like the Ethernet WAN1 por...

Page 20: ...ction 4 VLAN Tagging If your ISP required a VLAN tag been inserted into the WAN packets you can enable this setting and enter the specified tag value Afterwards click on Save to store your settings or...

Page 21: ...connection In this case you need to enter the registered MAC address here or simply press Clone button to copy MAC address of your PC to this field 3 Connection Control Select your connection control...

Page 22: ...5 NAT disable If you enable this option it will act with a non NAT function 6 IGMP Snooping Enable or disable IGMP snooping function If you enable the IGMP snooping function this device will detect a...

Page 23: ...SP offers MTU value to users The default value is 0 auto 4 NAT If you enable this option it will act with a non NAT function 5 IGMP Snooping Enable or disable IGMP snooping function If you enable the...

Page 24: ...ISP will assign DNS server automatically after PPPoE connection is established Input the IP address of primary and secondary DNS server manually if required 4 Connection Control Select your connection...

Page 25: ...sers The default MTU value is 0 auto 7 NAT If you enable this option there will be no NAT mechanism between LAN side and WAN side 8 IGMP Snooping Enable or disable IGMP snooping function If you enable...

Page 26: ...password This WAN type is typically used for DSL services 1 WAN Type Choose PPTP from the drop list 2 IP Mode Please check the IP mode your ISP assigned and select Static IP Address or Dynamic IP Addr...

Page 27: ...ways on Dial on Demand or Manually If selecting Auto Reconnect always on this gateway will start to establish Internet connection automatically since it s powered on It s recommended to choose this sc...

Page 28: ...le or disable IGMP snooping function If you enable the IGMP snooping function this device will detect all IGMP messages exchanged on the link and will maintain a table indicating to each of the interf...

Page 29: ...ith a username and password This option is typically used for DSL services 1 IP Mode Please check the IP mode your ISP assigned and select Static IP Address or Dynamic IP Address accordingly If you se...

Page 30: ...t always on this gateway will start to establish Internet connection automatically since it s powered on It s recommended to choose this scheme if for mission critical applications to ensure Internet...

Page 31: ...nction this device will detect all IGMP messages exchanged on the link and will maintain a table indicating for each of the interfaces what multicast groups should be forwarded This simple solution ea...

Page 32: ...list 2 Dial up Profile After you subscribe 3G 4G data service your operator will provide some information for you to setup connection such as APN dialed number account or password If you know this inf...

Page 33: ...Always available or By Schedule for connection method If you choose By Schedule rule you need to add a new schedule at System Scheduling menu 10 MTU MTU refers to Maximum Transmit Unit Different WAN t...

Page 34: ...the outbound traffics to each WAN interface By Smart Weight By Priority 1 Priority If you choose the By Priority strategy you have to further specify the outbound traffic percentage for each WAN inter...

Page 35: ...ss and or the Port number for the load balance policy It can be Any Subnet IP Range Single IP or Domain Name Just choose one type of the destination IP address and specify its value as well If you don...

Page 36: ...ust use the LAN IP address of this device as their Default Gateway You can change it if necessary It s also the IP address of web UI If you change it you need to type new IP address in the browser to...

Page 37: ...twork under a certain switch or router device The ports of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN The VLAN function allows you to...

Page 38: ...or Bridge to identify if the packets are directly bridged to the WAN port or processed by NAT mechanism 2 VLANID Specify a VLAN identifier for this port The ports with the same VID are in the same VL...

Page 39: ...ID If you want to configure your own tag based VLANs click on the Edit checkbox on a new VLAN ID row 1 VLAN ID Specify a VLAN tag for this VLAN group The ports with the same VID are in the same VLAN 2...

Page 40: ...to configuration network renumbering and router announcements when changing Internet connectivity providers This router supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoE 6 to 4 IPv6 i...

Page 41: ...to IPv6 and sharing the existing IPv4 addresses among its customer base Unlike other migration strategies DS Lite combines both tunneling and network address translation technologies and decouples th...

Page 42: ...t up or that were not discovered because of packet loss or temporary link partitioning are eventually discovered by reception of their periodic unsolicited advertisements 3 1 3 2 DHCP v6 When DHCPv6 i...

Page 43: ...e Hosts discover the addresses of their neighboring routers simply by listening for advertisements When a host attached to a multicast link starts up it may multicast a Router Solicitation to ask for...

Page 44: ...ation setting Address auto configuration settings 9 Auto configuration type You may set stateless or stateful Dynamic IPv6 10 Router advertisement Lifetime You can set the time for the period that the...

Page 45: ...et DNS address manually for Primary DNS address and secondary DNS address 2 LAN IPv6 address settings Enter LAN IPv6 address and LAN IPv6 Link Local address 3 Address auto configuration settings Disab...

Page 46: ...dress and local IPv6 address then set DNS address manually for Primary DNS address and secondary DNS address 2 LAN IPv6 address setting LAN IPv6 address and LAN IPv6 Link Local address 3 Address auto...

Page 47: ...or go out This is useful when you run a server inside your network 3 1 4 2 Virtual Server This device s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this...

Page 48: ...virtual server mapping table Service Port Private Port Server IP Enable 21 192 168 123 1 V 80 192 168 123 2 V 8080 80 192 168 123 3 v 1723 192 168 123 6 V Afterwards click on Save to store your setti...

Page 49: ...ism of Special Applications fails to make an application work try setting your computer as the DMZ host instead This device provides some predefined settings Select your application and click Copy to...

Page 50: ...mputer to be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications Otherwise if specific application is blocked by NAT mec...

Page 51: ...ysical interface addresses are utilized for outgoing IP datagrams You can enter the destination IP address subnet mask gateway and hop for each routing rule and then enable or disable the rule by chec...

Page 52: ...ng protocol such as RIPv1 RIPv2 OSPF BGP for you to establish routing table automatically The feature of dynamic routing will be very useful when there are lots of subnets in your network Generally sp...

Page 53: ...on the Setting button and fill in the corresponding setting for your OSPF routing configuration When you finished setting click on Save to store your settings or click Undo to give up the changes 3 B...

Page 54: ...ys the routing table maintained by this device It is generated according to your network configuration 3 1 6 Client Server Proxy 3 1 6 1 Dynamic DNS How does user access your server if your WAN IP add...

Page 55: ...provider you select 5 Password Key Input password or key based on the DDNS provider you select Afterwards click on Save to store your settings or click Undo to give up the changes 3 1 6 2 DHCP Server...

Page 56: ...dress of the IP address pool Please note the number of IP addresses in this IP pool must be less than the maximum number of subnet network as per the subnet mask you set 5 Lease Time DHCP lease time t...

Page 57: ...can specify a certain IP address for designated local device MAC address so that the DHCP Server will reserve the special IP for designated devices For internal servers you can use this feature to ens...

Page 58: ...advanced network features such as Firewall QoS VPN Security Redundancy and Management You can finish those configurations in this section 3 2 1 Firewall The firewall functions include Packet Filters U...

Page 59: ...events that are blocked by these rules 4 Source IP Specify the source IP range for the rule You can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 20 30 An empty implies all IP a...

Page 60: ...defined key words This feature can both filter domain input suffix like com or org etc and a keyword bct or mpe 1 URL Blocking Check if you want to enable URL Blocking 2 Black List White List Select...

Page 61: ...r more details please refer to the System Scheduling menu Afterwards click on Save to store your settings or click Undo to give up the changes 3 2 1 3 Web Content Filter Web Content filter can block f...

Page 62: ...the specified rules 3 Log Alert Enable Log Alert will record events that are blocked by these rules 4 Known MAC from LAN PC List You can see all of connected clients from this list and copy their MAC...

Page 63: ...DG LB1054UV User Manual 63 3 2 1 5 Application Filters Application Filters can categorize Internet Protocol packets based on their application layer data...

Page 64: ...3 2 1 7 Options 1 Stealth Mode Enable this feature this device will not respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet 2 SPI When this f...

Page 65: ...S is ensuring that prioritizing one data flow doesn t interfere with other data flows QoS helps to prioritize data as it enters your router By attaching special identification marks or headers to inco...

Page 66: ...es lots of flexible rules for you to set QoS policies Basically you need to know three parts of information before you create your own policies First who needs to be managed Second what kind of servic...

Page 67: ...nce you saved a QoS rule it will be displayed in the Rule Lists area as below Besides you can move up or down the priority of all rules by clicking on the or icon if you want to change the priority of...

Page 68: ...ss from 192 168 123 10 to 192 168 123 20 3 Service Define what kinds of service need to be managed There are four options for service recognition They are DSCP TOS User Defined service and well known...

Page 69: ...in Service field The maximum number of session is 20000 5 QoS Direction Select the traffic direction to be applied for this rule Direction IN For In bond data OUT For Out bond data BOTH In bond and O...

Page 70: ...default value of 0 Always as it is This rule means IP packets from WAN interface to LAN IP address 192 168 12 10 192 168 12 40 which with DiffServ value of IP Precedence 4 CS4 will be modified with D...

Page 71: ...puter to send and receive data across shared or public networks as if it were directly connected to the private network while benefitting from the functionality security and management policies of the...

Page 72: ...te to Site Description The unit establishes IPSec VPN tunnels with security gateway in head quarter or branch offices Either local or remote DG LB1054UV gateway which can be recognized by a static IP...

Page 73: ...o over the VPN tunnel That is if a user is operating at a PC that is in the Intranet of remote VPN gateway all application packets and private data packets from the PC will be transmitted securely in...

Page 74: ...gateway 4 Max Concurrent IPSecTunnels The device supports up to 32 IPSec tunnels but you can specify it with the number of maximum current activated IPSec tunnels that is smaller or equal to 32 You ca...

Page 75: ...and other options depend on product models Input the IP address of remote host that exist in the opposite side of the VPN tunnel Ex You can input the LAN IP address of remote VPN gateway The Interval...

Page 76: ...192 and AES 256 2 Authentication There are five algorithms that can be selected None MD5 SHA1 SHA2 256 and SHA2 512 3 PFS Group There are nine groups which can be selected None Group 1 MODP768 Group...

Page 77: ...ys the PPTP server role it will allow remote hosts to access LAN servers behind the PPTP server The device can support upto four authentication methods PAP CHAP MSCHAP v1 and MSCHAP v2 Users can also...

Page 78: ...uthentication method You can choose encryption length of MPPE encryption 7 PPTP Server Status The connected PPTP user connection information will be shown in this table 8 User Account List You can inp...

Page 79: ...y remote PPTP server 9 Default Gateway Remote Subnet You can check the Enable checkbox to set this tunnel as the default gateway for WAN connection 10 Authentication Protocol You can choose authentica...

Page 80: ...TP server role it will allow remote hosts to access LAN servers behind the L2TP server The device can support four authentication methods PAP CHAP MSCHAP v1 and MSCHAP v2 Users can also enable MPPE en...

Page 81: ...eckbox to enable MPPE encryption Please note that MPPE needs to work with MSCHAP v1 or MSCHAP v2 authentication method You can choose encryption length of MPPE encryption 8 Service Port Enter the serv...

Page 82: ...mote L2TP server 7 Password The password which is provided by remote L2TP server 8 Tunneling Password Enter the tunneling password 9 Default Gateway Remote Subnet You can check the Enable checkbox to...

Page 83: ...onnection 3 2 3 4 2 GRE Tunnel Definitions 1 Add You can add one new IPSec tunnel with Site to Site scenario by clicking the Add button 2 Delete Delete selected tunnels by checking the Select box at t...

Page 84: ...is within 1 to 255 If a packet passes number of TTL routers and still can t reach the destination then this packet will be dropped 8 Keep alive Enter the ping IP and the interval 9 Default Gateway Rem...

Page 85: ...ault gateway selections on an IP network The protocol achieves this by creation of virtual routers which are an abstract representation of multiple routers i e master and backup routers acting as a gr...

Page 86: ...254 and a larger value has higher priority 4 Virtual Server IPAddress Specify the IP address of the virtual server Click on Save to store what you just select or Undo to give up 3 2 5 System Manageme...

Page 87: ...t that this device will respond This is a text password mechanism that is used to weakly authenticate queries to agents of managed network devices 4 Set Community The community of SetRequest that this...

Page 88: ...on protocol of automatically configuring port forwarding Applications using peer to peer networks multiplayer gaming and remote assistance programs need a way to communicate through home and business...

Page 89: ...DG LB1054UV User Manual 89 3 2 6 Certificate 3 2 6 1 My Certificates Root CA Certificate Configuration Local Certificate Configuration...

Page 90: ...DG LB1054UV User Manual 90 3 2 6 2 Trusted Certificates Import trusted CA Certificate Import Trusted Client Certificate...

Page 91: ...V User Manual 91 3 2 6 3 Issue Certificates 3 3 System In this section you can see system information system logs use system tools for system update and do service scheduling and system administration...

Page 92: ...e the system password for security reasons Click on Save to store your settings or click Undo to give up the changes System Information You can view the System Information in this page It includes the...

Page 93: ...Click on system tools to refer to the system time perform the firmware upgrade do the ping test tracert test reboot from the web reset to default settings and take a back up of the config file The Wa...

Page 94: ...rules will be listed 1 Enable Enable or disable the scheduling function 2 Add To create a schedule rule click the Add button When the next dialog popped out you can edit the Rule Name Policy and set...

Page 95: ...uping Except for user group the device also provides you to group some kinds of objects to be several groups including host grouping extension file grouping and L7 application grouping Configuration H...

Page 96: ...tions in the device system Whatever one application needs an external server like a RADIUS server the external server object can be defined in this sub section These server objects include Email Serve...

Page 97: ...DG LB1054UV User Manual 97 Click on Add Whatever one application needs an external server like a RADIUS server the external server object can be defined in this sub section...

Page 98: ...Machine Interface it means the Web based GUI User can set the administrator timeout of Web UI surfing during configuring the device by the administrator You can set UI administration time out duratio...

Page 99: ...alancing Router is responding Go to Start Run 1 Type cmd 2 Press OK 3 Type ipconfig to get the IP of default gateway 4 Type ping 192 168 123 254 Assure that you ping the correct IP Address assigned to...

Page 100: ...he setting on your Network Interface Card adapter is Enabled 3 If settings are correct ensure that you are not using a crossover Ethernet cable not all Network Interface Cards are MDI MDIX compatible...

Reviews:

No comments

Brands by name

Popular brands

Load more brands