manualshive.com logo in svg

ETIC IPL-G12, User Manual, Page: 36 / 102

Share
Download
ETIC IPL-G12 User Manual Download Page 36

 
CONFIGURATION 

Page 36 

User manual ref. 9017009-02 

3G-GPRS-EDGE router IPL-G12

 

 

 

12  Configuring  VPN connections between routers (3G-GPRS-EDGE) 

12.1  Principles 

A VPN is a safe link set between two end-points over an IP network : Both 
routers authenticate, data are encrypted and each device of a LAN can 
exchange data with each device f the other one. 
To get more explanations about how VPNs work, refer to appendix 2. 
 
25 VPNs can be set on the WAN interface of the IPL-G12 router. 
 
Two types of VPN can be set : TLS VPN and IPSec VPN. 
 
IPSec has the advantage to be a standard solution. 
 
TLS is easier to employ because the transport layer is TCP or UDP; it is 
why, it can be easily used when the VPN must pass through several 
company routers. 
 
Once a type of VPN (TLS or IPSec) has been selected, all the VPN set 
between the IPL-G12 router and another one must be the same.  
 
Two steps are necessary to configure the IPL-G12 to create VPN 
connections between routers : 
 

1

st

 step : Select and setup the VPN type parameters

 

Once a type of VPN has be selected, it applies to all the connections with remote routers. 

 

2

nd

 step : Create VPN connections

 

 
A connection can  be an 
incoming connection or an 
outgoing connection. 
 
If a connection is an 
incoming connection, the 
local router is named “VPN 
server” and   the remote 
router is a “VPN client”. 

 

Internet

VPN

Outgoing

connection 

Incoming

connection 

VPN

client

VPN

server

 
 
 

Summary of Contents for IPL-G12

Page 1: ...IPL G12 3G GPRS EDGE GSM data router _________________ User manual Document reference 9017009 02 _________________ ...

Page 2: ...7009 02 GSM GPRS EDGE routerIPL G12 The IPL G12 router is manufactured by ETIC TELECOM 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL 33 4 76 04 20 00 FAX 33 4 76 04 20 01 E mail hotline etictelecom com web www etictelecom com ...

Page 3: ...4 GSM SERVICES OVERVIEW 15 INSTALLATION 1 PRODUCT DESCRIPTION 17 1 1 Leds 17 1 2 Connectors 19 1 3 DIP switches 20 2 VENTILATION 20 3 SUPPLY VOLTAGE 20 4 ETHERNET INTERFACE 20 5 RS232 INTERFACE 21 6 RS485 INTERFACE 21 7 INPUTS OUTPUT 22 8 GSM CONNECTION 23 8 1 Checking the GSM reception signal level 23 8 2 Antenna 23 8 3 Installing the SIM card 24 ...

Page 4: ...ESS TO THE ADMINISTRATION SERVER 30 8 ASSIGNING AN IP ADDRESS TO THE LAN INTERFACE OF THE ROUTER 31 9 3G OR GPRS EDGE CONFIGURATION 32 9 1 Configuring the 3G GPRS EDGE parameters 32 9 2 Internet connection control 33 9 3 Controlling the 3G connection with a Ping control 34 10 GSM DATA CONFIGURATION 34 11 RELEASING A DYNAMIC IP WITH THE DYNDNS SERVICE 35 12 CONFIGURING VPN CONNECTIONS BETWEEN ROUTE...

Page 5: ... Configuring a TLS remote user connection 62 16 3 Configuring a PPTP VPN connection 64 17 M2ME_CONNECT SERVICE 65 17 1 Overview 65 17 2 Configuring the M2Me_Connect connection 66 18 REMOTE USERS CONNECTION GSM DATA SERVICE 67 18 1 Principe 67 18 2 Configuring the remote user connection 68 18 3 Configuring the remote user connection using an additional modem 68 19 CONFIGURING THE USERS LIST 69 20 C...

Page 6: ...IONS 85 22 1 Adding a certificate 85 22 2 Alarms 85 22 3 Configuring the web portal 87 22 4 Configuring the DNS server 88 DIAGNOSTIC AND MAINTENANCE 1 DIAGNOSTIC 91 2 SAVING THE PARAMETERS TO A FILE 92 3 FIRMWARE UPDATE 93 APPENDIX 1 HTML configuration server APPENDIX 2 VPN technology overview ...

Page 7: ...lient or server LAN interface Firewall SPI VPN PPTP IPSEC TLS Remote access server Digital input for email alarms 3 3 Serial gateway RAW UDP client server multi unicast Raw TCP client server Modbus client and server Telnet server unitelway Html Configuration IO Viewer software option means the function is provided means the function is not provided Important notice In the manual hereafter when we ...

Page 8: ...requencies 850 900 1800 1900 2100 MHz see detailed table below RF power EGSM850 EGSM900 class 4 2 W GSM1800 GSM1900 class 1 1 W RF connector FME UMTS HSDPA 384 kbps downlink 384 kbps uplink EDGE GPRS Max data rate 85 6 Kb s downlink 21 4 Kb s uplink Multislot class 10 GPRS Multislot class 12 GSM data 9600 b s IPL G12B 3G only IPL G12B 3G and IPL G12B IPL G12B only UMTS Frequency range 3G Min Max U...

Page 9: ...tatic routes RIP V2 Ip address translation Source IP translation NAT Destination IP translation DNAT Port translation Port forwarding DNS Domain name IP address assignment Fixed IP or DHCP client or DHCP server Security VPN Client or server IPSEC or TLS SSL or PPTP Encryption 3DES Certificate 509 Firewall Stateful packet inspection 50 rules Logs Date and time stamped logs Remote access server RAS ...

Page 10: ...9017009 02 3G GPRS EDGE router IPL G12 Serial interface RS232 1200 115200 b s parity N E O Serial to IP gateways Serial gateway RAW UDP client server multi unicast Raw TCP client server Modbus client and server Telnet server unitelway ...

Page 11: ...connect safely automated devices over the UMTS 3G or the GPRS EDGE service The connection is permanent IPL G12B router The IPL G12B router provides the same function but over the GPRS EDGE service and not over the UMTS 3G service 3G GPRS EDGE router IPL G12 User manual ref 9017009 02 Page 11 ...

Page 12: ...des description static routes RIP protocol and destination network address translation DNAT Safe VPN links The IPL G12 router is able to establish safe VPN tunnels TLS or IPSec and client or server Once a VPN is established between two IPL G12 routers or between an IPL G12 and an other compatible router each IP device connected to the first LAN can exchange IP frames with any device connected to t...

Page 13: ...ently of their public IP address The IPL G12 router behaves like a DNS server for the devices connected to the LAN DynDNS client The IPL G12 router is compatible with the Dyn DNS service DHCP client or server Over the Ethernet LAN interface the IPL G12 can be a DHCP client or server Emails sms An email or SMS can be sent each time one of the three digital inputs are opened or closed SNMP The IPL G...

Page 14: ...product includes an up to date RS to IP gateway enabling to connect serial devices safely to the GSM network and the Internet EticFinder software The ETICFinder software detects the ETIC products connected to an Ethernet interface and displays the MAC address and the iP address of each product M2Me_Secure VPN client software M2Me_Secure is a TLS client software to order separately edited by ETIC T...

Page 15: ...er the usual GSM network It is why the GPRS EDGE service is usually available each time the GSM voice service is available GSM data service The GSM data service is a 9600 b s serial data transmission service It is a switched service it means that one party has to dial the other party Most GSM service providers also provide the capability to dial from a PSTN modem or an ISDN adapter towards a GSM m...

Page 16: ...ef 9017009 02 3G GPRS EDGE router IPL G12 However ingoing VPN connections from the Internet towards the IPL G12 may not be possible if the IP address assigned to the router s antenna interface by the provider is a private IP address ...

Page 17: ...ml server Blinking at power on to indicate the signal level Lit after 30 s to indicate the router is connected to the GSM VPN Lit One VPN at least has been established Blinking VPN establishment in progress LINK Ethernet Interface connected DATA Data activity RD Bytes transmitted to the RS232 from the IPL TD Bytes received from the RS232 to the IPL Operation Blinks if the SIM cart has not been ins...

Page 18: ...ower on briefly blinks 3 times The quality of the reception signal is fine briefly blinks 2 times The quality of the reception signal is acceptable briefly blinks 1 time The quality of the reception signal is poor is turned off No reception Is a GSM voice communication possible has the SIM card been correctly inserted ...

Page 19: ... the IPL router 2 IN1 Digital input Nr 1 3 IN2 Digital input Nr 2 4 IN3 Digital input Nr 3 5 OUT1 Relay output 1 6 OUT2 Relay output 2 7 B RS485 polarity B 8 A RS485 polarity A DB9 fem RS232 connector Pin Circuit Designation IPL Terminal 1 CD 109 Carrier detect 2 RD 104 Data Reception 3 TD 103 Data Emission 4 DTR 108 Data terminal ready 5 GND 102 Ground 6 DSR 107 Data set ready 7 RTS 105 Request t...

Page 20: ...e switch the power on while pressing the push button until the RUN light turns green Attention Once the factory profile has been restored the stored configuration is lost 2 Ventilation To avoid overheating when the ambient temperature is high leave a 1 cm 0 5 inch space on each side of the product 3 Supply voltage The supply voltage must be strictly lower than 30 VDC and higher than 9 VDC The cons...

Page 21: ...not be longer than 10 meters 6 RS485 interface The RS485 serial interface is provided on the bottom on a 2 pins screw block Polarisation resistors 1 Kohm bus polarisation resistors are included inside the product 1K 1K SW1 B A RS485 RS485 line adaptation For a several meters long connection over the RS485 local interface it is not necessary to adapt the RS485 line For a longer distance connect a 1...

Page 22: ...rm The alarm condition can be selected using the html server The electrical characteristics of the output are Opto isolated output Maximum voltage 50 VDC Maximum current 500 mA Inputs The product features three digital inputs they are not isolated if the input 1 is opened an SNMP trap will be sent to the SNMP server if that function has been enabled ...

Page 23: ... product That test can be carried out with a usual mobile phone using the same provider and the same service either 3G or GPRS EDGE The signal level must be good or excellent 8 2 Antenna If the cabinet in which the router has to be installed is made of metal the antenna has to be installed outside the cabinet for instance on its top The antenna must be ordered separately the models below are avail...

Page 24: ...nnected The micro sim card must be inserted in the slot located at the top of the product Step 3 Check the reception signal level after installation At power on the L led gives an indication of the GSM signal quality the L led Signification briefly blinks 3 times The quality of the reception signal is fine briefly blinks 2 times The quality of the reception signal is acceptable briefly blinks 1 ti...

Page 25: ...he 3G GPRS EDGE service or the GSM data service Setting up VPNs between routers Case of the 3G GPRS EDGE service Case of the GSM data service Setting up routing and IP address translation function Setting up remote users connections Case of the 3G GPRS EDGE service Case of 3G GPRS EDGE service using the M2Me_Connect connection service Case of GSM data connections Setting up the remote users list S...

Page 26: ...address The factory IP address of the router on the LAN interface can be restored by setting the DIP switches SW01 ON and SW02 OFF In that position o the DIP switches the stored configuration is not deleted Setting the DIP switches in that position gives also a free access to the administration server from the LAN interface During operations the DIP switches must not be left in that position Netwo...

Page 27: ...rors In that case paste the string delete the last character of the pasted string and enter it again with the keyboard Saving and restoring the parameters file see the maintenance chapter A parameters file can only be downloaded to a product having the same firmware version It is why we advise to assign a name to a parameter file including the product name and the software version like for instanc...

Page 28: ...ss is the factory IP address 192 168 0 128 Step 2 Create or modify the PC IP connection Assign to the PC an IP in accordance with the IPL G12 IP address For the first configuration assign or instance 192 168 0 127 to the PC Step 3 Connect the PC directly to the LAN interface of the IPL G12 router using a cross wired Ethernet cable Step 4 Launch the html browser Enter the LAN IP of the router 192 1...

Page 29: ...terface Launch the html browser and enter the IP address assigned to the router on the LAN 3 Rebooting the router after parameters changes After a page of parameters has been completed click the Save button located at the bottom of the page After some parameters changes the IPL E must restart When the configuration has been completely carried out click the Reboot red button in the green bar when d...

Page 30: ...pply of IPL G12 router Press the push button on the top part of the IPL G12 router and switch ON the power supply Keep the push button pressed until the Operation led turns red Remark The stored configuration will be lost the factory IP address 192 168 0 128 will be restored 6 Restricting access to the administration server The access to the administration server can be protected by a login and pa...

Page 31: ...on 8 Assigning an IP address to the LAN interface of the router Click System and then IP protocol Local network parameters IP address Enter the IP address assigned to the router over the Ethernet local network Netmask Enter the IP netmask assigned to the local network Remote access parameters Start of users IP address pool and end of users IP addresses pool That parameters define the pool of addre...

Page 32: ... to enable the 3G GPRS EDGE mode APN parameter Enter the APN code assigned by the GSM operator User name password parameters Enter the user name and password assigned by the GSM operator Careful If no user name or password are assigned by the GSM operator enter at least an alphabetic character in each field Authentication parameter Unless particular difficulties leave the default value PAP CHAP Ou...

Page 33: ... Allow Internet call back parameter If that option is selected the router connects to the Internet after a remote user connects with the GSM data service and asks for the Internet call back by entering the call back number 0 zero Connect to Internet at product power on If that option is selected the router connects to the Internet as soon it will be powered on Connect to Internet on a rising edge ...

Page 34: ...ol function select the Internet menu and then Ping control Activate Ping control checkbox Select that checkbox to enable the pin control function IP address to ping parameter Enter the Ip address to PING Ping interval parameter Select the PING period Ping retries parameter Select the number of PING retries before restarting the router Attention Enabling the PING control feature provokes a metered ...

Page 35: ...ach time it will change and update the hostname table with the new address Each time a device wishes to connect to the IPL G12 it will use its host name and get its temporary IP address from the DYNDNS server It will then connect to the IPL G12 as if its address was fixed To configure that function go to www dyndns org and create an account Select the Internet menu and then click remote control En...

Page 36: ... employ because the transport layer is TCP or UDP it is why it can be easily used when the VPN must pass through several company routers Once a type of VPN TLS or IPSec has been selected all the VPN set between the IPL G12 router and another one must be the same Two steps are necessary to configure the IPL G12 to create VPN connections between routers 1 st step Select and setup the VPN type parame...

Page 37: ...PN connections and then VPN parameters Select the Remote nodes connections VPN type value IPSEC and then click Properties Encryption Protocol parameter Select ESP to encrypt the data flow select AH if no encryption is required or if NAT traversal is required Authentication encryption key parameters Authentication and encryption can be carried out with a pre shared key or a certificate ...

Page 38: ...n use during the phase 1 of the exchanges between the end points VPN set up and during the phase 2 data exchange The default value is Auto in that case both end points will negotiate a common algorithm DPD request period parameter A DPD request also called Keepalive message is a message sent periodically by each end point to the other one to make sure that the VPN must be left active This paramete...

Page 39: ...tion IP network VPN Outgoing connection Remote router LAN IP addr INTERNET GSM WAN IP addr Remote LAN IP address Remote WAN IP address Router To set an ioutgoing IPSec VPN connection Select the Routing and then the Remote nodes menu Click the add a node button Give a name to the connection and select the Outgoing option ...

Page 40: ... no additional parameter has to be entered If a particular PSK must be used complete the configuration of the connection as explained below Unique PSK for this node parameter Select that option if a particular PSK key has to be used for this connection PSK value parameter Enter the value of the PSK My WAN address parameter Enter the IP address of the router on the GPRS interface Case a certificate...

Page 41: ...TERNET GSM LAN IP addr Ingoing connection WAN IP addr Remote WAN IP address Remote LAN IP address Router Remote router IP network GPRS To set an ingoing IPSec VPN connection Select the Routing and then the Remote nodes menu Click the add a node button Give a name to the connection and select the ingoing connection direction option ...

Page 42: ...be used complete the configuration of the connection as explained below Unique PSK for this node parameter If that option is not selected the preshared key entered in the VPN configuration screen will be used by the router If that option is selected enter the specific key My WAN address Remote WAN address parameters Enter the WAN IP address of the IPL G12 router public IP address over Internet and...

Page 43: ...12 3 1 Configuring the TLS protocol Select the Security menu click VPN connections and then VPN parameters Select the Remote nodes connections VPN type value TLS and then click Properties Port number protocol parameters Select the port Nr and the type of protocol used to transport the TLS VPN UDP will be preferred ...

Page 44: ...IP network GPRS Attention The VPN network IP address field must be different from LAN IP address field The number of VPN addresses cannot be greater than 255 the netmask cannot exceed 255 255 255 0 Connection death time out parameters This parameter defines the maximum amount of time in seconds a VPN connection will stay established before being cleared if no response to the VPN control message ha...

Page 45: ...twork VPN Outgoing connection Remote router LAN IP addr INTERNET GSM WAN IP addr Remote LAN IP address Remote WAN IP address Router To set an outgoing TLS VPN connection Select the Routing and then the Remote nodes menu Click the add a node button Give a name to the connection and select the Outgoing connection direction option ...

Page 46: ...he login and password the router will have to use to authenticate Remote WAN IP address URL parameter Enter the IP address of the remote router or its DNS name Remote WAN IP address parameter Enter the network IP address and netmask assigned to the remote router over the Internet public IP address over Internet ...

Page 47: ...ddr Remote WAN IP address Remote LAN IP address Router Remote router IP network GPRS To set an ingoing TLS VPN connection Come back to the VPN connections screen Click the add a connection button Give a name to the connection and select the ingoing connection direction option Remote router Login Remote router password parameter Enter the login and password of the remote router ...

Page 48: ...ions between routers 9600 b s GSM data That function is provided only by the IPL G12B router 13 1 Principle The GSM data service is a switched data service at a data rate of 9600 b s It connects GSM routers together or with other routers connected to the PSTN or the ISDN A PPP switched connection must be set between routers A PPP connection can be outgoing or ingoing or both Each remote routers wi...

Page 49: ...er by dialling towards the remote router or by accepting an incoming call from the remote router X X X Remote router IP and Remote network netmask parameter Enter the IP address and the netmask of the remote router Ethernet interface X X Modem parameter Select the built in choice X X Dial number parameter Enter the number the router has to dial to connect to the remote router X X My login and My p...

Page 50: ...wall filter parameter Select the firewall filter assigned to the connection X X X NAT parameter Select yes to enable the NAT function In that case the PPP IP address of the router is assigned as the source address to all IP frames transmitted by a device towards the PSTN or ISDN If no PPP IP address has been entered it is replaced by the IP address of the router over the Ethernet interface X X X R...

Page 51: ...he remote LAN network like RL1 and devices connected to the LAN network like L1 through a VPN between devices connected to the WAN network like W1 and devices connected to the LAN network like L1 RL1 VPN WAN 192 168 3 0 24 LAN 192 168 2 0 24 W1 L1 Remote WAN 192 168 4 0 24 R3 router 192 168 2 128 R2 router 192 168 3 128 192 168 4 128 192 168 5 128 Remote LAN 192 168 5 0 24 Remark 1 Firewall rules ...

Page 52: ...s necessary to enter the route to that hidden network 6 that route is called a static route A static route consists in a table which describes a destination network IP address and netmask and the IP address of the neighbour router through which an IP packet to that destination must pass Router 2 static routes Active Route name Destination Netmask Gateway Yes Network 6 192 168 6 0 255 255 255 0 192...

Page 53: ... Information Protocol is a routing protocol which enables each router belonging to a network to acquire the routes to any subnet The principle is as follows Routing table Each router holds a routing table Each entry of the table consists in the destination subnet address and the adjacent router address leading to that subnet Routing table broadcasting Each router broadcasts its table Routing table...

Page 54: ...ent to the wireless IP address of the router The transfer criteria is the port number used as an additional address field When a frame is addressed to the IPL G12 router on a particular port it is transferred to a particular device connected to the LAN interface Example Suppose a remote device has to communicate with the devices PLC1 with TCP port 102 PLC2 with TCP port 502 and a PC port 80 PLC1 1...

Page 55: ...CONFIGURATION 3G GPRS EDGE router IPL G12 User manual ref 9017009 02 Page 55 Click Add a DNAT rule ...

Page 56: ...pplies to all the IP packets transmitted to the wireless network Remark That function does not apply to IP frames included in a PPTP or TLS or L2TP remote user connection One brings out the DNAT function which consists in replacing the destination port number and IP address the SNAT function which consists in replacing the source IP address Because the DNAT and SNAT functions modify the IP address...

Page 57: ...CONFIGURATION 3G GPRS EDGE router IPL G12 User manual ref 9017009 02 Page 57 15 2 2 Configuration To set the advanced address translation functions select the Routing and then the Advanced NAT menu ...

Page 58: ...router IPL G12 To create a new DNAT rule Click Add a DNAT rule Select Yes to enable the rule Enter the replacement criterion Source IP address Destination IP address Protocol TCP UDP Source port Destination port Enter the new destination port number and IP address ...

Page 59: ...f 9017009 02 Page 59 To replace the source IP address destination port Click Add a SNAT rule Select Yes to enable the rule Enter the replacement criterions Source Destination IP address Protocol TCP UDP Source Destination port Enter the new source IP address ...

Page 60: ...onnection can be set only if a public fixed or dynamic IP address is assigned to the router on its wireless interface If the IP address is public but dynamic the DYN DNS service can be used If the IP address is private it is not possible to set a RAS connection towards the router through the Internet In that case the M2Me_Connect service is a suited solution RAS connection safety A remote user con...

Page 61: ...PRS EDGE router IPL G12 User manual ref 9017009 02 Page 61 RAS connection types The IPL G12 manages PPTP and TLS or L2TP remote connections Only one type can be selected It will apply to all the remote users connections ...

Page 62: ...d to the remote users connections must be different from the one used for VPN connections between routers if such VPN connections have been configured Users authentication parameter Authentication an encryption can be carried out with a pre shared key or a certificate If the Login password is selected the remote user is authenticated with a login and a password If the Login password and Certificat...

Page 63: ...ame Select the Connection tab select the option That site can be In the field Host name or IP address select the router IP address Select the Advanced tab select theprotocol UDP or TCP the be assigned to the PC and to is displayed reached through the Internet or DynDNS name or DNS name port number and the encryption algorithm The same values of that parameters must the router ...

Page 64: ... EDGE router IPL G12 16 3 Configuring a PPTP VPN connection Step 1 Router configuration select the Security menu click VPN connections and then VPN parameters select the Remote users connection VPN type value PPTP Step 2 Set a PPTP connection on the PC side ...

Page 65: ...ware The simplest solution should be to set a remote connection between the remote PC and the IPL G12 That solution is made impossible if for instance a private IP address is assigned by the wireless service provider to the router The M2Me_Connect service solves that difficulty The PC does not connect directly to the IPL G12 both the PC and the router connect to the M2Me_Connect service Once both ...

Page 66: ...status menu and then M2Me When the connection between the router and the M2Me_Connect service is established the port number and protocol are displayed Deselect the ports number needlessly selected If too many ports have been selected the connection delay may be long it is why we advise to unselect all the ports except the one which has finally been successful Step 2 Configuring the M2Me_Secure so...

Page 67: ...mote connection can be set through the GSM network if the PC is equipped with a GSM data modem It can be set also through the telephone network PSTN if the PC is equipped with a V90 modem The login and password of the remote user is checked by the IPL G12B router The default value of the login is admin and the default value of the password is admin An additional simultaneous remote connection can ...

Page 68: ...t the Remote users connection VPN type value None 18 3 Configuring the remote user connection using an additional modem Select the Security menu click VPN connections and then VPN parameters select the Remote users connection VPN type value None Select the Modem menu Select the external modem activate checkbox Enter the initialisation string of the modem connected to the RS232 port of the router ...

Page 69: ...r is registered his login is admin and the password is also admin After the test phase we advise to modify these login and password Select the System menu and then User list Display or modify a user entry Click the View or modify button Add a user Click the add a user button Active value Yes or NO Choose No if you want to prevent the user to access the network Choose yes to authorize the user to a...

Page 70: ... alarm email to the user s email address If the status of one of the three inputs is closed or opened if that option has been set Internet connection email Once connected to the Internet the router will send to the demanding user an email containing the dynamic IP assigned to the router by the provider Firewall filter parameter Select the filter to assign to the user to restrict his access rights ...

Page 71: ...work except The IP frames included in a VPN The IP frames sent to the IPL G12 antenna IP address on particular ports if port forwarding rules has been created The IP frames included in a remote user connection which are submitted to the remote user filter The remote users filters 25 remote user filters can be configured and assigned individually to each of the users registered in the users list A ...

Page 72: ...ade of two fields which define a data flow Service Protocol telnet http Host destination IP Moreover to describe the decision to carry out if a data flow matches a rule à filter policy has to be selected The policy can be All is forbidden except what we specify Or All is allowed except what we specify The first policy is generally the right one because it is cautious Example Filter name Access to ...

Page 73: ...tep can be skipped Select the menu system and then service list The list of TCP ports is displayed Click add a service Enter the label of that the new service assign a protocol udp tcp icmp and a port number Save The list is updated Step 2 Enter the list of the devices connected to the LAN Select the System menu then Devices list The list of the devices of the LAN network is displayed Click add a ...

Page 74: ...CONFIGURATION Page 74 User manual ref 9017009 02 3G GPRS EDGE router IPL G12 Step 3 Build a filter Select the security menu then firewall and then Filter list The list of the stored filters is displayed ...

Page 75: ...oose the policy All is forbidden except what we specify is the advised policy Click add a new rule to the list Select a host also called machine or IP address among the ones which have been stored and a service also called TCP port Add other rules if necessary Click OK when the filter is complete the updated filters list is displayed ...

Page 76: ...3G GPRS EDGE router IPL G12 Step 4 Assign a filter to each user Select the System menu and then Users list Select the user to which you want to assign a filter and click modify the user window is displayed Assign a filter to the user click OK and save ...

Page 77: ...dbus clients Or to connect a serial modbus master to an IP modbus server RAW TCP client or server To connect two serial devices or one serial device and one TCP IP device through an IP network RAW UDP To exchange serial data between several serial or IP devices through an IP network using a table of IP addresses Telnet To connect a Telnet terminal to the IPL_G12 router Unitelway slave To connect a...

Page 78: ...ameters as follows ASCII RTU protocol Select the right option Proxy protocol parameter Enable the proxy option if you wish to avoid to frequent requests on the RS232 RS485 interface Cache refreshment period parameter Select the period at which the gateway will send request to the slaves PLC Timeout waiting for the answer parameter Set up the timeout the gateway has to wait for the answer of the mo...

Page 79: ...dress Choose specified by the modbus TCP client if the address of the slave PLC must be decoded by the gateway from the modbus TCP frame coming from the client Otherwise specify the modbus address of the slave PLC in that case only one slave can be connected to the RS232 serial interface TCP inactivity Timeout Set the time the gateway will wait before disconnecting the TCP link if no characters ar...

Page 80: ...ion Inter character gap Set up the maximum delay the gateway will have to wait between a received character of a modbus answer frame and the following character of the same frame TCP inactivity Timeout Set the time the gateway will wait before disconnecting the TCP link if no characters are detected TCP port number Set the TCP port number the gateway has to use IP address The modbus client gateway...

Page 81: ...to send requests to one device also called server located on the IP network The serial device must be for example a master device in half duplex protocols Select the transparent and then the raw client menus Enable the raw client gateway and set up the parameters as follows RS232 485 input buffer size Set up the maximum length of an asynchronous string the gateway will store before transmitting it...

Page 82: ...hat gateway can be used if a serial slave device has to answer requests coming from devices client devices located on the IP network Select the transparent and then the RAW server menus Enable the raw server gateway and set up the parameters as follows RS232 485 input buffer size parameter Set up the maximum length of an asynchronous string the gateway will store before transmitting it to the IP n...

Page 83: ...ateway permits to connect together a group of serial devices through an IP network The group can also include IP devices if they have the software pieces able to receive or transmit serial data inside UDP Serial data transmitted by each device is transmitted to all other serial devices through the IP network A table of IP destination gateways is stored in each IPL G12 belonging to the group The se...

Page 84: ...me End of frame time out parameter value 10 ms to 5 sec Sets the delay the gateway will wait before sending the UDP frame towards the IP network when no characters are received from the serial interface UDP port number parameter Sets the UDP port number IP addresses of the destination devices table This table stores the IP addresses of the gateways to which the serial data encapsulated inside UDP ...

Page 85: ...by ETIC Telecommunications or not can be downloaded into the router To import a new certificate the file extension can be PKCS 12 with a password or PEM Even if more than one certificate have been downloaded into the IPL G12 router one certificate can be used for all the connections 22 2 Alarms 22 2 1 SNMP The IPL G12A router is able to send snmp traps when alarms occur Activation parameter If tha...

Page 86: ...st To set that function select the Alarm menu and click email Enable the alarm email parameter Select this option if you want an email to be sent to a user when the digital input 1 is set ON or OFF Alarm launched on event parameter If the option OPEN is selected the alarm will be sent each time the digital input will be opened If the option CLOSED is selected the alarm will be sent each time the d...

Page 87: ... associated machine The explore link To explore the HD of the associated machine if it is a Windows machine The ftp link To explore the files of the associated device If the we portal option has been selected see below the web portal page is displayed when the remote user launches the navigator and enters the Ip address assigned to the IPL G12 router In that case the administration server usually ...

Page 88: ... destination device The IPL G12 router is able to resolve any domain name composed with the name of one of the devices entered in the devices list followed the site name which is entered at the top of the devices list DNS relay The IPL G12 router behaves also like a DNS relay any DNS request it receives from the LAN which cannot be resolved because the device is not registered in the devices list ...

Page 89: ...CONFIGURATION 3G GPRS EDGE router IPL G12 User manual ref 9017009 02 Page 89 ...

Page 90: ......

Page 91: ...s of the LAN interfaces and of the GSM connection LAN interfaces That part of the page shows the data of the LAN interface MAC address Ethernet mode 10 100 half or full IP address Modem That part of the page shows the data of the Internet interface GSM IP address DNS IP address The View statistics button gives access to the ADSL statistics windows that windows shows the reception signal attenuatio...

Page 92: ...nd allows to set ON or OFF the alarm digital output 2 Saving the parameters to a file Once a product has been configured the parameters file can be stored and restored when necessary To save the parameters file Select the System menu and then Save restore Click the Save button Select the location to store the file and give a name to the file The file suffix is bin To restore a parameters file Sele...

Page 93: ...wser button Click on Show dir to check the files of the directory rfsmini tgz rootfs bin u boot bin and uImage Step 4 Update the firmware Launch the web browser Enter the IP address of the ETIC product the home page of the ETIC configuration server is displayed Select the System menu and then firmware Update In the field IP address of the TFTP server enter the IP address of your PC Note The IP add...

Page 94: ...MAINTENANCE Page 94 User manual ref 9017009 02 3G GPRS EDGE router IPL G12 ...

Page 95: ... parameters of the serial interface SNMP To set the SNMP traps Firmware update Update the product firmware Save restore To download upload the configuration file of the product Reboot To restart the product Routing Remote nodes To describe remote routers Static routes To describe the routes to reach hidden devices RIP To enable the RIP protocol Advanced NAT To substitute source or destination port...

Page 96: ...w TCP or UDP telnet gateway Unitelway To configure the unitelway gateway Diagnostic Logs To display logs Network status To display all the parameters of the connection in use MAC IP SHDSL connection data rate error rate statistics Gateway status To display the status of the gateway Micro switch To display the micro switches current position Table of routes To display the table of routes Ping To pi...

Page 97: ...st network can communicate with any device of the second one as if the two routers were directly connected with an Ethernet cable Internet VPN VPN end point VPN end point A VPN allows also to connect a remote user to the devices of a network Internet VPN 2 Functions A VPN provides the functions described hereafter Authentication The VPN ensures that the party with which the communication is set is...

Page 98: ...arty checks that the other party code is valid User level authentication The IPL G12 router holds a user list once a VPN has been set with the remote user PC the remote user identification code and password is checked Encrypted tunnel transmission phase Once the end points have exchanged and checked each other identity code they set the VPN tunnel It is an Ip frames exchange the source and destina...

Page 99: ...APPENDIX 2 VPN mechanism overview ...

Page 100: ...APPENDIX 2 VPN mechanism overview Page 100 User manual ref 9017009 02 3G GPRS EDGE router IPL G12 ...

Page 101: ......

Page 102: ...13 Chemin du Vieux Chêne 38240 Meylan France Tel 33 4 76 04 20 00 Fax 33 4 76 04 20 01 E mail contact etictelecom com Web www etictelecom com ...

Reviews:

No comments