manualshive.com logo in svg

InHand ER805, User Manual, Page: 28 / 42

Share
Download
InHand ER805 User Manual Download Page 28

InHand ER805 User Manual

23

Internet Interface

: specifies the local uplink interface used to establish the IPSec VPN tunnel.

Tunnel Mode

: specifies the IP packet encapsulation mode on the IPSec VPN tunnel, which can be tunnel mode or

transfer mode.

Peer Address

: specifies the IP address of the peer device that will establish a tunnel with the ER805.

Notes:

When two ER series routers establish an IPSec VPN tunnel, the one using a public IP address acts as the

server by default. On the IPSec server, the peer IP address must be set to 0.0.0.0. On the IPSec client, the peer IP

address must be set to the public IP address of the server's interface used to establish the tunnel.

Local Subnet

: specifies the IP address segment of the traffic to be sent out by the ER805 through the

IPSec VPN tunnel.

Peer Subnet

: specifies the IP address segment used for communication on the other end of the IPSec

VPN tunnel.

IKE Policy

: allows you to set IKE parameters.

Encryption

: specifies the encryption algorithm for IKE.

Authentication

: specifies the authentication algorithm for IKE.

DH Groups

: specifies the DH key exchange mode.

Lifetime

: specifies the lifetime of the IKE security association (SA). The default value is 86400

seconds.

IPSec Policy

: allows you to set IPSec parameters.

Security Protocol

: specifies the security protocol used for the External Router Protocol (ERP).

Encryption

: specifies the encryption algorithm for the Encapsulating Security Payload (ESP)

protocol.

Authentication

: specifies the authentication algorithm for ESP.

PFS Groups

: specifies the Perfect Forward Secrecy (PFS) mode, which improves the

communication security through an additional key exchange in Phase 2 of negotiation.

Lifetime

: specifies the lifetime of the IPSec SA. The default value is 86400 seconds.

10.2 L2TP VPN

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol for virtual private dial networks (VPDNs). This

protocol establishes a tunnel from a remote site to the headquarters of an enterprise over a public switched

telephone network (PSTN) or integrated services digital network (ISDN) through Point-to-Point Protocol

(PPP) negotiation. This tunnel allows remote users to connect to the intranet of the enterprise in a secure

way.

10.2.1 Client

The ER805 can serve as an L2TP client to establish a tunnel to a remote L2TP server. Choose

L2TP VPN

>

Client

on the

VPN

page, and click

Add

to add an L2TP client.

Summary of Contents for ER805

Page 1: ...are subject to change without prior notice as a result of continuing improvements to the product InHand cannot promise that the contents are consistent with the actual product information and assumes...

Page 2: ...Multi level menus are separated by the signs For example choose File Create Folder Cautions Please be careful of the contens under Cautions improper action may result in loss of data or device damage...

Page 3: ...4 2 Internet Connection 6 4 2 1 Wired Connection Via a WAN Interface 6 4 2 2 Wireless Connection via the Cellular Interface 8 4 2 3 Wireless Connection via Wi Fi STA 10 5 Dashboard 11 5 1 Device Infor...

Page 4: ...k List 19 9 Wi Fi 21 10 VPN 22 10 1 IPSec VPN 22 10 2 L2TP VPN 23 10 2 1 Client 23 10 2 2 Server 24 11 Security 26 11 1 Firewall 26 11 1 1 Inbound and Outbound Rules 26 11 1 2 Port Forwarding 27 11 2...

Page 5: ...1 Adm Management 33 13 2 Cloud Management 33 13 3 Remote Access Control 34 13 4 System Clock 34 13 5 Device Options 35 13 6 Configuration Management 35 13 7 Alarms 35 13 8 Tools 36 13 8 1 Ping 36 13...

Page 6: ...work connections for business applications Leveraging 4G 5G cellular networks and various broadband services ER805 provides ubiquitous uninterrupted access to the Internet for a variety of business de...

Page 7: ...twork successfully Blinking blue The router is connecting to the wired network Solid blue The router has connected to the wired network successfully Wi Fi 2 4G Off The Wi Fi 2 4 GHz band is off Solid...

Page 8: ...Step 2 Observe the power indicator while holding down the Reset button The power indicator blinks for about 30s and then stays solid on Step 3 Release the Reset button When the power indicator starts...

Page 9: ...wireless MAC address The authentication method is WPA2 PSK The two access points have the same password last eight digits of the router s SN 3 Ethernet Four LAN interfaces are enabled The IP address...

Page 10: ...n the range of 192 168 2 2 192 168 2 254 Default gateway to 192 168 2 1 Subnet mask to 255 255 255 0 Preferred dns server to 8 8 8 8 and Alternate dns server to the IP address of the carrier s dns ser...

Page 11: ...ion Via a WAN Interface The ER805 can establish a wired connection through DHCP a static IP address or PPPoE To select a connection method click Internet on the left pane and then click Edit in the ro...

Page 12: ...Manual 7 Figure 4 2 1 b Assigning a static IP address to the router PPPoE Configure the PPPoE service on WAN1 Then the router can dial up to the Internet through the broadband service Figure 4 2 1 c...

Page 13: ...is removed all configuration on this interface including the static routes inbound and outbound rules port forwarding policy based routing and traffic shaping is deleted 4 2 2 Wireless Connection via...

Page 14: ...ure 4 2 2 c Configuring a traffic policy for cellular network access Actions Notification record the generated traffic reaching the threshold event and the traffic transmission is not restricted Only...

Page 15: ...The ER805 can connect to an AP as a wireless client STA To use this connection method click Add on the Internet page select Wi Fi STA in the dialog box that appears and enter the SSID and password Fi...

Page 16: ...Fi connections Figure 5 Dashboard 5 1 Device Information Basic information about the router is displayed on the top of the dashboard The network connection method and uplink interface address vary dep...

Page 17: ...ered on Traffic statistics are reset after a reboot of the router To view historical traffic statistics log in to InCloud Manager and enter the details page of the router Figure 5 3 Traffic statistics...

Page 18: ...fic You can view the rankings of clients connected to the router by their traffic statistics A maximum of five records can be displayed When a client is disconnected from the router its traffic statis...

Page 19: ...he health of each uplink as well as the throughput delay packet loss rate and signal strength on each uplink interface Figure 6 1 Link Monitor 6 2 Cellular Signals The Cellular Signals module displays...

Page 20: ...subnet traffic statistics and online duration Figure 6 3 Clients 6 4 VPN The VPN module displays information about IPSec VPN and L2TP VPN such as their status name traffic statistics and duration of t...

Page 21: ...ed Cellular traffic reaches the threshold Reboot Upgrade 6 6 Logs The logs module displays logs recorded during operation of the router which can be used for troubleshooting when the router does not w...

Page 22: ...on when changing settings on the Internet page as doing so may cause an interruption of the network connection 7 1 Uplink Table On the uplink table you can edit WAN1 and Cellular and add edit or delet...

Page 23: ...atency jitter packet loss rate or signal strength on each uplink interface If the link detection address is left empty the system detects the primary dns server address obtained by each interface When...

Page 24: ...can be transparently transmitted to the client device for use Figure 8 1 Passthrough Settings Note After the IP Passthrough mode is enabled only one client can access the Internet The following functi...

Page 25: ...removed You can only change its IP address mask and DHCP server configuration After a local network is added its mode cannot be changed The VLAN Only mode is used for transparent transmission of Laye...

Page 26: ...Editing an SSID The router has two default primary SSIDs one for the 2 4 GHz band and one for the 5 GHz band You cannot change the bands of the two SSIDs or delete the SSIDs After an SSID is added it...

Page 27: ...e risks of data leakage and interception and ensures the data integrity and privacy thus protecting the security of communication Choose VPN IPSec VPN and click Add to add an IPSec VPN Figure 10 1 1 A...

Page 28: ...he DH key exchange mode Lifetime specifies the lifetime of the IKE security association SA The default value is 86400 seconds IPSec Policy allows you to set IPSec parameters Security Protocol specifie...

Page 29: ...ed by the remote L2TP server to communicate with the L2TP client User Name Password specifies the user name and password for L2TP negotiation which must be consistent on both ends of the tunnel Authen...

Page 30: ...ies the gateway address for the L2TP client The gateway assigns an IP address to the L2TP client from the specified IP address pool Address Pool specifies the IP address range for the L2TP client User...

Page 31: ...n the firewall to restrict traffic sent from this IP address If you want to prevent some internal users from accessing the Internet set an outbound rule to restrict outbound traffic sent from these us...

Page 32: ...is permitted You can reprioritize inbound and outbound rules on the rule list 11 1 2 Port Forwarding After a port forwarding rule is configured on an interface of the router the router forwards data...

Page 33: ...same as that of Local Port Local Address specifies the IP address of the target client that external users need to access Local Port specifies the protocol port that external users need to access on...

Page 34: ...Add Create a new rule to add a traffic shaping rule Traffic shaping policies consist of a series of rules that are performed in the order in which they appear in the policy similar to custom firewall...

Page 35: ...allowed to communicate with external networks and set a rate limit for the interface Figure 12 1 a b Editing a LAN interface 12 2 DHCP Server DHCP implements dynamic IP address allocation in a client...

Page 36: ...ble only for local networks in IP mode It does not take effect for networks in VLAN Only mode 12 3 Fixed Address List You can assign fixed IP addresses to clients connected to the router based on thei...

Page 37: ...and does not include the routes generated automatically on uplink interfaces Figure 12 4 Adding a static route Static routes to the same destination IP address or network cannot have the same next hop...

Page 38: ...ud Manager star inhandcloud com is a cloud platform developed by InHand to help enterprises accelerate network deployment simplify network O M and improve service experience This platform provides zer...

Page 39: ...IP address and port of its uplink interface in the address box of the web browser SSH when this service is enabled you can use a remote access tool such as CRT to log in to the web based management sy...

Page 40: ...n The router only clears historical data 13 6 Configuration Management You can export the configuration file of the router to your PC as a backup Once the configuration is lost on the router you can i...

Page 41: ...r settings 13 8 Tools 13 8 1 Ping The ping service is used to test the connectivity between the router and external networks through the Internet Control Message Protocol ICMP Enter any domain name or...

Page 42: ...13 8 3 Packet Capture You can capture data packets on a specified interface By selecting an option from the Output drop down list you can view information about the captured data packets or export the...

Reviews:

No comments