manualshive.com logo in svg

InHand InGateway502, User Manual

Share
Download
InHand InGateway502 User Manual Download Page 94

90 

o

 

IKE Advance (Phase 1) 

 

Local ID: specifies the type of the local device’s identifier for IKE negotiation. 

 

IP Address: specifies the peer IP address used to establish the IPsec interface. 

 

FQDN: specifies the character string used as the identifier of the local device. 

 

User FQDN: specifies the fully qualified domain name used as the identifier of 

the local device. 

 

Remote ID: specifies the type of the peer device’s identifier for IKE negotiation. 

 

IP Address: specifies the interface IP address that the local device uses to 

complete IKE negotiation and exchange identity information with the peer 

device. 

 

FQDN: specifies the identifier string that the peer devices used for IKE 

negotiation. The value must be the same as that set on the peer device. 

 

User FQDN: specifies the fully qualified domain name used as the identifier of 

the peer device. The value must be the same as that set on the peer device. 

 

IKE Keepalive (DPD): enables or disables dead peer detection (DPD). 

 

DPD Timeout: specifies the timeout period of a DPD probe. After the receiving 

end triggers a DPD probe by sending a DPD request to the peer, it waits for a 

DPD response. If no DPD response is received from the peer, it deletes the 

IPsec SA. The valid value range is 10-3600, and the unit is second. 

 

DPD Interval: specifies the IPsec neighbor detection interval. After DPD is 

enabled, the receiving end can trigger a DPD probe if it does not receive any 

IPsec-encrypted packets from the peer within the DPD interval. In this case, 

the receiving end sends a DPD request to check whether the IKE peer is 

available. The valid value range is 10-3600, and the unit is second. 

 

XAUTH: specifies the XAUTH user name and password. 

o

 

IPsec Advance (Phase 2) 

 

PFS: enables or disables Perfect Forward Secrecy (PFS), a feature that 

ensures security of other keys when a key is encrypted, because these keys 

are not derived from one another. The key used in phase-2 IPsec negotiation is 

derived from the key generated in phase 1. If the phase -1 key for IKE 

negotiation is intercepted by an attacker, the attacker may collect sufficient 

information to derive the phase-2 key for IPsec SA negotiation. The PFS 

feature prevents this problem by performing an additional DH exchange, 

ensuring security of the phase-2 key. 

Summary of Contents for InGateway502

Page 1: ......

Page 2: ...d interpretation 2021 InHand Networks All rights reserved Conventions Symbol Indication Content in angle brackets indicates a button name For example the OK button indicates a window name or menu name...

Page 3: ...r Supply 13 3 6 Installing the Ground Protection 13 3 7 Connecting the Network Cable 14 3 8 Connecting Terminals 14 3 8 1 Power serial Terminals 14 3 8 2 IO Terminal 15 4 Configuring Network Connectio...

Page 4: ...re Upgrade 75 4 7 6 Access Tools 76 4 7 7 User Management 79 4 7 8 Reboot 80 4 7 9 Network Tools 81 4 7 10 3rd Party Notification 83 4 8 Advanced 83 4 8 1 Administration 83 4 8 2 Services 84 4 8 3 VPN...

Page 5: ...ctual product during operation 2 Packing List Each edge computing gateway product is delivered with accessories such as standard accessories frequently used at the customer site Check the received pro...

Page 6: ...cification Product warranty card 1 Warranty period 1 year Certificate of conformance 1 Certificate of conformance for the edge computing gateway Optional accessories Accessory Quantity Description AC...

Page 7: ...puting gateway 2 1 Panel Figure 2 1 IG502 Caution The IG502 series product is applicable to multiple panel appearances as they have the same installation method Refer to the actual product during oper...

Page 8: ...4 2 2 Structure and Dimensions Figure 2 2 1 Wall Mounting A Figure 2 3 2 Wall Mounting B...

Page 9: ...rrounding environment Avoid direct sunlight and keep away from thermal sources or areas with strong electromagnetic interferences Install the gateway product on an industrial DIN rail Check whether th...

Page 10: ...3 1 2 Uninstalling with a DIN Rail Procedure Step 1 Press the device downward in the direction indicated by arrow 1 in Figure 3 2 to create a gap near the lower end of the device so that the device is...

Page 11: ...7 Figure 3 1 2 DIN rail disassembly schematic diagram 3 2 Installing and Uninstalling the Device in Wall mounted Mode 3 2 1 Installing in Wall mounted Mode 3 2 1 1 Wall Mounting A 1 2...

Page 12: ...y using a screwdriver as shown in Figure 3 2 1 1 Figure 3 2 1 1 Wall mounted installation diagram Step 3 Take out the screws packaged with the wall mounting bracket fasten the screws in the installati...

Page 13: ...gh space for installation Step 2 Install the wall mounting bracket on the back of the device by using a screwdriver as shown in Figure 3 2 2 1 Figure 3 2 1 2 1 Wall mounted installation diagram Step 3...

Page 14: ...secure as shown in Figure 3 2 2 1 2 Figure 3 2 1 2 Wall mounted installation diagram 3 2 2 Uninstalling in Wall mounted Mode Procedure Hold the device with one hand and unfasten the screws that fix th...

Page 15: ...ual SIM card Figure 3 3 Install SIM card 3 4 Installing an Antenna Revolve the movable part of the metal SMAJ interface with gentle force until it cannot be revolved in which state the outer thread of...

Page 16: ...antenna ANT antenna and AUX antenna The ANT antenna sends and receives data The AUX antenna only increases the antenna signal strength and cannot be used independently for data transmission Only the...

Page 17: ...e locking screw on the terminal Step 3 Connect the power cable to the terminal and fasten the locking screw Figure 3 5 Installing the Power Supply 3 6 Installing the Ground Protection Procedure Step 1...

Page 18: ...ce resistance Connect the ground cable to the ground post of the gateway based on the operation environment 3 7 Connecting the Network Cable Connect the gateway to a PC directly by using the Ethernet...

Page 19: ...nd fasten the screws Sort the cables in order Figure 3 8 Terminal line 3 8 2 IO Terminal IG502 supports the digital input pulse counting digital output and pulse output functions In addition IG502 can...

Page 20: ...0 V DC 1 connected 1 10 V DC to 30 V DC 30 V DC to 10 V DC 4 mA min Figure 3 8 2 1 Digital input 3 8 2 2 Pulse counting A maximum of 3000 Hz pulse signal counting is supported up to 4294967296 The fo...

Page 21: ...supply is connected no voltage is output The maximum voltage output is 30 V 500 mA The following figure shows the connection modes 0 OFF 1 ON Figure 3 8 2 3 Digital output 3 8 2 4 Pulse output A maxim...

Page 22: ...18 Figure 3 8 2 4 Pulse output Note This section is only applicable to IG500 with industrial interfaces...

Page 23: ...efault the IP address of WAN LAN on IG502 is 192 168 1 1 the IP address of LAN on IG502 is 192 168 2 1 This document uses the LAN port to access the IG502 as an example Set the PC s IP address to be o...

Page 24: ...address Select Use the following IP address enter an IP address By default any from 192 168 2 2 to 192 168 2 254 subnet mask By default 255 255 255 0 default gateway By default 192 168 2 1 and DNS se...

Page 25: ...p to the web login page Enter the user name default adm and password default 123456 and click OK or press Enter to access the web configuration page Figure 4 2 Login gateway Web management interface 4...

Page 26: ...lish 4 4 Overview The Overview page displays information about the IG502 such as its network connection status system information and data usage You can quickly obtain the IG502 running status on this...

Page 27: ...arameters to connect the IG502 to a cellular network or view details about the dial up interface on this page Follow these steps to configure the dial up interface 1 Choose Network Network Interfaces...

Page 28: ...DMA LTE system provides services based on the APN of the connected WCDMA LTE network This parameter does not need to be set for the CDMA2000 series Access Number specifies the dial string provided by...

Page 29: ...is gprs o Password specifies the password of the PDN user It is provided by your network operator The default value is gprs Dual SIM Enable enables or disables the dual SIM card mode oMain SIM specifi...

Page 30: ...the auto mode in which the gateway automatically registers to the suitable network Profile specifies the index of the dial up parameter set Roaming enables the roaming function to allow the gateway t...

Page 31: ...e system o On demand Dial Data Trigger indicates that the gateway is offline by default and will dial up automatically when data is sent to the Internet o Manual Dial indicates that the network connec...

Page 32: ...t period of an ICMP probe If the gateway does not receive any ICMP Reply packet within this period it considers that the ICMP probe times out o ICMP Detection Max Retries specifies the maximum number...

Page 33: ...way checks the module status and dials up to the network again o MRU specifies the maximum receive unit which is expressed in bytes o MTU specifies the maximum transmit unit which is expressed in byte...

Page 34: ...o Expert Options allows you to set command parameters 4 5 1 2 WAN The following figure shows the configuration of WAN LAN with Interface Type set to WAN The Ethernet parameters are described as follo...

Page 35: ...information through DHCP Static IP mode Primary IP specifies the IP address of the Ethernet interface By default the IP address of WAN LAN is 192 168 1 1 and the IP address of LAN is 192 168 2 1 Netm...

Page 36: ...t is physically connected After this feature is disabled the interface state is displayed as UP regardless of whether the interface is physically connected o Shutdown disables the interface o Descript...

Page 37: ...interface Secondary IP Setting allows you to set up to 10 secondary IP addresses in addition to the primary IP address 4 5 1 4 Loopback The loopback interface is a logical virtual interface on the IG...

Page 38: ...ge You can set or view loopback interface parameters on this page 2 Click the Add icon in the table under Secondary IP Setting to add a secondary IP address for the loopback interface The default IP a...

Page 39: ...ation is assigned dynamically You can configure a DHCP server and view its configuration on the DHCP Server page Follow these steps to configure a DHCP server 1 Choose Network Network Services DHCP DH...

Page 40: ...ess pool for address allocation to DHCP clients Ending Address specifies the end IP address of the IP address pool for address allocation to DHCP clients Lease specifies the validity period of allocat...

Page 41: ...applications by using easy to remember meaningful domain names which are then translated into the correct IP addresses by a DNS server on the network You can configure a DNS server and the DNS relay s...

Page 42: ...service cannot be disabled when the DHCP server feature is enabled 3 Click the Add icon to add a domain name IP address pair 4 Enter the domain name or IP address of a host and specify the matching IP...

Page 43: ...work Network Services Host List to display the Host List page as shown in the following figure 4 5 3 Routing 4 5 3 1 Routing Status Choose Network Routing Routing Status to display the Routing Status...

Page 44: ...outing page Then packets sent to a specific destination are forwarded through the specified route Generally you do not need to configure static routes Follow these steps to configure a static route 1...

Page 45: ...4 Click OK to save the configuration and then click Submit to apply the configuration The following figure shows the configuration of a static route Parameters of a static route are described as foll...

Page 46: ...cifies the track index or ID 4 5 4 Firewall 4 5 4 1 ACL An access control list ACL permits or denies specified data flows such as the data flow from a specified source IP address or account based on a...

Page 47: ...under ACL to add an access control list on a specified interface 5 Set the parameters For details about these parameters see access control list parameter description 6 Click OK to save the configura...

Page 48: ...44 The following figure shows the configuration of an extended access control policy...

Page 49: ...45 The following figure shows the configuration of an access control list...

Page 50: ...smaller value indicates a higher priority of the rule Action permits or denies forwarding of matching packets Source IP specifies the source IP address of packets in the ACL rule If this field is kep...

Page 51: ...ss of packets in the ACL rule If this field is kept blank the rule matches packets from all networks Source Wildcard specifies the wildcard mask of the source IP address in the ACL rule Source Port sp...

Page 52: ...ablished connections If this option is deselected the system controls TCP packets on both established and unestablished connections This parameter is available only when the TCP protocol is selected F...

Page 53: ...follows 1 Choose Network Firewall NAT to display the NAT page 2 Select an interface from the Interface drop down list 3 Click the Add icon under Network Address Translation NAT Rules to add an NAT ru...

Page 54: ...n feature that translates source IP addresses of data packets into another IP address Generally this feature is used for data packets sent to the Internet through the router DNAT uses the destination...

Page 55: ...esses Outside translates public IP addresses Translation Type which can be IP to IP IP to INTERFACE IP PORT to IP PORT ACL to INTERFACE ACL to IP Access Control List unavailable for 1 1 NAT specifies...

Page 56: ...cess this document takes Device Supervisor as an example Step 1 Install the App Before installing the App you need to ensure that the Python Edge Computing Engine is enabled and the Python SDK is inst...

Page 57: ...53 After importing you can view the imported Apps as shown in the following figure Step 2 Run the App Select enable App and click Submit...

Page 58: ...54 Once enabled the App automatically runs and will run every time the IG502 is started...

Page 59: ...onfiguration files to modify the running mode you can update the App running configuration by referring to the following process Step 1 Choose Edge Computing Python Edge Computing click the Import Con...

Page 60: ...56 Step 2 Restart the App after the import is successful After the App restarts it will runing according to the imported configuration file...

Page 61: ...57 4 6 1 3 Update Python App version Generally if you need to update the Python App version you only need to import the new version of the App on the Edge Computing Python Edge Computing page...

Page 62: ...58 After the update is completed as shown below...

Page 63: ...you need to enable IG502 s debug mode Choose Edge Computing Python Edge Computing select Enable Debug Mode After enabling you can develop IG502 through VS Code How to use VS Code for Python developmen...

Page 64: ...r to listen on port 22 of LAN default IP address being 192 168 2 1 The user name and password of the SSH server are displayed on the previous web page A random password is generated every time the deb...

Page 65: ...and obtaining I O status data is as follows Step 1 configure the I O functions Choose Edge Computing IO Module Configuration and configure the I O functions based on the site requirements The followin...

Page 66: ...62 Pulse counting The starting value is 0 After power down the value counted by the power down is retained...

Page 67: ...63 Digital output Pulse output According to the frequency of 5000 Hz the duty cycle is 50 for the pulse output...

Page 68: ...l Set the pulse counting and pulse output After setting DI to the pulse counting click Start to count the pulses received by the DI Otherwise do not count it Click Reset to reset the count value to th...

Page 69: ...n the Enable switch to enable the Modbus TCP Slave function This function allows Modbus TCP Master to read the I O status of IG502 After you turn on the External Access switch Modbus TCP Master outsid...

Page 70: ...e I O status of IG502 in Step 3 as an example First add a Modbus TCP controller and set the controller communication parameters based on Modbus TCP Slave Then configure the data to be collected accord...

Page 71: ...67...

Page 72: ...68 After the configuration is completed you can obtain DI0 Counter Value 4 7 System 4 7 1 System Time...

Page 73: ...evices maintain the same clock to provide applications based on the consistent time Follow these steps to set the system time Method 1 Select a time zone 1 Choose System System Time to display the Sys...

Page 74: ...ters see SNTP client parameter description 4 Click Submit to apply the configuration 4 7 2 System Logs Choose System Log to display the Log page This page displays a large amount of information about...

Page 75: ...ter this option is selected all passwords configured on the IG502 web system are displayed in encrypted text This feature improves the security of passwords Configuration Files Operations Import Start...

Page 76: ...Restore Factory Configuration allows you to restore the factory settings of the IG502 This operation restores all parameters on the IG502 to the default settings The factory settings are restored aft...

Page 77: ...e maintenance channels and the InHand Device Manager platform mainly provides users with gateway management services such as batch remote upgrades etc Server address the address of the InHand Cloud Re...

Page 78: ...74 After the IG502 is successfully connected to the InHand Device Manager the status is described as Connection Accepted...

Page 79: ...s or better user experiences Follow these steps to upgrade the firmware version 1 Choose System Firmware Upgrade to display the Firmware Upgrade page 2 Click Select File to select a firmware file for...

Page 80: ...ls page 2 Select Enable HTTPS and set the parameters For details about these parameters see HTTPS parameter description 3 Click Submit to apply the configuration Configure Telnet 1 Choose System Acces...

Page 81: ...ng figure shows the configuration of HTTPS based management The HTTPS parameters are described as follows 1 Listen IP Address specifies the listening IP address Options include Any 127 0 0 1 and other...

Page 82: ...he Telnet parameters are described as follows 1 Listen IP Address specifies the listening IP address Options include Any 127 0 0 1 and other IP addresses 2 Port specifies the listening port number of...

Page 83: ...ber of SSH 3 Timeout specifies the SSH timeout period The valid value range is 0 120 4 Key Mode fixed as RSA 5 Key Length specifies the length of the key used Options are 512 1024 2048 and 4096 6 Remo...

Page 84: ...e steps to add a user 1 Choose System User Management to display the User Management page 2 Click the Add icon to add a user 3 Set the parameters 4 Click OK to save the configuration 4 7 8 Reboot Choo...

Page 85: ...2 on this page You can enter some extension options in the Expert Options area For example expert option t for the ping tool enables the IG502 to ping a specified host continuously until you stop the...

Page 86: ...ute used to transmit IP datagrams to a destination The following figure shows the configuration of a traceroute test The Tcpdump tool can be used to capture packets transmitted on a specified interfac...

Page 87: ...statement about the third party software used for the IG502 4 8 Advanced 4 8 1 Administration 4 8 1 1 System On this page you can view the system status and network status including the firmware versi...

Page 88: ...84 4 8 2 Services 4 8 2 1 DDNS The DDNS parameters are described as follows Method Name specifies the name Service Type specifies the type of the software Dynamic Domain Name Service Disable DynAccess...

Page 89: ...ynamic DynDNS Static Url the address of a web page on the world wide web Username Registered username for DDNS Password Registered password for DDNS Hostname Registered hostname for DDNS 4 8 2 2 Data...

Page 90: ...er to ensure the security of data transmission over the Internet IPsec lowers the risk of data leakage and interception ensures data integrity and confidentiality and protects security of service data...

Page 91: ...IKEv2 Policy o ID specifies the ID of an IKEv2 policy o Encryption specifies the algorithm used to encrypt plain text Options are 3DES DES AES128 AES192 and AES256 3DES uses three 64 bit DES keys to...

Page 92: ...payload The receiver calculates the digest for the received IP packet and compares it with the digest field carried in the packet to determine whether the packet has been tampered with during transmis...

Page 93: ...list Authentication Type specifies the authentication method used for the IPsec tunnel Shared key authentication and digital certificate authentication are supported Shared Key specifies the shared k...

Page 94: ...er the receiving end triggers a DPD probe by sending a DPD request to the peer it waits for a DPD response If no DPD response is received from the peer it deletes the IPsec SA The valid value range is...

Page 95: ...itiate a connection This mode is often used on a server On demand indicates that the local device completes IKE negotiation to set up an IPsec tunnel only when detecting IPsec packets on the interface...

Page 96: ...er end The GRE parameters are described as follows Enable enables or disables GRE Index specifies a GRE tunnel ID The valid range is 1 100 Network Type specifies the GRE network type Local Virtual IP...

Page 97: ...cription of the GRE tunnel Note NHRP is applicable only to dynamic multipoint virtual private networks DMVPNs and does not need to be enabled for GRE GRE is usually used when both ends use a fixed pub...

Page 98: ...scribed as follows Enable enables or disables the OpenVPN client Index specifies a tunnel ID OpenVPN Server specifies the IP address or domain name of an OpenVPN server Port specifies the port number...

Page 99: ...nd subnet net30 Four IP addresses with a 30 bit mask are selected from the IP address pool The larger one between the two intermediate IP addresses is used as the IP address of the client s virtual NI...

Page 100: ...tting must be the same on the client and server o Compression LZO specifies the compression format of data transmitted over the OpenVPN tunnel o Redirect Gateway enables the OpenVPN interface to act a...

Page 101: ...s expressed in bytes o Enable Debug enables or disables debugging logs o Expert Configuration specifies OpenVPN extension parameters o Import Configuration Select the OpenVPN configuration file you wa...

Page 102: ...the interface used to establish the OpenVPN tunnel Interface Type specifies the type of data sent from the interface Tun mostly used for IP based communication Tap allows complete Ethernet frames to...

Page 103: ...t of data transmitted over the OpenVPN tunnel The setting must be the same as that on the client Link Detection Interval specifies the interval for sending link detection packets after an OpenVPN tunn...

Page 104: ...clients and certification authorities CAs The certification management parameters are described as follows Enable SCEP enables or disables the Simple Certificate Enrollment Protocol Force to re enroll...

Page 105: ...e through SCEP for example http 100 17 145 158 8080 certsrv mscep mscep dll Common Name specifies the general name of the certificate required FQDN specifies the fully qualified domain name FQDN of th...

Page 106: ...m the server The valid value range is 30 3600 and the unit is second Poll Timeout specifies the maximum duration for querying the certificate status The device considers the certificate application fa...

Page 107: ...on within 10s after the device is powered on 3 When the ERR indicator turns red release the RESET button 4 After a few seconds when the ERR indicator turns off hold down the RESET button again 5 When...

Reviews:

No comments

Brands by name

Popular brands

Load more brands