Home
/
insys icom
/
EBW-E100
/
Manual

insys icom EBW-E100, Manual

Share

Page: 63 / 112

insys icom EBW-E100 Manual Download Page 63

EBW-E100

Functions

63

12.3.8

Setting Up IPsec

IPsec (Internet Protocol Security) is a security protocol for the safe communication
via IP networks and can be used to set-up virtual private networks (VPN). Two
subnets can be connected together using two suitable routers (e.g. INSYS
MoRoS 2.1) via a secure tunnel. It is possible to configure up to 10 different
tunnels.

A tunnel can also be used as fall back tunnel for another active tunnel. The active
tunnel will always be started when establishing the WAN connection. If the
additional ICMP ping is not successful, the active tunnel will be closed and the fall
back tunnel will be started. If the connection check via ICMP ping fails for a fall
back tunnel, the fall back tunnel will be closed and the active tunnel will be started.

Configuration via web interface (menu "Dial-In"/"Dial-Out"/"LAN (ext)", page
"IPsec")

In order to use IPsec for a connection, check the checkbox "Activate
IPsec".

In order to display the current state of the IPsec tunnels, select the link
"IPsec current state".

In order to display the messages of the last connection, select the link
"Display log of last connection".

In order to configure NAT traversal, use the drop-down list "NAT-
Traversal" to select the desired option. If you select "activate" (default
setting), all ESP (Encapsulating Security Payload) packets are additionally
packed into a UDP packet and sent using the UDP port 4500, if a NAT
router is detected. If you select "force", this behaviour will be enforced
without checking for a NAT router (the remote terminal must also have
NAT traversal enabled in this case). If you select "deactivate", a UDP data
encapsulation will be prevented, what might lead to problems in
operation with a NAT router. This setting applies for all tunnels.

In order to configure the interval of the keep alive packets, which are
sent, if NAT traversal is used, enter the time in seconds into the field
"Keep alive interval". This can prevent that e.g. a stateful firewall blocks
the connection after an extended inactivity period.

In order to select the tunnel, whose settings are to be edited, select the
desired tunnel from the drop-down list "Tunnel name" and click on the
button "load to edit" then. If settings are made to the currently loaded
tunnel, these must be taken over before using the button "OK", before a
new tunnel is loaded to prevent that these settings get lost. Loading a
tunnel does not save settings that have been made!

In order to activate the loaded tunnel, select the option "active" in the
drop-down list "Activate tunnel".

In order to specify the loaded tunnel as fallback tunnel for an active
tunnel, select the option "Fallback for ..." in the drop-down list "Activate
tunnel".

«
...
61
62
63
64
65
...
»

Summary of Contents for EBW-E100

Page 1: ...EBW E100 Manual...

Page 2: ......

Page 3: ...Inc IBM PC AT XT are registered trademarks of International Business Machine Cor poration INSYS VCom e Mobility LSG and e Mobility PLC are registered trademarks of INSYS MICROELECTRONICS GmbH Windows...

Page 4: ...Electrical Installation 13 2 9 General Safety Instructions 13 3 Using Open Source Software 15 3 1 General Information 15 3 2 Special Liability Regulations 16 3 3 Used Open Source Software 16 4 Scope o...

Page 5: ...3 2 OpenVPN General 51 12 3 3 Setting Up an OpenVPN Server 53 12 3 4 Setting Up an OpenVPN Client 56 12 3 5 PPTP General 60 12 3 6 Setting Up a PPTP Server 60 12 3 7 Setting Up a PPTP Client 61 12 3...

Page 6: ...e Disposal 90 14 1 Repurchasing of Legacy Systems 90 15 Declaration of Conformity 91 16 FCC Statement 92 17 Licenses 93 17 1 GNU GENERAL PUBLIC LICENSE 93 17 2 GNU LIBRARY GENERAL PUBLIC LICENSE 96 17...

Page 7: ...of our Delivery and Purchasing Conditions are effective These can be found on our website www insys icom de imprint under General Terms and Conditions 1 2 Feedback We are permanently improving our pr...

Page 8: ...ion It might cause death or severe injuries if not avoided Caution Slight injury and or material damage This symbol in conjunction with the key word Caution indicates a possibly hazardous or harmful s...

Page 9: ...rerequisites which must be fulfilled to be able to process the subsequent steps in a meaningful way You will also learn which software or which equipment you will need 1 One individual action step Thi...

Page 10: ...the operating conditions of the device are effective An optimum protection of the personnel and the environment from hazards as well as a safe and fault free operation of the product is only possible...

Page 11: ...ned expert personnel which has been authorised by the plant opera tor The expert personnel must have read and understood this documentation and observe the instructions Electrical connection and commi...

Page 12: ...ately from residual waste via appropriate collecting points See also Section Disposal in this manual CE marking By applying a CE marking the manufacturer confirms that the product complies with the Eu...

Page 13: ...o commissioning of the device to be able to isolate it completely from power supply 2 9 General Safety Instructions Caution Moisture and liquids from the environment may seep into the interior of the...

Page 14: ...uct due to overvoltage Install suitable overvoltage protection Caution Damage due to chemicals Ketones and chlorinated hydrocarbons dissolve the plastic housing and damage the surface of the device Ne...

Page 15: ...of charge We do not de mand usage fees or any comparable fees for the use of the open source software contained in our product The use of the open source software in our product by the customer is not...

Page 16: ...ective effective open source software license for the respective open source software as listed in the following are effective for the use of the open source software beyond the purpose of the contrac...

Page 17: ...E100 1 Quick Installation Guide The scope of delivery does not include optional accessories The following parts are available from your distributor or INSYS icom DIN rail power supplies The following...

Page 18: ...erature range 30 C 70 C max 85 C s below Maximum permissible humidity 95 non condensing IP rating Housing IP40 Terminals IP20 Table 1 Physical Features Max specification applies to occasional data tra...

Page 19: ...l elements on the front of the device Position Description 1 Reset key 2 Power LED 3 COM LED 4 Signal LED 5 Status LED 6 Activity LED for LAN ext 7 Link LED for LAN ext 8 Activity LED for LAN 9 Link L...

Page 20: ...PP data traffic Status green VPN VPN connec tion estab lished red Status Initialization FW update fault Table 4 Meaning of display elements 6 2 Function of the Control Elements Description Operation M...

Page 21: ...nt Panel Connections Figure 2 Connections on the front panel of the device Position Description 1 Ethernet port LAN 1 RJ45 10 100 BT 2 Ethernet port LAN 2 ext RJ45 10 100 BT Table 6 Description of the...

Page 22: ...the device Terminal Designation Description 1 10 48 VDC Power supply 10 V 48 V DC 2 GND Ground 3 Reset Reset input Table 7 Description of the connections on the top of the device The reset input must...

Page 23: ...eLess Address Auto Configuration If a router with router advertisement advertises IPv6 address prefixes in the LAN the router configures itself another IPv6 address with the advertised prefix in addit...

Page 24: ...outside via an unsafe network An entire LAN can also be connected interception proof and interference proof via an unsafe Internet connection through a VPN tunnel to another network e g the company ne...

Page 25: ...Stateful Firewall will allow connections also for protocols with special requirements e g FTP MAC filter The MAC filter allows that only those packets are accepted at the Ethernet interface that come...

Page 26: ...a comfortable option for an alternative configuration Firmware update via web interface The firmware can be updated via the web interface An update can be performed locally or remotely Automatic daily...

Page 27: ...damage of the product The device must not be used in wet or damp environments or in the direct vicinity of water Install the device at a dry location protected from water spray Disconnect the power su...

Page 28: ...edge of the DIN rail 2 Lift the device perpendicular to the DIN rail until the two lower flexible snap in hooks engage in the DIN rail The EBW E100 is now readily mounted Connecting the power supply T...

Page 29: ...al for the power supply The EBW E100 is disconnected from the power supply Removing the device from the DIN rail How to uninstall the EBW E100 from a DIN rail in a switch cabinet You will need a small...

Page 30: ...shown in the following figure The plastic spring of the snap in hook is stretched 3 While you hold the plastic spring apart with the lower snap in hooks pull the device away from the DIN rail 4 Un ho...

Page 31: ...an external LAN The power supply is disabled You will need a Cat 5 network patch cable You will need a network card in the PC You will need a connection to your external LAN via a network cable 1 Loc...

Page 32: ...e URL http 192 168 1 1 into the address bar The browser loads the start page of the EBW E100 If you see the message in your browser window that the page with this address cannot be found follow the fo...

Page 33: ...lawless configuration Configuring with the web interface How to configure with the web interface basically The device is ready for operation and you have access to it refer to Commissioning section 1...

Page 34: ...S protocol the browser indicates again that an invalid security certificate is used The certificate is not trusted because the Common Name of the certificate differs from your input in the address bar...

Page 35: ...ication with password and enter the access data into the respective fields For an authentication at the Radius server select the radio button Authentication at Radius server The Radius server must be...

Page 36: ...address LAN In order to configure a static IP address enter the IPv4 address of the router in the LAN as well as the netmask When changing the local IP address the address range of the DHCP server wi...

Page 37: ...NAT can be enabled or disabled here This is configured in the menu LAN ext on the respective page Routing 12 1 4 Entering Host Names You can specify the host and domain name of the EBW E100 here More...

Page 38: ...tion will be possible any more It is necessary that you enter the MAC address of the computer that is used for configuration into the list of allowed source MAC addresses before activating the MAC fil...

Page 39: ...EBW E100 for this Configuration via web interface menu Basic Settings page Radius In order to configure access protection via a Radius server enter its address and port into the respective fields Por...

Page 40: ...al authentication at the device select the radio button Authentication with password and enter the access data into the respective fields For an authentication at the Radius server select the radio bu...

Page 41: ...ss Then enter into the entry fields static IP address and Netmask an IPv4 address as well as a netmask The IP address must be an address from the external LAN to which you connect the device Check the...

Page 42: ...ime in seconds after which the connection will be terminated Enter 0 to disable the time controlled connection termination In order to adjust the MTU maximum permissible number of bytes in a packet to...

Page 43: ...into the entry field Interval for checking connection The default setting is 5 minutes If a closed connection is determined after this time the EBW E100 will attempt to re establish the connection af...

Page 44: ...to the entry fields for hours and minutes Save your settings by clicking OK 12 2 5 Routing Routing is the core function of the EBW E100 Routing means that incoming data packets are routed to certain n...

Page 45: ...er to disable NAT for outgoing packets uncheck the checkbox Activate NAT for outgoing IPv4 packets This may be useful in LAN operation if the routed packets must not be changed The router will unblock...

Page 46: ...source IP address into the entry field Source IP address In order to permit connections to certain ports enter the permitted destination port into the entry field Destination port In order to permit...

Page 47: ...6 firewall for LAN ext interface It is strongly recommended to keep the firewall for IPv6 always enabled even if IPv6 is not used In order to create a rule for a permitted IP connection proceed as fol...

Page 48: ...wall is enabled Otherwise all packets that are not directed to these IP addresses would be discarded Configuration via web interface menu LAN ext page IP forwarding In order to enable IP forwarding ch...

Page 49: ...on attempts have already been made Configuration via web interface menu LAN ext page Port forwarding In order to enable port forwarding check the checkbox Activate port forwarding for LAN ext interfac...

Page 50: ...e not been requested by the local network of the EBW E100 or which have not been forwarded to a participant in the local network by a port forwarding rule If no exposed host is configured these incomi...

Page 51: ...EBW E100 as OpenVPN server or OpenVPN client Figure 4 shows a sample configuration for an OpenVPN connection One EBW E100 is configured as OpenVPN server and a second as OpenVPN client here Both clien...

Page 52: ...ods when establishing the VPN tunnel Authentication type Usage Characteristics None For testing purposes and to connect networks without encryption No encrypted connection It is not possible to log in...

Page 53: ...he INSYS icom web site www insys icom com driver This program is used as remote terminal if you want to establish an OpenVPN connection from a Windows PC Configuration via web interface menu LAN ext p...

Page 54: ...the packet size In order to adjust the interval up to the key renegotiation use the entry field Interval for renegotiation of data channel key This interval configures the time in seconds which must e...

Page 55: ...create a new route to a client network enter in the section Create new route to a client network the Common Name of the client into the field Name in certificate as well as its net address and netmas...

Page 56: ...hind the tunnel fields In order to confirm all settings made above click on OK In order to upload a certificate or key click in the section Upload key or certificates on the Browse button button depen...

Page 57: ...io buttons and enter its port into the Port field If the proxy server requires an authentication enter the access data into the User name and Password fields In order to set a default route check the...

Page 58: ...the time in seconds which must expire before new keys are created In order to adjust the VPN ping interval use the entry field Ping interval Enter the interval in the amount of seconds in which the O...

Page 59: ...configured for bot or the settings are complementary 0 1 or 1 0 In order to configure the authentication with static key select the radio button No authentication or authentication with preshared key...

Page 60: ...terface menu LAN ext page PPTP server For an operation as PPTP server check the checkbox Activate PPTP server In order to display the messages of the last connection select the link Display log of las...

Page 61: ...n In order to define the IP address or the domain name of the remote terminal to which the VPN connection is to be established enter an IP address or a domain name in the field IP address or domain na...

Page 62: ...or IP address which can only be connected via the tunnel here If the connection check is not successful a possibly existing tunnel will be terminated and a new tunnel will be established The ping inte...

Page 63: ...you select activate default setting all ESP Encapsulating Security Payload packets are additionally packed into a UDP packet and sent using the UDP port 4500 if a NAT router is detected If you select...

Page 64: ...kets In order to specify the ID of the remote terminal enter it into the field Remote ID The respective IP address is used as ID by default If the actual IP address differs from the received ID e g du...

Page 65: ...ad peer If you select restart default setting here the connection will be restarted for clear it will be terminated and for hold it will be held In order to enable perfect forward secrecy check the ch...

Page 66: ...on white box The private key can only be deleted The authentication with passphrase can be used for main mode and aggressive mode The passphrase which must be used by all IPsec participants must be en...

Page 67: ...te route to this network will be created automatically which enables to access the tunnel address of the remote terminal for example In order to adjust the MTU maximum permissible number of bytes in a...

Page 68: ...or the e mail account into the field User name as well as the associated password into the field Password Check the checkbox Use SSL TLS to send the e mails encrypted In order to enable to trigger an...

Page 69: ...in the section Create new e mail Enter the e mail address of the recipient into the field Recipient for this Select from the drop down list Event the respective event for triggering the e mail dispatc...

Page 70: ...te SNMP traps In order to download the private MIB click on the link Download private MIB In order to create an SNMP trap you have to define this in the section Create new SNMP trap Enter the IP addre...

Page 71: ...hment If IP addresses are combined with host names in the local host table Basic Settings menu Host names page these will be processed first Configuration via web interface menu Server services page D...

Page 72: ...ure the dynamic DNS update check the checkbox Activate dynamic DNS update Select a DynDNS provider from the drop down list DynDNS provider In order to define an own DynDNS server select in the drop do...

Page 73: ...cates addresses in the LAN The IP address range of the DHCP server must be located in the same network as the IP address of the EBW E100 Enter into the entry field Lease Time a validity period in seco...

Page 74: ...ed at the LAN ext interface Configuration via web interface menu Server services page Router advertiser In order to enable the router advertiser check the checkbox Activate router advertiser Select th...

Page 75: ...ield Timeout for inactive connections In order to avoid overloading you can restrict the number of clients which can connect at the same time Enter the maximum number of simultaneously authorized clie...

Page 76: ...2 5 7 Configuring IPT The EBW E100 also allows data transfer via an IPT channel It can act as IPT slave here Configuration via web interface menu Server services page IPT In order to enable IPT check...

Page 77: ...aster will be disconnected and re established again enter this time in seconds into the field Timeout between characters In order to enable scrambling of the IPT connection check the checkbox Use scra...

Page 78: ...d Port In order to specify a contact information for the SNMP agent you can enter this into the field Contact information In order to specify a description for the SNMP agent you can enter this into t...

Page 79: ...s can be set and or queried via the device drivers Configuration via web interface menu Server services page MCIP In order to enable device drivers to register with the MCIP server via TCP check the c...

Page 80: ...interval can be configured Configuration via web interface menu System page System data In order to view the detailed system messages via the web interface click on the link Show the extensive system...

Page 81: ...ion Configuration via web interface menu System page Time In order to configure time and date enter the values for day month year as well as hours and minutes into the entry fields DD MM YYYY hh mm Co...

Page 82: ...ry defaults see Section Display and Control Elements Function of the Control Elements Configuration via web interface menu System page Reset In order to restart select the radio button Reset Click on...

Page 83: ...update files enter the IP address or the domain name of the server into the Server field and the respective port into the Port field It is also possible to specify sub directories of the server that...

Page 84: ...web interface via a dial up connection the connection must be maintained long enough to perform the uploads The option Maximum connect time should be set to 0 for the update also the Idle time You ha...

Page 85: ...ect Reset and click on OK The new firmware is now active 12 6 7 Uploading the Configuration File You may upload a previously downloaded or edited configuration file to the EBW E100 to replace the curr...

Page 86: ...onfiguration and thus all data to provide a good troubleshooting basis when using the support of the manufacturer The support packet will be encrypted so that the secret passwords or keys contained in...

Page 87: ...omain name into the field Parameter and click on OK Optionally you may increase the standard number of 3 hops by increasing the number of hops to 5 for example using the parameter m 5 before The reply...

Page 88: ...nd is configured independently from the device It must be kept in mind that the functionality of the monitoring application can be affected by settings at the device e g interface reservations for the...

Page 89: ...rt insys tec de and via phone under 49 941 58692 0 13 3 Repair Send defect devices with detailed failure description to the source of supply of your device If you have purchased the device directly fr...

Page 90: ...wing address carriage prepaid Frankenberg Metalle Gaertnersleite 8 D 96450 Coburg Germany This regulation applies to all devices which were delivered after August 13 2005 Please consider possible stor...

Page 91: ...Hereby INSYS Microelectronics GmbH declares that herein described device types are in compliance with Directives 2004 108 EC and 2011 65 EC The full text of the EC Declaration of Conformity is availa...

Page 92: ...to operate the equipment under FCC rules Note Export restriction Possible violation of export regulations This device uses encryption technology and is therefore subject to export control as per Germ...

Page 93: ...ou distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have Yo...

Page 94: ...and can be reasonably considered independent and separate works in them selves then this License and its terms do not apply to those sections when you distribute them as sepa rate works But when you d...

Page 95: ...both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the bal ance o...

Page 96: ...freedom to share and change free software to make sure the software is free for all its users This license the Library General Public License applies to some specially designated Free Software Foundat...

Page 97: ...that uses the library The former con tains code derived from the library while the latter only works together with the library Note that it is possible for a library to be covered by the ordinary Gene...

Page 98: ...t bring the other work un der the scope of this License 3 You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library To do this yo...

Page 99: ...e same user the materials specified in Subsection 6a above for a charge no more than the cost of performing this distribution c If distribution of the work is made by offering access to copy from a de...

Page 100: ...to decide if he or she is willing to distrib ute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a c...

Page 101: ...n net to link the LZO library with the OpenSSL library http www openssl org Markus F X J Oberhumer OpenSSL License The OpenSSL toolkit stays under a dual license i e both the conditions of the OpenSSL...

Page 102: ...this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documenta...

Page 103: ...licence and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence includ...

Page 104: ...d via a dial in connection and then create a connection to the LAN Dial out The device can use a dial up connection to make calls and establish In ternet connections for example DF Datenfern bertragun...

Page 105: ...ess and device ad dresses Net address Consists of the overlap of IP address and netmask It always ends with 0 The netmask e g 255 255 255 0 is applied in binary form to an IP address e g 192 168 1 1 t...

Page 106: ...l a transport protocol to enable data exchange between network devices It operates without connection i t the data transmission is not protected UMTS Universal Mobile Telecommunications System stands...

Page 107: ...ons and meaning of the control elements 20 Table 6 Description of the connections on the front panel of the device 21 Table 7 Description of the connections on the top of the device 22 Table 8 Authent...

Page 108: ...26 33 35 40 86 Configuration file 26 83 85 Connection 27 Connection check 43 Connection Establishment 44 46 68 Connection log 54 58 Connection timeout 75 Daily connection termination 44 Data directio...

Page 109: ...34 Humidity 18 ICMP 105 ICMP ping 62 87 Idle time 24 42 44 Intended Use 10 Internal clock 81 Internal network 41 IP address 32 36 61 64 72 73 76 105 IP address range 73 IP forwarding 24 48 IP packet 8...

Page 110: ...assphrase 64 Password 32 33 35 40 68 72 Perfect forward secrecy 65 Permissible limit 11 Personnel 11 Ping 43 65 87 Ping restart interval 54 58 Port 49 52 53 57 105 Port forwarding 24 49 50 105 Port of...

Page 111: ...PN LED 84 Storage 11 Subnet 64 Surface 14 Switch 106 Switch cabinet 29 Symbol 8 9 System data 80 System log 80 System messages 80 81 System time 25 TCP 106 TCP connection 60 Technological Features 18...

Page 112: ......

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands