background image

 

134

3. Choose Virtual Private Network

             

   

     

4. Do not dial to initial connection   

 

 

 

 

Summary of Contents for WBR-3402TX

Page 1: ...1 LevelOne WBR 3402TX 1W 4L 11g Wireless ADSL Router w VPN Printer Server USB User s Manual ...

Page 2: ...13 4 1 Start up and Log in 14 4 2 Status 15 4 3 Wizard 16 4 4 Basic Setting 17 4 5 Forwarding Rules 33 4 6 Security Settings 37 4 6 1 Packet Filter 38 4 6 2 Domain Filter 42 4 6 3 URL Blocking 44 4 6 4 MAC Address Control 46 4 6 5 VPN setting 48 4 6 6 Miscellaneous Items 54 4 7 Advanced Setting 55 4 7 1 ADSL Modem Performance Setting 56 4 7 2 System Time 58 4 7 3 System Log 59 4 7 4 Dynamic DNS 61...

Page 3: ...Windows 2000 and XP Platforms 80 5 4 Configuring on Unix like based Platforms 85 5 5 Configuring on Apple PC 90 Appendix A TCP IP Configuration for Windows 95 98 91 Appendix B Win 2000 XP IPSEC Setting guide 97 Appendix C PPTP and L2TP Configurations 133 Appendix D 802 1x Setting 139 Appendix E FAQ and Troubleshooting 145 Reset to factory Default 145 TFTP Mode 145 ...

Page 4: ...an types Ethernet Over ATM RFC 1483 Bridged without NAT Ethernet Over ATM RFC 1483 Bridged with NAT IP over ATM RFC 1483 Routed Classical Ip over ATM RFC 1577 PPP over ATM RFC 2364 PPP over Ethernet RFC 2516 Firewall All unwanted packets from outside intruders are blocked to protect your Intranet DHCP server supported All of the networked computers can retrieve TCP IP settings automatically from t...

Page 5: ...de 11M 5 5M 2M 1M data rate with auto fallback in 802 11b mode Security functions Packet filter supported Packet Filter allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address of the source and destination Domain Filter Supported let you prevent users under this device from accessing specific URLs URL Bl...

Page 6: ... the router has 3 ddns dyndns TZO com and dhs org SNMP Supported Because SNMP this function has many versions anyway the router supports V1 and V2c Routing Table Supported Now the router supports static routing and two kinds of dynamic routing RIP1 and RIP2 Schedule Rule supported Customers can control some functions like virtual server and packet filters when to access or when to block Other func...

Page 7: ...ed to this product STATUS System status Green Blinking This product is functioning properly On The ADSL is linked Show tme ADSL status1 Green Blinking This router is trying to connect to your ISP ADSL Act ADSL status2 Green Blinking The ADSL is sending or receiving data WLAN Wireless activity Green Blinking Sending or receiving data via wireless On An active station is connected to the correspondi...

Page 8: ...Router on a desk or other flat surface or you can mount it on a wall For optimal performance place your ADSL Wireless Broadband Router in the center of your office or your home in a location that is away from any potential source of interference such as a metal wall or microwave oven This location must be close to power and network connection 2 Setup LAN connection a Wired LAN connection connects ...

Page 9: ...to the USB printer port of this product 5 Power on Connecting the power cord to power inlet and turning the power switch on this product will automatically enter the self test phase When it is in the self test phase the indicators STATUS will be lighted ON for about 10 seconds and then STATUS will be flashed 3 times to indicate that the self test operation has finished Finally the STATUS will be c...

Page 10: ...ically that is via DHCP server of this product After installing the TCP IP communication protocol you can use the ping command to check if your computer has successfully connected to this product The following example shows the ping procedure for Windows 95 platforms First execute the ping command ping 192 168 123 254 If the following messages appear Pinging 192 168 123 254 with 32 bytes of data R...

Page 11: ... Printer 5 3 Configuring on Windows 2000 and XP Platforms It is not necessary to setup any program and the print server can work Step 1 Insert the installation CD ROM into the CD ROM drive The following window will be shown automatically If it isn t please run install exe on the CD ROM Step 2 Click on the INSTALL button Wait until the following Welcome dialog to appear and click on the Next button...

Page 12: ...r Step 4 When the following window is displayed click on the Finish button Select the item to restart the computer and then click the OK button to reboot your computer Step 4 After rebooting your computer the software installation procedure is finished Now you can configure the NAT Router refer to Chapter 4 and setup the Print Server refer to Chapter 5 ...

Page 13: ...ir r re e el l le e es s ss s s B B Br r ro o oa a ad d db b ba a an n nd d d R R Ro o ou u ut t te e er r r This product provides Web based configuration scheme that is configuring by your Web browser such as Netscape Communicator or Internet Explorer This approach can be adopted in any MS Windows Macintosh or UNIX based platforms ...

Page 14: ...ion is established you will see the web user interface of this product There are two appearances of web user interface for general users and for system administrator To log in as an administrator enter the system password the factory setting is admin in the System Password field and click on the Log in button If the password is correct the web appearance will be changed into administrator configur...

Page 15: ...de Ready Not ready Printing and Device error When a job is printing there may appear a Kill Job button on the Sidenote column You can click this button to kill current printing job manually C Statistics of WAN enables you to monitor inbound and outbound packets Notice For the WBR 3402B it can support both Annex B and U R2 ADSL line coding schemes The default setting is Annex B If your ISP used U R...

Page 16: ...16 4 3 Wizard Setup Wizard will guide you through a basic configuration procedure step by step Press Next ...

Page 17: ...17 Setup Wizard Select WAN Type For detail settings please refer to 4 4 1 primary setup 4 4 Basic Setting ...

Page 18: ...18 4 4 1 Primary Setup WAN Type Press Change ...

Page 19: ... WAN Type WAN connection type of your ISP You can click Change button to choose a correct one from the following five options A Ethernet Over ATM RFC 1483 Bridged without NAT B Ethernet Over ATM RFC 1483 Bridged with NAT C IP over ATM RFC 1483 Routed D Classical IP over ATM RFC 1577 E PPP over ATM RFC 2364 F PPP over Ethernet RFC 2516 3 Data Encapsulation Two data encapsulation type are supported ...

Page 20: ...settings WAN IPAddress WAN Subnet Mask WAN Gateway and Primary Secondary DNS These settings are also specified by your ISP VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate Once you finished the required configuration you must click on the Save button to save...

Page 21: ...IP Address Obtain an IP address from ISP automatically Host Name optional Required by some ISPs for example Home 1 Renew IP Forever this feature enables this product to renew your IP address automatically when the lease time is expiring even when the system is idle ...

Page 22: ...22 ...

Page 23: ...tatic mode you have to set the following WAN setting manually WAN IPAddress WAN Subnet Mask WAN Gateway and Primary Secondary DNS These settings are assigned by your ISP VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate Once you finished the required configur...

Page 24: ... settings from ISP s DHCP server If you select static mode you have to set the following WAN setting manually WAN IPAddress WAN Subnet Mask WAN Gateway and Primary Secondary DNS These settings are assigned by your ISP VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant ...

Page 25: ...25 button to save the configuration into Flash memory and the reboot this device 4 4 1 5 PPP over ATM RFC 2364 Press More ...

Page 26: ...ill automatically connect to ISP after system is restarted or connection is dropped VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate PPPoA Service Name Optional Input the service name if your ISP requires it Assigned IPAddress Optional Required by some ISPs ...

Page 27: ...ty disconnect to your PPPoE session You can also set it to zero or enable Auto reconnect to disable this feature If Auto reconnect is enabled this product will automatically connect to ISP after system is restarted or connection is dropped VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit ...

Page 28: ... 4 2 OAM Server In this page you can set the OAM feature for virtual channel First click on the Enable or Disable circle for the settings of OAM Function Activation De activation Loopback and Fault Management individually Then click on the Save button to finish the configuration of the selected session Once you set the appropriate OAM settings on virtual channel you can see the corresponding up to...

Page 29: ...29 4 4 3 DHCP Server Press More The settings of a TCP IP environment include host IP Subnet Mask Gateway and DNS configurations ...

Page 30: ...ows you to configure IP s lease time DHCP client 3 IP pool starting Address IP pool starting Address Whenever there is a request the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer You must specify the starting and ending address of the IP address pool 4 Domain Name Optional this information will be passed to the client 5 Primary DNS...

Page 31: ...m 11 Mbps wireless adapter 5 WEP Security Select the data privacy algorithm you want Enabling the security can protect your data while it is transferred from one station to another The standardized IEEE 802 11 WEP 128 or 64 bit is used here 6 WEP Key 1 2 3 4 When you enable the 128 or 64 bit WEP key security please select one WEP key to be used and input 26 or 10 hexdecimal 0 1 2 8 9 A B F digits ...

Page 32: ...32 4 4 5 Change Password You can change Password here We strongly recommend you to change the system password for security reason ...

Page 33: ...33 4 5 Forwarding Rules 4 5 1 Virtual Server ...

Page 34: ...ts to this port will be redirected to the computer specified by the Server IP Virtual Server can work with Scheduling Rules and give user more flexibility on Access control For Detail please refer to Scheduling Rule For example if you have an FTP server port 21 at 192 168 123 1 a Web server port 80 at 192 168 123 2 and a VPN server at 192 168 123 6 then you need to specify the following virtual se...

Page 35: ...m of Special Applications fails to make an application work try setting your computer as the DMZ host instead 1 Trigger the outbound port number issued by the application 2 Incoming Ports when the trigger packet is detected the inbound packets sent to the specified port numbers are allowed to pass through the firewall This product provides some predefined settings Select your application and click...

Page 36: ...to be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications NOTE This feature should be used only when needed Non standard FTP port You have to configure this item if you want to access an FTP server whose port number is not 21 This setting will be lost after rebooting ...

Page 37: ...37 4 6 Security Settings ...

Page 38: ... Servers or DMZ host only You can select one of the two filtering policies 1 Allow all to pass except those match the specified rules 2 Deny all to pass except those match the specified rules You can specify 8 rules for each direction inbound or outbound For each rule you can define the following Source IP address Source port address Destination IP address Destination port address Protocol TCP or ...

Page 39: ...work with Scheduling Rules and give user more flexibility on Access control For Detail please refer to Scheduling Rule Each rule can be enabled or disabled individually Inbound Filter To enable Inbound Packet Filter click the check box next to Enable in the Inbound Packet Filter field Suppose you have SMTP Server 25 POP Server 110 Web Server 80 FTP Server 21 and News Server 119 defined in Virtual ...

Page 40: ...d net news port 119 and transfer files via FTP port 21 Others are all allowed After Inbound Packet Filter setting is configured click the save button Outbound Filter To enable Outbound Packet Filter click the check box next to Enable in the Outbound Packet Filter field Example 1 ...

Page 41: ...ssary to resolve the domain name 192 168 123 10 192 168 123 20 They can do everything block nothing Others are all blocked Example 2 192 168 123 100 192 168 123 119 They can do everything except read net news port 119 and transfer files via FTP port 21 Others are allowed After Outbound Packet Filter setting is configured click the save button ...

Page 42: ...ion when someone accesses the specific URLs Privilege IPAddresses Range Setting a group of hosts and privilege these hosts to access network without restriction Domain Suffix A suffix of URL to be restricted For example com xxx com Action When someone is accessing the URL met the domain suffix what kind of action you want Check drop to block the access Check log to log these access Enable Check to...

Page 43: ...tion will be record in log file 2 URL include www sina com will not be blocked but the action will be record in log file 3 URL include www google com will be blocked but the action will not be record in log file 4 IP address X X X 1 X X X 20 can access network without restriction ...

Page 44: ...to input a keyword only In other words Domain filter can block specific website while URL Blocking can block hundreds of websites by simply a keyword URL Blocking Enable Checked if you want to enable URL Blocking URL If any part of the Website s URL matches the pre defined word the connection will be blocked For example you can use pre defined word sex to block all websites if their URLs contain p...

Page 45: ...on will be record in log file 2 URL include erotica will be blocked but the action will be record in log file 3 URL include girl will not be blocked but the action will be record in log file 4 URL include game will be blocked but the action will be record in log file ...

Page 46: ...this device If a client is denied to connect to this device it means the client can t access to the Internet either Choose allow or deny to allow or deny the clients whose MAC addresses are not in the Control table please see below to connect to this device Assosiation control Check Association control to enable the controling of which wireless client can associate to the wireless LAN If a client ...

Page 47: ... allow the corresponding client to connect to this device A When Association control is checked check A will allow the corresponding client to associate to the wireless LAN In this page we provide the following Combobox and button to help you to input the MAC address You can select a specific client in the DHCP clients Combobox and then click on the Copy to button to copy the MAC address of the cl...

Page 48: ...when you really need a security tunnel It is disabled for default Max number of tunnels item Since VPN greatly degrades network throughput the allowable maximum number of tunnels is limited Be careful to set the value for allowing the number of tunnels can be created simultaneously Its value ranges from 1 to 5 Tunnel name Indicate which tunnel that is focused now Method IPSec VPN supports two kind...

Page 49: ...ting of following items local subnet local netmask remote subnet remote netmask remote gateway and pre shared key The tunnel name is derived from previous page of VPN setting IKE proposal setup includes the setting of a set of frequent used IKE proposals and the selecting from the set of IKE proposals Similarly IPSec proposal setup includes the setting of a set of frequent used IPSec proposals and...

Page 50: ...ss of remote VPN gateway Pre shared key The first key that supports IKE mechanism of both VPN gateways for negotiating further security keys The pre shared key must be same for both end gateways Function of Buttons Select IKE proposal Click the button to setup a set of frequent used IKE proposals and select from the set of IKE proposals for the dedicated tunnel proposals for the dedicated tunnel S...

Page 51: ...ased on the value of Life Time Unit If the value of unit is second the value of life time represents the life time of dedicated VPN tunnel between both end gateways Its value ranges from 300 seconds to 172 800 seconds If the value of unit is KB the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways Its value ...

Page 52: ...es which IPSec proposal to be focused First char of the name with 0x00 value stands for the proposal is not available DH group There are three groups can be selected group 1 MODP768 group 2 MODP1024 group 5 MODP1536 But none also can be selected here for IPSec proposal Encapsulation protocol There are two protocols can be selected ESP and AH Encryption algorithm There are two algorithms can be sel...

Page 53: ... Its value ranges from 20 480 KBs to 2 147 483 647 KBs Life time unit There are two units can be selected second and KB Proposal ID The identifier of IPSec proposal can be chosen for adding the proposal to the dedicated tunnel There are total ten proposals can be set in the proposal pool At most only four proposals from the pool can be applied to the dedicated tunnel as shown in the proposal index...

Page 54: ...address is 0 0 0 0 any host can connect to this product to perform administration task You can use subnet mask bits nn notation to specified a group of trusted IP addresses For example 10 1 2 0 24 NOTE When Remote Administration is enabled the web server port will be shifted to 88 You can change web server port to other port too Administrator Time out The time of no activity to logout automaticall...

Page 55: ...55 4 7 Advanced Setting ...

Page 56: ...directly added to the calculated Target Noise margin It should be ranged between 3dB and 3dB with a granularity of 0 5 dB The default value is set to 0 dB no offset Max Bits per Tone The value of this parameter will limit the number of bits loaded in each upstream tone It should be ranged between 2 and 14 bits tone The default value is set to the ADSL maximum standard 14 bits tone Rx Gain Offset T...

Page 57: ...er allows user to reduce the Tx output power in the upstream direction The value should be ranged between 0 and 10 dBm Rx Output Power Offset This parameter allows user to reduce the Rx output power The value should be ranged between 0 and 10 dBm ...

Page 58: ...nd Time by NTP Protocol Time Server Select a NTP time server to consult UTC time Time Zone Select a time zone where this device locates Set Date and Time manually Selected if you want to Set Date and Time manually Function of Buttons Sync Now Synchronize system time with network time server ...

Page 59: ...k Enable to enable this function E mail Alert Enable Check if you want to enable Email alert send syslog via email SMTP Server IP and Port Input the SMTP server IP and port which are contacted with If you do not specify port number the default value is 25 For example mail your_url com or 192 168 1 100 26 Send E mail alert to The recipients who will receive these logs You can assign more than 1 rec...

Page 60: ...60 E mail Subject The subject of email alert This setting is optional ...

Page 61: ...f your host to your current IP address which changes each time you connect your Internet service provider Before you enable Dynamic DNS you need to register an account on one of these Dynamic DNS servers that we list in provider field To enable Dynamic DNS click the check box next to Enable in the DDNS field Next you can enter the appropriate information about your Dynamic DNS Server You have to d...

Page 62: ...62 Username E mail Password Key You will get this information when you register an account on a Dynamic DNS server Example After Dynamic DNS setting is configured click the save button ...

Page 63: ...lues and monitoring network events Enable SNMP You must check either Local or Remote or both to enable SNMP function If Local is checked this device will response request from LAN If Remote is checked this device will response request from WAN Get Community Setting the community of GetRequest your device will response Set Community Setting the community of SetRequest your device will accept Exampl...

Page 64: ...vice will response to SNMP client which s get community is set as public 2 This device will response to SNMP client which s set community is set as private 3 This device will response request from both LAN and WAN ...

Page 65: ...routing path and allow different subnets to communicate with each other Routing Table settings are settings used to setup the functions of static and dynamic routing RIP Enable Check to enable RIP function Static Routing For static routing you can specify up to 8 routing rules You can enter the destination IP address subnet mask gateway hop for each routing rule and then enable or disable the rule...

Page 66: ...2 168 3 88 it would use the above table to determine that it had to go via 192 168 1 33 a gateway And if it sends Packets to 192 168 5 77 will go via 192 168 1 55 Each rule can be enabled or disabled individually After routing table setting is configured click the save button ...

Page 67: ...de which service at what time will be turned on or off Select the enable item Press Add New Rule You can write a rule name and set which day and what time to schedule from Start Time to End Time The following example configure FTP time as everyday 14 10 to 16 20 ...

Page 68: ...68 ...

Page 69: ...the schedule rule Delete To delete the schedule rule and the rule of the rules behind the deleted one will decrease one automatically Schedule Rule can be apply to Virtual server and Packet Filter for example Exanple1 Virtual Server Apply Rule 1 ftp time everyday 14 10 to 16 20 ...

Page 70: ...70 Exanple2 Packet Filter Apply Rule 1 ftp time everyday 14 10 to 16 20 ...

Page 71: ...71 4 8 Toolbox ...

Page 72: ...72 4 8 1 View Log You can View system log by clicking the View Log button ...

Page 73: ...73 4 8 2 Firmware Upgrade You can upgrade firmware by clicking Firmware Upgrade button ...

Page 74: ...a bin file Once you want to restore these settings please click Firmware Upgrade button and use the bin file you saved 4 8 4 Reset to default You can also reset this product to factory default by clicking the Reset to default button 4 8 5 Reboot You can also reboot this product by clicking the Reboot button ...

Page 75: ...ure the target device must be Wake on LAN enabled and you have to know the MAC address of this device say 00 11 22 33 44 55 Clicking Wake up button will make the router to send the wake up frame to the target device immediately Domain Name or IP address for Ping Test Allow you to configure an IP and ping the device You can ping a specific IP to test whether it is alive ...

Page 76: ...ort please skip this chapter 5 1 Configuring on Windows 95 98 Platforms After you finished the software installation procedure described in Chapter 3 your computer has possessed the network printing facility provided by this product For convenience we call the printer connected to the printer port of this product as server printer On a Windows 95 98 platform open the Printers window in the My Comp...

Page 77: ...77 1 Find out the corresponding icon of your server printer for example the HP LaserJet 6L Click the mouse s right button on that icon and then select the Properties item ...

Page 78: ...o item Be sure that the Printer Driver item is configured to the correct driver of your server printer 4 Click on the button of Port Settings Type in the IP address of this product and then click the OK button 8 Make sure that all settings mentioned above are correct and then click the OK button ...

Page 79: ...cedure for a Windows NT platform is similar to that of Windows 95 98 except the screen of printer Properties Compared to the procedure in last section the selection of Details is equivalent to the selection of Ports and Port Settings is equivalent to Configure Port ...

Page 80: ...0 and XP Platforms Windows 2000 and XP have built in LPR client users could utilize this feature to Print You have to install your Printer Driver on LPT1 or other ports before you preceed the following sequence 1 Open Printers and Faxs ...

Page 81: ...81 2 Select Ports page Click Add Port 3 Select Standard TCP IP Port and then click New Port ...

Page 82: ...82 4 Click Next and then provide the following information Type address of server providing LPD that is our NAT device 192 168 123 254 4 Select Custom then click Settings ...

Page 83: ...83 6 Select LPR type lp lowercase letter in Queue Name And enable LPR Byte Counting Enabled ...

Page 84: ...84 7 Apply your settings ...

Page 85: ...nal configuration procedure on Unix platforms to setup the print server of this product The printer name is lp In X Windows for example In Redhat Platforms Please follow the below steps to configure your printer on Red Hat 9 0 1 Start from the Red Hat System Setting Printing ...

Page 86: ...86 2 Click Add Forward 3 Enter the Pinter Name Comments then forward ...

Page 87: ...87 4 Select LPD protocol and then forward 5 Enter the router LAN IP Address and the queue name lp Then forward ...

Page 88: ...88 6 Select the Printer Brand and Model Name Then Forward 7 Click Apply to finish setup ...

Page 89: ...u can manual set it or via the tool printtool in X windows PS The spool name is lp all lowercase letter Below is my setting etc printcap lp sd var spool lpd lp mx 0 sh rm 192 168 123 254 rp lp key point if var spool lpd lp filter Then add the corresponding directory mkdir var spool lpd lp Too see the detail please refer to the online manual in linux man printcap ...

Page 90: ... PC 1 First go to Printer center Printer list and add printer 2 Choose IP print and setup printer ip address router Lan ip address 3 Disable Default Queue of Server And fill in lp in Queue name item 4 Printer type Choose General ...

Page 91: ...ou have been successfully installed one network card on your personal computer If not please refer to your network card manual Moreover the Section B 2 tells you how to set TCP IP values for working with this NAT Router correctly A 1 Install TCP IP Protocol into Your PC 1 Click Start button and choose Settings then click Control Panel 2 Double click Network icon and select Configuration tab in the...

Page 92: ...s list And choose TCP IP in the Network Protocols Click OK button to return to Network window 6 The TCP IP protocol shall be listed in the Network window Click OK to complete the install procedure and restart your PC to enable the TCP IP protocol ...

Page 93: ...e Settings then click Control Panel 2 Double click Network icon Select the TCP IP line that has been associated to your network card in the Configuration tab of the Network window 3 Click Properties button to set the TCP IP protocol for this NAT Router 4 Now you have two setting methods ...

Page 94: ...94 a Select Obtain an IP address automatically in the IP Address tab b Don t input any value in the Gateway tab ...

Page 95: ...b B Configure IP manually a Select Specify an IP address in the IP Address tab The default IP address of this product is 192 168 123 254 So please use 192 168 123 xxx xxx is between 1 and 253 for IP Address field and 255 255 255 0 for Subnet Mask field ...

Page 96: ... address of this product default IP is 192 168 123 254 in the New gateway field and click Add button c In the DNS Configuration tab add the DNS values which are provided by the ISP into DNS Server Search Order field and click Add button ...

Page 97: ...et t tt t ti i in n ng g g g g gu u ui i id d de e e Example Win XP 2000 VPN Router Configuration on WIN 2000 is similar to XP 1 On Win 2000 XP click Start button select Run type secpol msc in the field then click Run Goto Local Security Policy Settings page 2 Or in Win XP Click Control Pannel Double click Performance and Maintenance ...

Page 98: ...98 Double click Administrative Tools ...

Page 99: ...99 Local Security Policy Settings Double click Local Security Policy ...

Page 100: ... Create IP Security Policy Click the Next button enter your policy s name Here it is to_vpn_router Then click Next Introduction Dis select the Activate the default response rule check box and click Next button Click Finish button make sure Edit check box is checked ...

Page 101: ...101 Build 2 Filter Lists xp router and router xp Filter List 1 xp router In the new policy s properties screen select Use Add Wizard check box and then click Add button to create a new rule ...

Page 102: ...102 click Add button ...

Page 103: ...103 Enter a name for example xp router and dis select Use Add Wizard check box Click Add button ...

Page 104: ...ecific IP Address and fill in IP Address 192 168 1 1 In the Destination address field select A specific IP Subnet fill in IP Address 192 168 123 0 and Subnet mask 255 255 255 0 If you want to select a protocol for your filter click Protocol page ...

Page 105: ...105 Click OK button Then click OK button on the IP Filter List page ...

Page 106: ...106 select Filter Action select Require Security then click Edit button ...

Page 107: ...107 select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button ...

Page 108: ...108 select Custom button ...

Page 109: ...109 Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button ...

Page 110: ...110 select Authentication Methods page click Add button ...

Page 111: ...elect Use this string to protect the key exchange preshared key and enter your preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Setting ...

Page 112: ...112 configure The tunnel endpoint is specified by this IP address 192 168 1 254 Select Connection Type ...

Page 113: ...113 select All network connections Tunnel 2 router xp In the new policy s properties page dis select Use Add Wizard check box and then click Add button to create a new rule ...

Page 114: ...114 click Add button ...

Page 115: ...115 Enter a name such as router xp and dis select Use Add Wizard check box Click Add button ...

Page 116: ...ecific IP Subnet fill in IP Address 192 168 123 0 and Subnet mask 255 255 255 0 In the Destination address field select A specific IP Address and fill in IP Address 192 168 1 1 If you want to select a protocol for your filter click Protocol page ...

Page 117: ...117 Click OK button Then click OK button on IP Filter List window ...

Page 118: ...118 select Filter Action tab select Require Security then click Edit button ...

Page 119: ...119 select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button ...

Page 120: ...120 select Custom button ...

Page 121: ...121 Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button ...

Page 122: ...122 select Authentication Methods page click Add button ...

Page 123: ...elect Use this string to protect the key exchange preshared key and enter the preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Setting ...

Page 124: ...124 Configure The tunnel endpoint is specified by this IP address 192 168 1 1 Select Connection Type ...

Page 125: ...125 select All network connections ...

Page 126: ...126 Configure IKE properties Select General Click Advanced ...

Page 127: ...127 enable Master key perfect forward security PFS configure Authenticate and generate a new key after every 10000 seconds click Methods click Add button ...

Page 128: ...e Integrity algorithm SHA1 Configure Encryption algorithm 3DES Configure Diffie Helman group Medium 2 Settings on VPN router VPN Router Wan IP address 192 168 1 254 Lan IP address 192 168 123 254 PC 192 168 123 123 ...

Page 129: ...129 VPN Settings VPN Enable Max number of tunnels 2 ID 1 Tunnel Name 1 Method IKE Press More ...

Page 130: ...0 VPN Settings Tunnel 1 IKE Tunnel 1 Local Subnet 192 168 123 0 Local Netmask 255 255 255 0 Remote Subnet 192 168 1 1 Remote Netmask 255 255 255 255 Remote Gateway 192 168 1 1 Preshare Key my preshare key ...

Page 131: ...131 VPN Settings Tunnel 1 Set IKE Proposal ID 1 Proposal Name 1 DH Group Group2 Encrypt Algorithm 3DES Auth Algorithm SHA1 Life Time 10000 Life Time Unit Sec ...

Page 132: ...ec Proposal ID 1 Proposal Name proposal1 DH Group Group2 Encap Protocol ESP Encrypt Algorithm DES Auth Algorithm MD5 Life Time 10000 Life Time Unit Sec User can view VPN connection process in System Log page and correct their settings ...

Page 133: ...d d di i ix x x C C C P P PP P PT T TP P P a a an n nd d d L L L2 2 2T T TP P P C C Co o on n nf f fi i ig g gu u ur r ra a at t ti i io o on n ns s s 1 First please go to the Network connection 2 Connect to network at my workplace ...

Page 134: ...134 3 Choose Virtual Private Network 4 Do not dial to initial connection ...

Page 135: ...135 5 Input the router wan ip address 6 Then ok please input username and password as you setup in the router ...

Page 136: ...136 7 Select the type of VPN ...

Page 137: ...g any pcs in the lan 192 168 123 x L2TP However the router is the also vpn l2tp server and supports three Authentication Protocols PAP CHAP and MSCPAP And the settings are similar with PPTP But MS operating systems like winxp win2000 will not find The type of vpn L2tp We can use this files disableipsec zip to enable it http support iglou com fom serve cache 473 html Then We will see L2tp IPSEC VPN...

Page 138: ...138 Then the steps refer to pptp settings ...

Page 139: ...er date 03 05 2003 PC2 Microsoft Windows XP Professional with Service Pack 1a Z Com XI 725 wireless LAN USB adapter Driver version 1 7 29 0 Driver date 10 20 2001 Authentication Server Windows 2000 RADIUS server with Service Pack 3 and HotFix Q313664 Note Windows 2000 RADIUS server only supports PEAP after upgrade to service pack 3 and HotFix Q313664 You can get more information from http support ...

Page 140: ... 2 Setup DUT 1 Enable the 802 1X check the Enable checkbox 2 Enter the RADIUS server IP 3 Enter the shared key The key shared by the RADIUS server and DUT 4 We will change 802 1X encryption key length to fit the variable test condition 3 1 3 Setup Network adapter on PC 1 Choose the IEEE802 1X as the authentication method Fig 2 Note Figure 2 is a setting picture of Windows XP without service pack 1...

Page 141: ...141 Figure 2 Enable IEEE 802 1X access control ...

Page 142: ...cess Point 3 Set authentication type of wireless client and RADIUS server both to EAP_TLS 4 Disable the wireless connection and enable again 5 The DUT will send the user s certificate to the RADIUS server and then send the message of authentication result to PC1 Fig 5 6 Windows XP will prompt that the authentication process is success or fail and end the authentication procedure Fig 6 7 Terminate ...

Page 143: ...143 Figure 4 Certificate information on PC1 Figure 5 Authenticating ...

Page 144: ... to PC2 5 Windows XP will prompt that the authentication process is success or fail and end the authentication procedure 6 Terminate the test steps when PC2 get dynamic IP and PING remote host successfully Support Type Amit supports the types of 802 1x Authentication PEAP CHAPv2 and PEAP TLS Note 1 PC1 is on Windows XP platform without Service Pack 1 2 PC2 is on Windows XP platform with Service Pa...

Page 145: ...tton about 5 seconds STATUS LED will start flashing about 5 times move away the hand The RESTORE process is completed TFTP Mode 1 Symptom STATUS LED flashes abnormally 1 STATUS LED flashes very quickly 2 STATUS LED flashes reciprocally We can check if the router works ok or not according to STATUS LED If Normal the STATUS LED flashes per second 2 Solution 1 First execute the execute file If the ro...

Page 146: ...p the same submask For example configure the PC IP address to 192 168 12 xxx 5 Click Upgrade Button and to upgrade the firmware smoothly 6 If successfully please use Reset Button reset to default the router If failed the program will ask to redo again from Step 2 ...

Reviews: