manualshive.com logo in svg

Allnet ALL1295VPN, User Manual

The Allnet ALL1295VPN is a high-performance networking device equipped with VPN capabilities, ensuring secure and efficient data transmission. To make the most of its features, you can easily access the comprehensive User Manual for free download on our website. Unlock the full potential of your ALL1295VPN now!

Share
Download
background image

 

 

 

 

 

 

Dual WAN Broadband 

VPN Router 

ALL1295VPN 

 

Broadband Internet Access 

4-Port Switching Hub 

2 WAN Ports 

 

 

 

 

 

 

 

 

 

User's Guide 

 

Summary of Contents for ALL1295VPN

Page 1: ...Dual WAN Broadband VPN Router ALL1295VPN Broadband Internet Access 4 Port Switching Hub 2 WAN Ports User s Guide ...

Page 2: ... 22 CHAPTER 4 PC CONFIGURATION 23 Overview 23 Windows Clients 23 Macintosh Clients 34 Linux Clients 34 Other Unix Systems 34 CHAPTER 5 OPERATION AND STATUS 35 Operation 35 Status Screen 35 Port Status 38 Event Log 39 URL Log 40 Syslog 41 CHAPTER 6 ADVANCED FEATURES 42 Overview 42 Address List 42 PC Database 44 URL Filter 46 Dynamic DNS 48 Routing 50 QoS 55 CHAPTER 7 SECURITY CONFIGURATION 57 Overv...

Page 3: ...120 Overview 120 Diagnostics 121 Password Screen 123 Web Management 125 Firmware Upgrade 127 Backup Restore 128 APPENDIX A TROUBLESHOOTING 130 Overview 130 General Problems 130 Internet Access 130 APPENDIX B SPECIFICATIONS 132 Dual WAN Broadband VPN Router 132 FCC Statement 132 CE Marking Warning 133 P N 956YH10030 Copyright 2007 All Rights Reserved Document Version 1 0 All trademarks and trade na...

Page 4: ...carefully designed to provide sophisticated functions while being easy to use Internet Access Features Shared Internet Access All users on the LAN or WLAN can access the Internet through the Dual WAN Broadband VPN Router using only a single external IP Address The local invalid IP Addresses are hidden from external sources This process is called NAT Network Address Translation Dual WAN Support Dua...

Page 5: ... been made VPN Pass through Support PCs with VPN Virtual Private Networking software using PPTP L2TP and IPSec are transparently supported no configuration is required QoS Support Quality of Service can be used to handle packets so that more important connections receive priority over less important one LAN Features 4 Port Switching Hub The Dual WAN Broadband VPN Router incorporates a 4 port 10 10...

Page 6: ...that Internet access becomes unavailable The Dual WAN Broadband VPN Router incorporates protection against DoS attacks Rule based Policy Firewall To provide additional protection against malicious pack ets you can define your own firewall rules This can also be used to control the Internet services available to LAN users IPSec VPN Gateway Features IPSec Support for IPSec standards including IKE an...

Page 7: ...Broadband VPN Gateway User Guide CD ROM containing the on line manual If any of the above items are damaged or missing please contact your dealer immediately 4 ...

Page 8: ...here If your modem came with a cable use the supplied cable Otherwise use a standard LAN cable LAN Each port has 2 LEDs Link Act On Corresponding LAN hub port is active Off No active connection on the corresponding LAN hub port Flashing Data is being transmitted or received via the corre sponding LAN hub port 100 On Corresponding LAN hub port is using 100BaseT Off Corresponding LAN hub port connec...

Page 9: ...andard LAN cable Console Port Use the supplied cable to connect the router to a terminal or PC Reset Button This button has two 2 functions Reboot When pressed and released the Dual WAN Broadband VPN Router will reboot restart Clear All Data This button can also be used to clear ALL data and restore ALL settings to the factory default values To Clear All Data and restore the factory default values...

Page 10: ...on Site Select a suitable place on the network to install the Dual WAN Broadband VPN Router Ensure the Dual WAN Broadband VPN Router and the DSL Cable modem are powered OFF 2 Connect LAN Cables Use standard LAN cables to connect PCs to the Switching Hub ports on the Dual WAN Broadband VPN Router Both 10BaseT and 100BaseT connections can be used simulta neously If required you can connect any LAN p...

Page 11: ...supplied power adapter to the Dual WAN Broadband VPN Router and power up Use only the power adapter provided Using a different one may cause hardware damage 5 Check the LEDs The Power LED should be ON The Status LED should blink during start up then turn Off If it stays on there is a hard ware error For each LAN PC connection the LAN Link Act LED should be ON provided the PC is also ON The WAN1 or...

Page 12: ...and VPN Router you wish to use Use the table below to locate detailed instructions for the required functions To Do this Refer to Configure PCs on your LAN Chapter 4 PC Configuration Check Dual WAN Broadband VPN Router operation and Status Chapter 5 Operation and Status Use any of the following Internet features WAN Port Advanced Setup Dynamic DNS Virtual Servers Options Chapter 6 Internet Feature...

Page 13: ...TP server This enables you to con nect to it and configure it using your Web Browser Your Browser must support JavaScript The configuration program has been tested on the following browsers Netscape V4 08 or later Internet Explorer V4 or later Preparation Before attempting to configure the Dual WAN Broadband VPN Router please ensure that Your PC can establish a physical connection to the Dual WAN ...

Page 14: ...Broadband VPN Router as in this example which uses the Dual WAN Broadband VPN Router s de fault IP Address HTTP 192 168 0 1 If you can t connect If the Dual WAN Broadband VPN Router does not respond check the following The Dual WAN Broadband VPN Router is properly installed LAN connection is OK and it is powered ON You can test the connection by using the Ping command Open the MS DOS window or com...

Page 15: ...Enter admin for the User Name and password for the Password These are the default values Both the name and password can and should be changed using the Admin Login screen Once you have changed either the name or the password you must use the current values 12 ...

Page 16: ...Setup Home Screen After logging you will see the Home screen When you connect in future you will see this screen when you connect An example screen is shown below Figure 6 Home Screen 13 ...

Page 17: ...Use the menu bar on the left of the screen and the Back button on your Browser for navigation Changing to another screen without clicking Save does NOT save any changes you may have made You must Save before changing screens or your data will be ignored 14 ...

Page 18: ...his option is selected you must enter the data in the Static IP Settings section Dynamic IP This is the default and the most common Leave this selected if your ISP allocates an IP Address to the Dual WAN Broadband VPN Router upon connection PPPoE This is the most common login method widely used with DSL modems Normally your ISP will have provided some software to connect and login This software is...

Page 19: ...lly there is no need to change the default name but if your ISP requests that you use a particular Hostname enter it here DNS DNS 1 Enter the IP address of the DNS Domain Name Server you wish to use DNS 2 DNS 2 will be used if the DNS 1 is not available Buttons Save Save your changes to the Dual WAN Broadband VPN Router Cancel Reverse any changes made since the last Save 16 ...

Page 20: ...there is no need to change the default name but if your ISP requests that you use a particular Hostname enter it here Domain Name If your ISP provided a domain name enter it here Otherwise this may be left blank MAC Address Also called Network Adapter Address or Physical Address This is a low level identifier as seen from the WAN port Normally there is no need to change this but some ISPs require ...

Page 21: ...r the time period specified by the Discon nect after Idling Disconnect After Idling This field has no effect unless using the Automatic Dial up setting If using this setting enter the desired idle time out period in min utes After the connection to your ISP has been idle for this time period the connection will be terminated Bind Service IPSec Pass Through IPSec protocol is used to establish a sec...

Page 22: ...adband VPN Router is attached the same value as the PCs on that LAN segment DHCP Server If Enabled the Dual WAN Broadband VPN Router will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The default and recommended value is Enabled If you are already using a DHCP Server this setting must be Disabled and the existing DHCP server must be re configured to treat the Dual WAN Br...

Page 23: ...Broadband VPN Gateway User Guide Cancel The Cancel button will discard any data you have entered and reload the file from the Dual WAN Broadband VPN Router 20 ...

Page 24: ... VPN Router s DHCP Server This is the default setting The DHCP Server settings are on the LAN screen On this screen you can Enable or Disable the Dual WAN Broadband VPN Router s DHCP Server function Set the range of IP Addresses allocated to PCs by the DHCP Server function You can assign Fixed IP Addresses to some devices while using DHCP provided that the Fixed IP Addresses are NOT within the ran...

Page 25: ...r WAN 1 then choose Backup for WAN 2 2 If Load Balance is selected for WAN 1 then choose Load Bal ance for WAN 2 3 If Backup is selected for WAN 1 then choose Enable for WAN 2 Rule Balancing Mode has 2 options Bandwidth If selected enter the desired values of WAN1 and WAN2 Bandwidth Connection Enter the percentage in the Primary Port Proportion field Exceptions Set up Local IP Range Remote IP Rang...

Page 26: ...TCP IP Settings Overview If using the default Dual WAN Broadband VPN Router settings and the default Windows TCP IP settings no changes need to be made By default the Dual WAN Broadband VPN Router will act as a DHCP Server automati cally providing a suitable IP Address and related information to each PC when the PC boots For all non Server versions of Windows the default TCP IP setting is to act a...

Page 27: ...e 12 IP Address Win 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting Using this is recommended By default the Dual WAN Broadband VPN Router will act as a DHCP Server Restart your PC to ensure it obtains an IP Address from the Dual WAN Broadband VPN Router Using Specify an IP A...

Page 28: ...ministrator can advise you of the IP Address they assigned to the Dual WAN Broadband VPN Router Figure 13 Gateway Tab Win 95 98 On the DNS Configuration tab ensure Enable DNS is selected If the DNS Server Search Order list is empty enter the DNS address provided by your ISP in the fields beside the Add button then click Add Figure 14 DNS Tab Win 95 98 25 ...

Page 29: ...0 1 Select Control Panel Network and on the Protocols tab select the TCP IP protocol as shown below Figure 15 Windows NT4 0 TCP IP 2 Click the Properties button to see a screen like the one below Figure 16 Windows NT4 0 IP Address 3 Select the network card for your LAN 26 ...

Page 30: ...r before making the following changes 1 The Default Gateway must be set to the IP address of the Dual WAN Broadband VPN Router To set this Click the Advanced button on the screen above On the following screen click the Add button in the Gateways panel and enter the Dual WAN Broadband VPN Router s IP address as shown in Figure 17 below If necessary use the Up button to make the Dual WAN Broadband V...

Page 31: ...Broadband VPN Gateway User Guide Figure 18 Windows NT4 0 DNS 28 ...

Page 32: ...t click the Local Area Connection icon and select Properties You should see a screen like the following Figure 19 Network Configuration Win 2000 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Figure 20 TCP IP Properties Win 2000 29 ...

Page 33: ... from the Dual WAN Broadband VPN Router Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter the Dual WAN Broadband VPN Router s IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the Dual WAN Broadband VPN Rout...

Page 34: ...ection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following Figure 21 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following 31 ...

Page 35: ...IP Address from the Dual WAN Broadband VPN Router Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes In the Default gateway field enter the Dual WAN Broadband VPN Router s IP address and click OK Your LAN administrator can advise you of the IP Address they assigned to the Dual WAN Broadban...

Page 36: ...tions 2 Select Set up or change your Internet Connection 3 Select the Connection tab and click the Setup button 4 Cancel the pop up Location Information screen 5 Click Next on the New Connection Wizard screen 6 Select Connect to the Internet and click Next 7 Select Set up my connection manually and click Next 8 Check Connect using a broadband connection that is always on and click Next 9 Click Fin...

Page 37: ...mpting any changes Fixed IP Address By default most Unix installations use a fixed IP Address If you wish to continue using a fixed IP Address make the following changes to your configuration Set your Default Gateway to the IP Address of the Dual WAN Broadband VPN Router Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to y...

Page 38: ...y to specify which PC receives an incoming connection Refer to Chapter 6 Internet Features for fur ther details Applications which use non standard connections or port numbers may be blocked by the Dual WAN Broadband VPN Router s built in firewall You can define such applications as Special Applications to allow them to function normally Refer to Chapter 6 Internet Features for further details Som...

Page 39: ...Broadband VPN Gateway User Guide Figure 23 General Status Screen 36 ...

Page 40: ...dress The IP Address of the Dual WAN Broadband VPN Router Subnet Mask The Subnet Mask for the IP Address above MAC Address Also called Network Adapter Address or Physical Address DHCP Server This shows the status of the DHCP Server function For additional information about the PCs on your LAN and the IP addresses allocated to them use the PC Database option on the Advanced menu DHCP Clients This s...

Page 41: ...splay the usage of the CPU and Memory in a sub window Port Status Click the Port Status button on the Status Log menu An example screen is shown below Figure 24 Port Status Screen Data Port Status Screen Port Status Network Throughput The picture shows the current network throughput Buttons Refresh Update the data on screen Send Network Log Click this button will send the log to the specified E ma...

Page 42: ...nt Log Screen Data Event Log Screen Event Log Time It displays the time when the event occurred Event It describes the details of the event Host It displays the IP Address of the server Buttons Refresh Update the data shown on screen Clear Delete all data currently in the Log 39 ...

Page 43: ...elow Figure 26 URL Log Data URL Log Internet Time It displays the time when the log occurred Event It describes the details of the event PC It displays the IP Address of the PC Buttons Refresh Update the data shown on screen Clear Delete all data currently in the Log 40 ...

Page 44: ...rch Type Select the desired options of search type Click the Search button to see the logs in the following log table Time It displays the time when the system log occurred Event It describes the details of the event Data Packet Description It displays the type source and destination address of the packet 41 ...

Page 45: ...and VPN Router s Advanced Features Overview The following advanced features are provided Address List PC Database URL Filter Dynamic DNS Routing QoS Address List Click the Address List on the Advanced menu to access the screen An example screen is shown below Figure 28 Address List Screen 42 ...

Page 46: ...o select deselect all the entries in the list Delete Button Use this button to delete the selected address list entry Address List Name Enter the name of the address list Range 1 4 Enter the IP Address range You can set up to 4 ranges for each ad dress list Add Button Click this button to add the new address list in the list Modify Button Click this to modify the selected address list 43 ...

Page 47: ...e automatically added to the database and updated as required By default non Server versions of Windows act as DHCP Clients this setting is called Obtain an IP Address automatically The Dual WAN Broadband VPN Router uses the Hardware Address to identify each PC not the name or IP address The Hardware Address can only change if you change the PC s network card or adapter This system means you do NO...

Page 48: ...ect it and click the Edit button Delete Delete the selected PC from the list This should be done in 2 situa tions The PC has been removed from your LAN The entry is incorrect Add This will add the new PC to the list The PC will be sent a ping to determine its hardware address If the PC is not available not con nected or not powered On you will not be able to add it Refresh Update the data on scree...

Page 49: ... not entered any values this list will be empty URL Filter Rule List Select the desired rule from the list URL Filter Rule Name After the URL Filter Rule is selected enter the desired name in this field Click Edit button to modify the setting Add Key Words To add an entry to the list enter it here and click the Add button An entry may be a Domain name e g www trash com or simply a string e g ads A...

Page 50: ...ted entry or all entries as required Multiple entries can be selected by holding down the CTRL key while selecting On the Macintosh hold the SHIFT key while selecting Add Use this to add the current Filter String to the site list Modify Rule Click the Modify Rule button to edit an existing rule 47 ...

Page 51: ...DDNS Service providers 2 After registration follow the Service Provider s procedure to request a Domain Name and have it allocated to you 3 Enter your DDNS data on the Dual WAN Broadband VPN Router s DDNS screen shown below 4 The Dual WAN Broadband VPN Router will then automatically ensure that your current IP Address is recorded and updated at the DDNS server If the DDNS Service provides software...

Page 52: ... by the DDNS Server Normally this message should be something like Update successful or IP address updated If the message indicates some problem you need to connect to the DDNS Service provider and correct this problem User Name Enter your Username for the DDNS Service Password Enter your current password for the DDNS Service Domain Name Enter the domain name allocated to you by the DDNS Service I...

Page 53: ...outers If using Windows 2000 Data center Server as a software Router enable RIP on the Dual WAN Broadband VPN Router and ensure the following Windows 2000 settings are cor rect Open Routing and Remote Access In the console tree select Routing and Remote Access server name IP Routing RIP In the Details pane right click the interface you want to configure for RIP version 2 and then click Properties ...

Page 54: ...ed option from the drop down list Static Routing Static Routing Table Entries This list shows all entries in the Routing Table The Properties area shows details of the selected item in the list Change any the properties as required then click the Update Route button to save the changes to the selected entry 51 ...

Page 55: ... Update Route Update the current Static Routing Table entry using the data shown in the Properties area on screen Delete Route Delete the current Static Routing Table entry Clear Clear all data from the Properties area ready for input of a new entry for the Static Routing table Routing Table Generate a read only list of all entries in the Static Routing table Configuring Other Routers on your LAN ...

Page 56: ... must forward packets to another router before reaching the Dual WAN Broadband VPN Router s local router the Gateway IP Address is the address of the inter mediate router Static Routing Example Figure 33 Routing Example For the Dual WAN Broadband VPN Router s Routing Table For the LAN shown above with 2 routers and 3 LAN segments the Dual WAN Broadband VPN Router requires 2 entries as follows Entr...

Page 57: ...te Destination IP Address 0 0 0 0 Network Mask 0 0 0 0 Gateway IP Address 192 168 0 1 Dual WAN Broadband VPN Router s IP Address Interface LAN For Router B s Default Route Destination IP Address 0 0 0 0 Network Mask 0 0 0 0 Gateway IP Address 192 168 1 80 Dual WAN Broadband VPN Router s local router Interface LAN 54 ...

Page 58: ... to high priority service Figure 34 QoS Screen Data QoS Screen QoS Setting QoS Method Select the desired option Nonuse Classic QoS WAN Throughput Enter the desired data for WAN1 WAN2 limit in and limit out Traffic Balance If enabled enter the required data in the re 55 ...

Page 59: ...eneric QoS WAN Throughput Enter the desired data for WAN1 WAN2 limit in and limit out Traffic Balance If enabled enter the required data in the re lated fields Rule Name It displays the name for the rule Type It displays the type of the rule Limit In Out Reverse In Out It displays the values for the inbound and outbound traffic limitation Enable Check this to enable this rule Edit Add Button Click...

Page 60: ...ll always block DoS Denial of Service attacks A DoS attack does not attempt to steal data or damage your PCs but overloads your Internet connection so you can not use it the service is unavailable As well you can use this screen to create Firewall rules to block or allow specific traffic But incorrect configuration may cause serious problems This feature is for advanced administrators only Rules S...

Page 61: ...lting screen See the following section for more details Edit To Edit or modify an existing rule select it and click the Edit button Move There are 2 ways to change the order of rules Use the up and down indicators on the right to move the selected rule You must confirm your changes by clicking OK If you change your mind before clicking OK click Cancel to reverse your changes Click Move to directly...

Page 62: ...will display a screen like the example below Figure 36 Define Firewall Rule Data Define Firewall Rule Screen Name Enter a suitable name for this rule Port Select the desired port as required Type This determines the source and destination ports for traffic covered by this rule Select the desired option 59 ...

Page 63: ... this rule Single IP Address Enter the required IP address in the IP address field Address List If this option is selected choose the required option Services Select the desired Service or Services This determines which packets are covered by this rule based on the protocol TPC or UDP and port number If necessary you can define a new Service on the Services screen by defining the protocols and por...

Page 64: ...will be performed Schedules Screen This screen is accessed by the Schedules link on the Firewall menu Figure 37 Schedules Screen Data Schedule Screen Schedule Enter the name of the schedule Day Each day of the week can be scheduled independently Time Interval 1 Time Interval 2 Two 2 separate sessions or periods can be defined Session 2 can be left blank if not required Begin Enter the start using ...

Page 65: ... in the Dual WAN Broadband VPN Router log data can also be E mailed to your PC or sent to a Syslog Server Figure 38 Log Screen Data Log Screen Log Log Contents Select the desired option s if needed Speed Enter the desired time for the interval Delete Redundant Log If enabled it will delete the redundant log Time Zone Time Zone Select the correct Time Zone for your location This is required for the...

Page 66: ...d Time Server Second Server Name IP Address This is optional Syslog Enable Syslog If enabled log data will be sent to your system log Server Syslog Server Enter the IP address of your System Log Server Include Select the logs you wish to be included in the data sent to the System Log Server 63 ...

Page 67: ...n Available Services Available Services This lists all defined Services Delete Button Use this to delete the selected Service from the list Note that you can only delete Services you have added the pre defined services can not be deleted Add New Service Name Enter a suitable name for this Service Type Select the correct type for this Service Start Port If the Type above is TCP UDP or TCP UDP enter...

Page 68: ...Security Configuration field End Port If the Type above is TCP UDP or TCP UDP this field can be used to enter the end of range of port numbers This can be left blank if not required 65 ...

Page 69: ...ewall Echo ICMP on WAN Port The ICMP protocol is used by the ping and trace route programs and by network monitoring and diagnostic programs If checked the Dual WAN Broadband VPN Router will respond to ICMP packets received from the Internet If not checked ICMP packets from the Internet will be ignored Disabling this option provides a slight increase in security 66 ...

Page 70: ... Maximum Con nections per PC Enter the maximum value for the connections of each PC Maximum Appli cations per host Enter the maximum value for the applications of each host SYN rate limit to Set the value to control the speed of the internet Network Opiti mize There are 2 options to set the priority Connection may be released after idling for The connection is automatically disconnected when idle ...

Page 71: ...isplays the IP address allocated to you by your ISP Enter the LAN IP to be the DMZ PC for traffic sent to this IP address If you have multiple Internet IP addresses you can assign one DMZ PC for each Internet IP address If you only have 1 WAN IP address only DMZ 1 can be used and only one 1 PC can be the DMZ PC The current WAN IP address is displayed If this address is assigned upon connection and...

Page 72: ... certain applica tion If enabled an E Mail will be sent immediately if an application reaches 90 of its limited capacity Send E Mail alert when a PC s If enabled an E Mail will be sent immediately if the PC s con nection reaches 90 of its limitation E Mail Log Use E Mail to send log If enabled logs will be logs to the specified E mail address You need to select the Logs to be E mailed and complete...

Page 73: ... is full before the time specified to send it it will be sent regardless E mail Address Enter the E mail address the Log is to be sent to The E mail will also show this address as the Sender s address Subject Enter the text string to be shown in the Subject field for the E mail SMTP Server Enter the domain name or IP address of the SMTP Simple Mail Transport Protocol Server you use for outgoing E ...

Page 74: ...es endpoints Each IPsec VPN has two SAs one in each direction If IKE Internet Key Exchange is used to generate and exchange keys there are also SA s for the IKE connection as well as the IPsec connection There are two security modes possible with IPSec Transport Mode the payload data part of the packet is encapsulated through encryp tion but the IP header remains in the clear unchanged The Dual WA...

Page 75: ...he same remote site However you should only Enable one 1 policy at a time If multiple policies for the same remote site are enabled the policies are examined in the order in which they are listed and the first matching policy will be used While it is possible to change the order of the policies it may not be easy to get the desired action from multiple policies VPN Configuration The general rule i...

Page 76: ...n since it is not acting as a VPN endpoint Client PC to VPN Gateway Figure 44 Client PC to VPN Server In this situation the PC must run appropriate VPN client software in order to connect via the Internet to the Dual WAN Broadband VPN Router Once connected the client PC has the same access to LAN resources as PCs on the local LAN unless restricted by the network administrator IPsec is not the only...

Page 77: ... each endpoint gain secure access to the remote LAN The 2 LANs MUST use different IP address ranges The VPN Policies at each end determine when a VPN tunnel will be established and what systems on the remote LAN can be accessed once the VPN connection is established It is possible to have simultaneous VPN connections to many remote sites 74 ...

Page 78: ...ant if you have more than one policy for a particular site In that case the first matching policy for the traffic under consideration will be used Data Policies Screen VPN List Policy Name The name of the policy When creating a policy you should select a suitable name Enable This indicates whether or not the policy is currently enabled Use the Enable Disable button to toggle the state of the selec...

Page 79: ...If you change your mind before clicking OK click Cancel to reverse your changes Click Move to directly specify a new location for the selected policy Enable Disable Use this to toggle the On Off state of the selected policy Copy If you wish to create a policy which is similar to an existing policy select the policy and click the Copy button Remember that the new policy must have a different name a...

Page 80: ...Microsoft VPN Adding a New Policy To create a new VPN Policy click the Add New Policy button on the Policies screen Figure 47 VPN Wizard Start Screen 77 ...

Page 81: ...se only incoming connections are possible Fixed IP Select this if the remote endpoint has a fixed Internet IP address If selected enter the Internet IP address of the re mote endpoint Domain Name Select this if the remote endpoint has a Do main Name associated with it If selected enter the Domain Name of the remote endpoint Local IP Address Any no additional data is required Any IP address is acce...

Page 82: ...sent through the VPN tunnel Generally you will want to enable both Encryption and Authentication Authentication Algorithm The 3DES algorithm provides greater security than DES but is slower If using AES you must select the Key Size If using DES or 3DES this field is ignored ESP Authentication Generally you should enable ESP Authentication There is little difference between the available algorithms...

Page 83: ...se the same setting The In key here must match the Out key on the remote VPN and the Out key here must match the In key on the remote VPN Keys can be in ASCII or Hex 0 9 and A F For MD5 the keys should be 32 hex 16 ASCII characters For SHA 1 the keys should be 40 hex 20 ASCII characters ESP SPI This is required if either ESP Encryption or ESP Authentica tion is enabled Each SPI Security Parameter ...

Page 84: ...ature requires that both VPN endpoints have valid Certificates issued by a CA Certification Authority For Pre shared key enter the same key value in both end points The key should be at least 8 characters maximum is 128 characters Note that this key is used for the IKE SA only The keys used for the IPsec SA are automatically generated Encryption Select the desired method and ensure the remote VPN ...

Page 85: ...security by changing the IPsec key at regular intervals and ensuring that each key has no relationship to the previous key Thus breaking 1 key will not assist in breaking the next key This setting should match the remote endpoint IPSec PFS Select the desired option from the drop down list 82 ...

Page 86: ...y 1 Name does not affect operation Select a mean ingful name Remote Endpoint 205 17 11 43 202 11 13 211 Other endpoint s WAN Internet IP address Local IP addresses Any Any Use a more restrictive definition if possible Remote IP addresses 192 168 1 1 to 192 168 1 254 192 168 0 1 to 192 168 0 254 Address range on other endpoint Use a more restrictive definition if possible Key Exchange IKE IKE Must ...

Page 87: ...in Mode Must match DH Group Group 1 768 bit Group 1 768 bit Must match IKE SA Life time 28800 28800 Does not have to match Shorter period will be used IKE PFS Disable Disable Must match IPSec SA Parameters IPSec SA Life time 28800 28800 Does not have to match Shorter period will be used IPSec PFS Disabled Disabled Must match AH authentication Disabled Disabled AH is rarely used ESP authentication ...

Page 88: ...IP address Local IP addresses Subnet address 192 168 0 0 255 255 255 0 Allows access to entire LAN Use a more restrictive definition if possible Remote IP addresses 172 16 9 10 For a single client this address is the same as the endpoint address Key Exchange IKE Must match client PC IKE SA Parameters IKE Direction Both ways Using Responder only is not possible Local Identity IP address Required Re...

Page 89: ...hentication Enable MD5 Must match client PC ESP encryption Enable DES Must match client PC Windows Client Configuration 1 Select Start Programs Administrative Tools Local Security Policy 2 Right click IP Security Policy on Local Machine and select Create IP Security Policy Figure 50 Windows 2000 XP Local Security Settings 3 Click Next then enter a policy name for example DUT To Win2K then click Ne...

Page 90: ...are in use Two 2 rules are required incoming and outgoing The outgoing rule will be added first 6 Deselect the Use Add Wizard checkbox then click Add to view the screen below Figure 52 IP Filter List 7 Type To DUT for the name then click Add to see a screen like the following 87 ...

Page 91: ...P address is My IP address and the Destination IP address is the address range used on the remote LAN Ensure the Mirrored option is checked 9 Click OK to save your settings and close this dialog Figure 54 New Rule Properties IP Filter List 10 On the resulting screen above ensure the To DUT filter is selected then click the Filter Action tab to see a screen like the following 88 ...

Page 92: ...le Properties Filter Action 11 Select Require Security then click the Edit button to view the Require Security Proper ties screen Figure 56 Require Security Properties 12 Select Negotiate security this selects IKE then click Add 89 ...

Page 93: ...urity Properties screen 0 Figure 58 Require Security Properties 14 Ensure the following settings are correct then click OK to return to the Filter Action tab of the Edit Rule Properties screen VPN Setting Windows Setting IKE enabled Negotiate security AH disabled AH Integrity None ESP encryption Enable DES ESP Confidentially DES ESP authentication Enable MD5 ESP Integrity MD5 90 ...

Page 94: ...w Figure 59 Tunnel Setting 16 Click the Authentication Methods tab then click the Edit to see the screen like the example below Figure 60 Authentication Method 17 Select Use this string to protect the key exchange preshared key then enter your pre shared key in the field provided 18 Click OK to save your changes and return to the Authentication Methods tab of the Edit Rule Properties screen 91 ...

Page 95: ...0 To add the second incoming rule click Add For the name enter To Win2K then click Add Figure 62 Windows 2000 XP Client to Dual WAN Broadband VPN Router 21 Enter the Source IP address and the Destination IP address as shown below Since this is the incoming filter the Source IP address is the address range used on the remote LAN and the Destination IP address is My IP address Ensure the Mirrored op...

Page 96: ...Microsoft VPN Figure 63 Filter Properties Addressing 22 Click OK to save your changes then Close Figure 64 Filter List 23 Ensure the To Win2K filter is selected then click the Filter Action tab 93 ...

Page 97: ...ter Action 24 Select Require Security then click Edit On the Require Security Methods screen below select Negotiate security Figure 66 Security Methods 25 Click the Add button On the resulting Modify Security Method screen below select High ESP 94 ...

Page 98: ...en click OK again to return to the Filter Action screen 27 Select the Tunnel Setting tab and enter the WAN Internet IP address of this PC 172 16 9 10 in this example Figure 68 Tunnel Setting 28 Select the Authentication Methods tab and click the Edit button to see the screen below 95 ...

Page 99: ...tect the key exchange preshared key then enter your pre shared key in the field provided 30 Click OK to save your settings then Close to return to the DUT to Win2K Properties screen There should now be 2 IP Filers listed as shown below Figure 70 DUT to Win2K Properties 31 Select the General tab 96 ...

Page 100: ...Microsoft VPN Figure 71 Properties General Tab 32 Click the Advanced button to see the screen below Figure 72 Key Exchange Settings 33 Click the Methods button to see the screen below 97 ...

Page 101: ... 35 Select SHA1 for Integrity Algorithm 3DES for Encryption algorithm and Low 1 for the Diffie Hellman Group 36 Click OK to save then OK again and then Close to return to the Local Security Settings screen 37 Right click the DUT to Win2K Policy and select Assign to make your policy active Figure 75 Windows 2000 XP Client to Dual WAN Broadband VPN Router Configuration is now complete 98 ...

Page 102: ...l WAN Broadband VPN Router to Windows 2000 Server Dual WAN Broadband VPN Router Configuration This is the same as for the client setup earlier with the exception of the IP address range for the remote endpoint Setting Single Client Server Gateway Remote IP addresses 172 16 9 10 For a single client this is the same as the Gateway address Subnet address 11 5 0 0 255 255 0 0 Address range used on the...

Page 103: ...th IP Filters the Filter Properties Addressing should be completed as follows Figure 77 Windows 2000 Server Addressing The Source Address should be set to A specific IP Subnet and the IP address and Subnet mask set to the address range used on the Dual WAN Broadband VPN Router s LAN The Destination Address should be set to A specific IP Subnet and the IP address and Subnet mask set to the address ...

Page 104: ...t Name is always the company or person to whom the Certificate is issued For trusted certificates this will be a CA CA Issuer The CA Certification Authority which issued the Certificate Expiration Time The date on which the Certificate expires You should renew the Certificate before it expires Delete button Use this button to delete a Trusted Certificate Select the checkbox in the Delete column fo...

Page 105: ... VPN Router 6 Click Back to return to the Trusted Certificate list The new Certificate will appear in the list Private Certificate Figure 80 Private Certificate Screen Data Private Certificate Screen Private Certificate Name The name you assigned to this Certificate You should select a name which helps to identify this particular certificate Subject The company or person to whom the Certificate is...

Page 106: ... obtain the Certificate you can manually delete the request by using the Delete button Delete Button Use this to delete the selected certificate request Upload Button After you have received a Certificate use this to upload the certifi cate to the Broadband VPN Router You must select the correct certificate request so the Broadband VPN Router can correctly match the request and the certificate New...

Page 107: ...esired option Normally 1024 bits provides adequate security IP address Enter your public Internet IP address Domain Name This is optional If you have a domain name enter it here E mail This is optional If you have permanent E mail address enter it here 3 Click Next to continue to the following screen Figure 82 Private Certificate Request 2 4 Check that the data displayed in the Certificate Details...

Page 108: ...w Figure 83 Upload Private Certificate 9 Upload the Certificate Click the Browse button and locate the certificate file on your PC Select the file The name will appear in the Certificate Document field Click the Upload button to upload the certificate file to the Dual WAN Broadband VPN Router Click Back to return to the Private Certificates screen The new Certificate will ap pear in the Active Sel...

Page 109: ...he Dual WAN Broadband VPN Router Click Back to return to the CRL list The new CRL will appear in the list 5 Use the Delete button to delete the previous now outdated CRL VPN Status This screen lists all VPN SAs Security Association which exist at the current time If no VPN tunnels exist at the current time the table will be empty To update the display click the Refresh button If using IKE there is...

Page 110: ...ecified by user input If using IKE the SPI is generated by the IKE negotiation process Type Each SAs Security Association will be either IKE or IPSec VPN The IP address of the remote VPN Endpoint Data Transmission Measures the quantity of data which has been sent Transmitted via this SA Buttons Refresh Update the data shown on screen Check Log Open a new window and view the contents of the VPN log...

Page 111: ...sing Microsoft VPN provides easier setup than using IPSec VPN The following Microsoft VPN configuration screens are provided VPN Adapter Users Status Server Setup The Dual WAN Broadband VPN Router incorporates a PPTP Peer to Peer Tunneling Proto col server which is compatible with the VPN Adapter provided with recent versions of Microsoft Windows Remote Windows clients are able to connect to this ...

Page 112: ... authentication methods The methods are listed with the most secure first least secure last If multiple methods are checked the most secure will be tried first If the remote client does not support this then the other checked methods are tried in order You must enable at least one method User To login to the PPTP Server above using the Microsoft Windows VPN Adapter remote users must be entered in ...

Page 113: ...n they connect The name must not contain spaces punctuation or special characters Login Password Enter the login password The remote user must provide this password when they connect Confirm Pass word Re enter the password above Button Clear Form Use this to prepare the form for a new entry Any existing data will be cleared Add New User Use this to save the data in the Properties area as a new ent...

Page 114: ...Screen Status Log Status This indicates whether or not the PPTP VPN Server is enabled Current Connec tions This indicates the number of remote clients currently logged into the PPTP VPN Server Service Log Service Log This displays details of each connection or connection attempt You can use the Clear button to re start the log making new messages easier to read 111 ...

Page 115: ...figured as described in the following sections It is assumed that remote users have a Broadband not dial up connection to the Internet Windows 98 ME 1 Click Start Settings Dial up Networking 2 Select Make New Connection Figure 90 Windows ME VPN Adapter 3 Type a name for this connection and ensure that Microsoft VPN Adapter is selected Click Next to continue Figure 91 Windows ME VPN Remote Host 4 E...

Page 116: ...setting This is the default Internet connection on the Dialing tab Do NOT enable this setting if using Dial up or PPPoE client software Windows ME VPN Dialing Properties To establish a connection 1 Ensure you are connected to the Internet 2 Select Start Settings Dial up Networking 3 Double click the new VPN entry in Dial up Networking 4 Enter your User name and Password as recorded in the Client d...

Page 117: ...ows 2000 Network Connection 2 Select the VPN option Connect to a private network through the Internet as shown above and click Next Figure 93 Windows 2000 Public Network 3 On the screen above Select Do not dial the initial connection if Internet access is via the LAN If using a PPPoE software client select Automatically dial this initial connection and select the PPPoE connection Click Next to con...

Page 118: ...Domain Name or Internet IP address of the Dual WAN Broadband VPN Router you wish to connect to Click Next to continue Figure 95 Windows 2000 Connection Availability 5 Choose whether to allow this connection for everyone or only for yourself as required Click Next to continue 115 ...

Page 119: ...atabase on the Dual WAN Broadband VPN Router 3 You can choose to have Windows remember the password if desired so you do not have to enter it again Changing the connection settings The PPTP VPN Server in the Dual WAN Broadband VPN Router is designed to work with the default Windows settings If necessary you can change the Windows settings by right clicking the VPN connection in Network Connections...

Page 120: ...tings Network Connections and start the New Connection Wizard Figure 97 Windows XP Network Connection Type 2 Select the option Connect to the network at my workplace as shown above and click Next Figure 98 Windows XP Network Connection 3 On the next screen shown above select the Virtual Private Network connection option Click Next to continue 117 ...

Page 121: ...ws XP Connection Name 4 Enter a suitable name for this connection Click Next to continue Figure 100 Windows XP Public Network 5 On the screen above select Do not dial the initial connection Click Next to continue Figure 101 Windows XP VPN Server 118 ...

Page 122: ...n be prompted for the username and password Enter the username and password assigned to you as recorded in the VPN client database on the Dual WAN Broadband VPN Router 3 You can choose to have Windows remember the password if desired so you do not have to enter it again Changing the connection settings The PPTP VPN Server in the Dual WAN Broadband VPN Router is designed to work with the default Wi...

Page 123: ...ions for advanced users The screens available are Diagnostics Ping DNS Lookup Password Only required if your LAN has other Routers or Gateways Web Manage ment This feature allows you to manage the Dual WAN Broadband VPN Router via the Internet Firmware Up grade The firmware software in the Dual WAN Broadband VPN Router can be upgraded using your Web Browser Backup Restore Backup or restore the con...

Page 124: ...ernet Note that if the address is on the Internet and no connection currently exists you could get a Timeout error In that case wait a few seconds and try again Ping Button After entering the IP address click this button to start the Ping procedure The results will be displayed in the Ping Result pane DNS Lookup Domain Name URL Enter the Domain name or URL for which you want a DNS Domain Name Serv...

Page 125: ...Broadband VPN Gateway User Guide Search Button After entering the Domain name URL click this button to start the DNS Search procedure The results will be displayed in the DNS Search Result pane 122 ...

Page 126: ...st Login It displays the last login time and the IP Address Edit Button Click this button to modify the user settings User Name Enter the desired User Name New Password Enter the new password here Confirm Pass word Re enter the new password here Read Write View Check these functions as required Once you have assigned a password to the Dual WAN Broadband VPN Router on the Pass word screen above you...

Page 127: ...Broadband VPN Gateway User Guide Figure 105 Password Dialog Leave the User Name blank Enter the password for the Dual WAN Broadband VPN Router as set on the Password screen above 124 ...

Page 128: ...management connection attempts from the Internet IP Address To manage this device via the Internet you need to know the IP Address of this device as seen from the Internet This IP Address is allocated by your ISP and is shown here if you are currently con nected to the Internet But if using a Dynamic IP Address this value can change each time you connect to your ISP There are 2 solutions to this p...

Page 129: ... not checked IP Address Range Only the PCs in the selected IP address range will be allowed This PC Only Only the specified IP address is allowed If selected you must enter an IP address in the field provided To connect from a remote PC via the Internet 1 Ensure your Internet connection is established and start your Web Browser 2 In the Address bar enter HTTPS followed by the Internet IP Address o...

Page 130: ...ct this file Start to Upgrade Click this button to start the Firmware upgrade Note than any users accessing the Internet via the Dual WAN Broadband VPN Router will lose their connection When the upgrade is finished the Dual WAN Broadband VPN Router will restart and this management connection will be unavailable during the restart Cancel Cancel does NOT stop the Upgrade process if it has started It...

Page 131: ...settings will be deleted An example Backup Restore screen is shown below Figure 108 Backup Restore File Screen Data Backup Restore Screen Backup Use this to download a copy of the current configuration and store the file on your PC Click Backup to start the download Restore This allows you to restore a previously saved configuration file back to the Dual WAN Broadband VPN Router Click Browse to se...

Page 132: ...Configu ration Enable the Restore the default language if required Clicking the Factory Defaults button will reset the Dual WAN Broadband VPN Router to its factory default settings WARNING This will delete ALL of the existing settings 129 ...

Page 133: ...it If your PC uses a Fixed Static IP address ensure that it is using an IP Address within the range 192 168 0 2 to 192 168 0 254 and thus com patible with the Dual WAN Broadband VPN Router s default IP Address of 192 168 0 1 Also the Network Mask should be set to 255 255 255 0 to match the Dual WAN Broadband VPN Router In Windows you can check these settings by using Control Panel Network to check...

Page 134: ...AN Broadband VPN Router Solution 2 The Dual WAN Broadband VPN Router processes the data passing through it so it is not transparent Use the Special Applications feature to allow the use of Internet applications which do not function correctly If this does solve the problem you can use the DMZ function This should work with almost every application but It is a security risk since the firewall is di...

Page 135: ...uctions may cause harmful interference to radio communica tions However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient o...

Page 136: ...ons 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter CE Marking Warning CE Standards This product complies with the 99 5 EEC directives including the following safety and EMC stand...

Page 137: ... conformity to the above directive is indicated by the CE sign on the device The ALLNET ALL1295VPN Dual WAN Broadband VPN Router conforms to the Euro pean Directives 89 336 EEC This equipment meets the following conformance standards EN 55022 2006 Class B EN 61000 3 2 2000 A2 2005 EN 61000 3 3 1995 A1 2001 EN 55024 1998 A1 2001 A2 2003 This equipment is intended to be operated in all countries Thi...

Reviews:

No comments

Related manuals for ALL1295VPN

Verizon Jetpack MiFi 4510L User Manual preview
Jetpack MiFi 4510L
Brand: Verizon Pages: 88
Quantenna QBox610 Installation Manual preview
QBox610
Brand: Quantenna Pages: 9
Zonet ZSR4124WE Quick Installation Manual preview
ZSR4124WE
Brand: Zonet Pages: 9
H3C WA6120X Installation Manual preview
WA6120X
Brand: H3C Pages: 33
GSD WC5FM2601F User Manual preview
WC5FM2601F
Brand: GSD Pages: 5
Abramtek E3 User Manual preview
E3
Brand: Abramtek Pages: 8
Linksys WAP51AB - Instant Wireless - Access Point Specifications preview
WAP51AB - Instant Wireless - Access Point
Brand: Linksys Pages: 2
Advantech WLAN-9100 Manual preview
WLAN-9100
Brand: Advantech Pages: 46
Link electronics 802.11g User Manual preview
802.11g
Brand: Link electronics Pages: 34
Grandstream Networks GWN7605 Quick Installation Manual preview
GWN7605
Brand: Grandstream Networks Pages: 29
Luxul XAP-1210 Quick Install Manual preview
XAP-1210
Brand: Luxul Pages: 12
Kingbird KB3050 User Manual preview
KB3050
Brand: Kingbird Pages: 9
Ebyte E10-915MS30 User Manual preview
E10-915MS30
Brand: Ebyte Pages: 13
Xclaim Xi-3 Quick Setup Manual preview
Xi-3
Brand: Xclaim Pages: 3
Xclaim Xi-1 Quick Setup Manual preview
Xi-1
Brand: Xclaim Pages: 3
WURM CAN-APM Manual preview
CAN-APM
Brand: WURM Pages: 4
Costway IRONMAX TL31495 Owner'S Manual preview
IRONMAX TL31495
Brand: Costway Pages: 10
K-Mate BTT012 User Manual preview
BTT012
Brand: K-Mate Pages: 19

Brands by name

Popular brands

Load more brands