manualshive.com logo in svg

BaseWall Dual WAN VPN Firewall VPN 2000, Руководство пользователя, Страница: 48 / 76

Поделиться
Скачать
BaseWall Dual WAN VPN Firewall VPN 2000 Скачать руководство пользователя страница 48

 
 

 

BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 

  

48

Key management 
 

 

Key – Key Type: 

there are two key types (manual key and auto key) available for the key 

exchange management. 

 

 

Manual Key: 

If manual key is selected, no key negotiation is needed.  

 

 

AutoKey (IKE)- 

There are two types of operation modes can be used. 

 

 

Main mode 

accomplishes a phase one IKE exchange by establishing a secure channel. 

 

 

Aggressive Mode 

is another way of accomplishing a phase one exchange. It is faster and simpler 

than main mode, but does not provide identity protection for the negotiating nodes. 

 

 

Perfect Forward Secrecy 

(PFS) – If PFS is enable, IKE phase 2 negotiation will generate  new key 

material for IP traffic encryption & authentication. Preshared Key – This field is to authenticate the 
remote IKE peer.  

 

 

Key Lifetime- 

This is specified the lifetime of the IKE generated Key. If the time expires or data is 

passed over this volumn, a new key will be renegotiated, By default, 0 is for no limit. 

 

 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Содержание Dual WAN VPN Firewall VPN 2000

Страница 1: ...Dual WAN VPN FirewallVPN 3000 User s Guide Version 1 0 Date 1 July 2005 Please check www basewall com for the latest version Basewall 2005 ...

Страница 2: ...ONFIGURATION 24 Host IP 24 Routing 26 Virtual Server 28 Special Application 32 Dynamic DNS 33 Multi DMZ 35 UPnP Setup 36 NAT Setting 37 Advanced Feature 38 6 SECURITY MANAGEMENT 40 Block URL 40 Access Filter 41 Session Limit 42 SysFilter Exception 43 7 VPN Configuration 44 Tunnel to BaseWall Unit 45 Tunnel to BaseWall client 45 Advanced settings 46 IPSec policy options 49 VPN preset 50 SA List 51 ...

Страница 3: ...SPECIFICATIONS 66 APPENDIX B WINDOWS TCP IP SETUP 67 Overview 67 TCP IP Settings 69 APPENDIX C TROUBLESHOOTING 74 Overview 73 General Problems 73 Internet Access 73 APPENDIX D IPSEC TUNNEL EXAMPLES 74 Tunnel to basewall Unit 74 Copyright BaseWall 2005 All Rights Reserved Document Version 1 4 All trademarks and trade names are the properties of their respective owners ...

Страница 4: ...ion as a loadbalancer or as failover Shared Broadband Internet Access All LAN users can access the Internet through the Dual WAN VPN Firewall by sharing one from the two Broadband modems and connections High Performance multi ADSL Modem Support The Dual WAN VPN Firewall has two WAN ports allowing the connection of up to two broadband modems at the same time This can provide a greater increase in b...

Страница 5: ...ltiple DMZ A DMZ PC will receive incoming connection requests which would otherwise be blocked For each IP address allocated by your ISP a separate DMZ PC can be specified So if your ISP has given you multiple IP addresses you can have multiple DMZ PCs Each DMZ PC has unrestricted 2 way Internet access providing the ability to run programs that are otherwise incompatible with NAT routers like the ...

Страница 6: ...d protection is provided to prevent unauthorized users from modifying the configuration data and settings HTTP Firmware Upgrade and backup The web management feature allows you to use HTTP upgrade new firmware and backup system configuration from local or even from remote site As long as you enable Remote upgrade and Remote web based setup from Advanced feature web page Email Alert It will send a ...

Страница 7: ...l Operation Status System Packets Blinking Normal Operation ON OFF Error Blinking Packets Active ON OFF No Packet Ethernet Green ON 100M Linked Yellow ON 10M Linked Blinking Data Transmit Receive OFF No Linked Ethernet Ports and Reset Bottom Ethernet Ports WAN ports 2 connected to Modem here LAN ports the other ports which are connected to PC or Hub Note You can use a normal LAN cable connecting t...

Страница 8: ... LED Action Condition Status System Packets flash alternatively Firmware Download in progress Status System Packets flash concurrently MAC address not assigned Status System Solid Off Packets Solid On SDRAM error Status System Solid Off Packets Flash once Timer Interrupt error Status System Solid Off Packets Flash twice LAN WAN error ...

Страница 9: ...rewall is unfit for use and you wish to restore it by uploading new firmware you should use the following procedure 1 Power on the Dual WAN VPN Firewall 2 Use the supplied Windows utility or a TFTP client program applies the new firmware If you are using the supplied Windows TFTP program the screen will look like the following example Figure 1 4 Windows TFTP utility Enter the name of the firmware ...

Страница 10: ... perform three 3 other operations Save the current configuration settings to your PC use the Save Configuration button Restore a previously saved configuration file to the Dual WAN VPN Firewall use the Upgrade Firmware button Set the Dual WAN VPN Firewall to its default values use the Set to Default button ...

Страница 11: ...nnectors TCP IP network protocol must be installed on all PCs Procedure 1 Configuring the Dual WAN VPN Firewall for your LAN 1 Use a standard LAN cable to connect your PC to any LAN port 3 16 on the Dual WAN VPN Firewall Default 2 WAN ports from port 1 2 2 Connect the power cord into a power outlet on the rear panel of Dual WAN VPN Firewall 3 Start your PC If your PC is already running restart it ...

Страница 12: ... Password Fields Figure 2 2 Home Screen Admin Setup No Response Is your PC using a Fixed IP address If so you must configure your PC to use an IP address within the range 192 168 1 2 to 192 168 1 254 with a Network Mask of 255 255 255 0 See Appendix B Windows TCP IP Setup for details Check that the Dual WAN VPN Firewall is properly installed LAN connection is OK and it is powered ON ...

Страница 13: ... the Dual WAN VPN Firewall must be disabled This setting is on the LAN DHCP screen Your DHCP Server must be configured to provide the Dual WAN VPN Firewall LAN IP address as the Default Gateway Your DHCP Server must provide correct DNS addresses to the PCs 10 Ensure these settings are suitable for your LAN 11 The default settings are suitable for many situations 12 See the following table for deta...

Страница 14: ...00BaseT connections can be used simultaneously If you need to connect the Dual WAN VPN Firewall to another Hub just use a standard LAN cable to connect any LAN port on the Dual WAN VPN Firewall to a standard port on another hub Any LAN port on the Dual WAN VPN Firewall will automatically act as an Uplink port when required If a device is set to 2 WAN ports from port 1 to 2 the others are LAN ports...

Страница 15: ...lation LAN DHCP Select LAN DHCP from the menu You will see a screen like the example below Figure 3 1 LAN DHCP Ensure these settings are suitable for your LAN The default settings are suitable for many situations See the following table for details of each setting ...

Страница 16: ...g a DHCP Server the DHCP Server setting must be disabled and the existing DHCP server must be set to provide the IP address of the VPN Dual WAN VPN Firewall as the Default Gateway Client Lease Time It is a certain period of time that a DHCP server leases an IP address to a DHCP client DHCP IP address range Offered Range fields set the values used by the DHCP server when allocating IP Addresses to ...

Страница 17: ...allocated the following information is shown Name The hostname of the PC In some cases this may not be known MAC Address The physical address network adapter address of the PC IP Address The IP address allocated to this PC Type Indicates IP address to be dynamic or static Status If leased the IP address was allocated by this DHCP Server Time Left The time left before the lease expires ...

Страница 18: ...E software This software is no longer required and should not be used when this method is selected you must complete the PPPoE dialup fields Note If using the PPTP connection method select Static IP or Dynamic IP as appropriate according to the IP address method used by your ISP Address Info This is for Static IP users only Enter the address information provided by your ISP If your ISP provided mu...

Страница 19: ...ured by Packets Sessions established Traffic is measured by Sessions IP Address Traffic is measured by IP Address Loading Share on WAN 1 Enter the percentage of traffic to be sent over WAN 1 If one WAN port connection has greater bandwidth than the other the one with the greater bandwidth should be given a higher percentage of traffic than the other NAT statistics This section displays the current...

Страница 20: ...ox or gateway of WAN interface if Alive Indicator input box is left blank Alive Indicator This is the IP address used to check if the WAN connection is operating The Dual WAN VPN Firewall will contact this system to check if the WAN connection is working Change this address if you wish Default is the gateway IP Note This is not used for PPPoE connections MTU The Maximum Transmission Unit is used w...

Страница 21: ...ng Traffic from bridge hosts eg transparent to wan1 can go thru alternative wan eg wan2 interface when bind interface eg wan1 is down it s acting like a fail over mechanism for transparent bridge mode Load Balancing Traffic from bridge hosts eg transparent to wan1 can go thru either wan eg wan1 or wan2 interface based on loading mechanism specified in the load balance section it s acting like as a...

Страница 22: ...vides multiple floating real IP for PPPoE Each WAN port can have up to 8 PPPoE sessions with different IP address if your WAN port is using PPPoE connection PPPoE Session MTU The Maximum Transfer Unit for PPPoE packet data Leave it as default unless the ISP provides different PPPoE packets data size The default value of MTU is 1492 bytes WAN IP Account User Name Enter the PPPoE user name assigned ...

Страница 23: ...ount User Name The PPTP user name login name assigned by your ISP Password The PPTP password associated with the User Name above This is assigned by your ISP and used to login to the PPTP Server Verify Password Re enter the PPTP password assigned by your ISP Server IP Address Enter the IP address of the PPTP Server as provided by your ISP Static IP Adress If you have a fixed IP address enter it he...

Страница 24: ...eature to apply the same Block URL settings to all PCs You wish to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this Obtain an IP address automatically while gaining the benefits of a fixed IP address The PC s IP address will never change so it can be provided to other people and applications Host IP Host Network Identity Host net...

Страница 25: ...ort now you are selecting Strict Binding If WAN1 port is disconnected your packets cannot go out through other WAN port if it is still alive If you are selecting Loose Binding then when WAN1 port is disconnected your packets will automatically go to other WAN port if it is alive Select WAN Port Select PPPoE session If the setting above is Enable select the desired Port and Session Otherwise ignore...

Страница 26: ...ries in the Routing table with an Index of zero 0 these are System entries You cannot modify or delete these entries Dynamic routing RIP v2 This acts as a master switch If enabled the selected WAN or LAN will run RIPv1 v2 otherwise they don t have RIP function Interface LAN WAN1 n is enabled any WAN or LAN can execute RIP function Static routing Network Address The network address of the remote LA...

Страница 27: ...Dual WAN VPN Firewall so that they can be forwarded to the Internet This is done by configuring other Routers to use the Dual WAN VPN Firewallas the Default Route or Default Gateway as illustrated by the example below Static Routing example Router B 192 168 2 90 192 168 3 70 Router A Segment 0 Segment 2 Segment 1 192 168 1 xx 192 168 2 xx 192 168 1 100 192 168 1 1 192 168 3 xx 192 168 2 80 The Dua...

Страница 28: ...face LAN Metric 3 Virtual Server This feature allows you to make Servers on your LAN accessible to Internet users Normally Internet users would not be able to access a server on your LAN because Your Server s IP address is only valid on your LAN not on the Internet Attempts to connect to devices on your LAN are blocked by the firewall in the Dual WAN VPN Firewall The Virtual Server feature solves ...

Страница 29: ...rvers They must use the Dual WAN VPN Firewall Internet IP Address the IP Address allocated by your ISP e g http 205 20 45 34 ftp 205 20 45 34 To Internet users all virtual Servers on your LAN have the same IP Address This IP Address is allocated by your ISP This address should be static rather than dynamic to make it easier for Internet users to connect to your Servers However you can use the Dyna...

Страница 30: ...s See the Host IP section earlier in this Chapter for details on reserving an IP address Each Host server must be running the appropriate Server software WAN This selection allows this server to bind on any WAN ports or even bind all WAN ports together LAN Port Range Enter the range of port number used for outgoing traffic from this Server If only a single port is required enter it in both fields ...

Страница 31: ...ade to the current entry Cancel Cancel any changes you have made since the last save operation Virtual Server List This table shows the details of all Custom Virtual Servers configuration data which have been defined You can modify their configuration data by mouse clicking some row ...

Страница 32: ... this Special Application Outgoing Protocol Select the protocol used by this application when sending data to the remote server or PC Outgoing Port Range Enter the beginning and end of the range of port numbers used by the application server for data you send If the application uses a single port number enter it in both fields Incoming Protocol Select the protocol used by this application when rec...

Страница 33: ...connect to your Virtual Servers using a URL rather than an IP Address This also solves the problem of having a dynamic IP address With a dynamic IP address your IP address may change whenever you connect to your ISP which makes it difficult to connect to you You must register for the Dynamic DNS service The Dual WAN VPN Firewall supports 3 types of service providers Standard client available at ht...

Страница 34: ...ina This is available in China It is similar to DynDNS User Defined DDNS Server This is the user defined DDNS server If the DDNS other than TZO dyndns org and 3322 Additional settings These options are available if using the standard client Enable Wildcard If selected traffic sent to sub domains of your Domain name will also be forwarded to you Enable backup MX If enabled you must enter the Mail E...

Страница 35: ...isable the DMZ setting as required WAN there is 1 WAN port Its connection type may change based on your WAN connection type Static DHCP PPPoE Name Enter a name to assist you to remember this setting This name has no effect on the operation Private IP Address LAN Enter the IP address of the PC you wish to associate with this WAN port IP address This IP address should be fixed or reserved See the Ho...

Страница 36: ...and services UPnP Option If Enable UPnP then this device will become one of the entire local network You can find out there is an icon shown on the network neighborhood on the Window XP Every time you add a new service with port mapping The new service will appear on the mapping list UPnP Port Mapping List UPnP is enable this table shows the details of all Custom Virtual Servers configuration data...

Страница 37: ...f some packets whose port number cannot be translated for special applications you must set state to Enable and input value in port range Or its port cannot be translated in the specified time period you must set Enable and some seconds in Timeout NAT alias For each alias entry the WAN IP acts as an alias IP of the host with Local LAN IP to Internet via the specified WAN port for the specified pro...

Страница 38: ...d to ICMP requests received from the WAN port If Checked the selected packet types are blocked Otherwise they are accepted DNS Loopback When you have some servers on LAN and their domain names have already been registered on public DNS To avoid DNS loop back problem please enter the following fields Domain Name Enter the domain name specified by you for local server Private IP Enter the private IP...

Страница 39: ...ress of source which packets are sent from Destination IP IP address of destination which packets are sent to Subnet Mask With subnet mask other than 255 255 255 255 you can make an IP sub network as your destination Protocol Select protocol type used by the traffic you wish to configure Port Range Enter the beginning and end of the port range used by the traffic you wish to configure If only a si...

Страница 40: ...ss Group This allows you to have different blocking rules for different Groups of PCs All PCs users are in the Default Group unless moved to another group on the Host IP screen If you want the same restrictions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen If you wish to apply different restrictions on different Groups sele...

Страница 41: ...to another group on the Host IP screen Access Group This allows you have different access rights for different Groups of PCs If you want the same restrictions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen If you wish to apply different restrictions on different Groups select the desired Group The screen will update data for...

Страница 42: ... is counted in the sampling time to check Default is 400 mil sec Maximum total of new sessions The maximum total number of new sessions in the system which is acceptable in the sampling time Any new incoming sessions will be dropped after the number of new sessions exceeds it Default 65535 session sec Maximum new Sessions for Host The maximum number of new sessions from the host which is acceptabl...

Страница 43: ...ect LAN any WAN port or ALL interfaces which a packet comes from Protocol The packet type which will be directly processed from above interface by this device Foreign Port Range Enter the beginning and end of the foreign port range used by the traffic you wish to configure If only a single port is used enter the port number in both fields Device Port Range Enter the beginning and end of the device...

Страница 44: ... When planning your VPN you must make following choices first 1 If the remote end is network the two endpoint network must have different LAN IP address ranges If the remote endpoint is a single PC running a VPN client its destination address must be a single IP address with subnet mask of 255 255 255 255 2 Will you be using the Internet Key Exchange IKE setup or Manual Keying in which you must sp...

Страница 45: ...the hosts of which can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN LAN to LAN connection Remote Security Network These entries identify the private network on the remote peer VPN router whose hosts can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN connection Remote Se...

Страница 46: ...fy the private network on this VPN router the hosts of which can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN LAN to LAN connection Distinguished name remote client Use for example an email address pete BaseWall com Preshared key Choose a shared secret for this entry this must be the same on both units Action Connect this button wil...

Страница 47: ...DES 3DES AES Phase 1 Authentication Method There are two authentication available MD5 and SHA1 Secure Hash Algorithm Phase 1 SA Life Time By default the Security Association lifetime is 3600 Sec Force Deletion after Expiry Once SA get expired tunnel will be removed and related resources will be released to the system Security level Encryption Method It specifies the encryption mechanism to use Dat...

Страница 48: ...hannel Aggressive Mode is another way of accomplishing a phase one exchange It is faster and simpler than main mode but does not provide identity protection for the negotiating nodes Perfect Forward Secrecy PFS If PFS is enable IKE phase 2 negotiation will generate new key material for IP traffic encryption authentication Preshared Key This field is to authenticate the remote IKE peer Key Lifetime...

Страница 49: ... and detected Anti Replay It ensures to keep track of IP packet level security in order Passive mode This means that your PC establishes the data connection If you enable passive mode Check ESP Pad If enable ESP Encapsulating Security Payload it will check ESP padding Allow Full ECN Enable will allow full Explicit Congestion Notification ECN ECN is a standard proposed by the IETF that will cut dow...

Страница 50: ...ssage in VPN log once it is expired Retry Interval It is the time period between two consecutive retries Maxtime to complete Phase 1 It indicates the maximum time allowed to be negotiated in Phase 1 If it expired it s recommended to increase the Maxtime period or reduce DH group level Default value is 30 sec Maxtime to complete Phase 2 It indicates the maximum time allowed to be negotiated in Phas...

Страница 51: ... 2491004 Fax 31 74 2593934 51 VPN Configuration SA List VPN configuration SA list The list will display the details of all Policy Setup configuration data that you have setup You can modify it by mouse clicking each row ...

Страница 52: ...en from VPN IKE Global Setting web page Message Status Time It indicates when this message is created using the system time Priority It indicates the severity level of a message for analysis Undefined messages Module Which module is responsible for this message to be sent in IPSec architecture Messages this displays some information that describes what event happened ...

Страница 53: ...l allow users enable QoS function Queuing Method The methods that how you manage your queue Priority Queuing is one of the first queuing variations to be widely implemented IP TOS Type of Service Feature Process TOS Field An 8 bit field in the IP Packet header designed to contain values indicating how each packet should be handled in the network If you choose enable it will enable this function to...

Страница 54: ...ng variations to be wildly implemented IP TOS Process TOS Field An 8 bits field in the IP packet header designed to contain values indicating how each packet should be handled in the network Enable will enable this function to process IP Type of Service field Overwrite policy priority Choose yes to set the priority of TOS field in IP packet to overwrite the priority defined in policy configuration...

Страница 55: ...rce address of packets here It has two types like IPaddress or MAC address If you select IP address you can define IP address range otherwise define up to four MAC addresses Destination Address Define the destination address of packets here The explanation is as the same as above Protocol Type The field defines traffic packet type i e IP TCP and UDP Source Port Define the source port of packets he...

Страница 56: ... desired password re enter it in the Verify Password field then save it When you connect to the Load Balancer with your Browser you will be prompted for the password when you connect as shown below Enter Admin for the User Name Enter the password for the Dual WAN VPN Firewall as set on the Admin Password screen above ...

Страница 57: ...ail server a warning email will be sent to If the setting is enabled this is the address we here the email alert will be send to For example mail domain com Email SMTP server user name This is the user name of the email sender for authentication optional Email SMTP server password This is the user password Email Recipient Address This is the email recipient address ex admin yourdomain com When if ...

Страница 58: ...If you have SNMP software you can use a standard MIB 2 file with the VPN 3000 System Information Contact Person The name of the person responsible for this device Device name The name of Dual WAN VPN Firewall Physical Location The location of the Dual WAN VPN Firewall Community It is a relationship between a SNMP agent and a set of SNMP managers that defines authentication access control and proxy...

Страница 59: ...3 syslog servers can be used Enable You can enable or disable each server temporarily Port If your syslog does not use the default port change it Log Priority for modules The messages are grouped into 8 priority levels from Emergency to Debug The lower level it is the fewer messages it will generate Emergency is the lowest priority level and Debug is the highest one So set priority to Debug will s...

Страница 60: ...up your system configuration by press save button of Save System Configuration It will save the system configuration for you Notice You have to refresh the browser after you saved the system configuration file You also can do firmware upgrade by input the correct password and the file name of your firmware Remember do not Reset or Restart the device while update new firmware because it may cause s...

Страница 61: ...utton will perform a DHCP Renew transaction with the ISP s DHCP server This will extend the period for which the current WAN IP address is allocated to you IP Address The IP address of the Dual WAN VPN Firewall as seen from the Internet This IP Address is allocated by the ISP Internet Service Provider Subnet Mask The Network Mask Subnet Mask for the IP Address above Gateway the default gateway tha...

Страница 62: ...his will display either Connected or Not Connected Default Loading Share The default traffic loading between the WAN ports Current Loading Share The current traffic loading between the WAN ports Current Loading The number of sessions Bytes and Packets currently being processed on each port Current Bandwidth The current Download and Upload speeds on each WAN port Check NAT Detail will display the N...

Страница 63: ...ent timeout values for TCP and UDP connections TCP Prosperity This displays the MSS Maximum Segment Size and Maximum Windows size for TCP packets NAT Traffic This section displays statistics for both outgoing LAN to Internet and incoming Internet to local traffic NAT Connections This displays the current number of active connections For further details click the View Connection list button Errors ...

Страница 64: ...ure either Enable or Disable DMZ Status of the DMZ feature either Enabled or Disabled Block URL Status of the Block URL feature either Enabled or Disabled Hardware ID The manufacturers ID for this particular device Device Statistics System UpTime The time since the system of a device was last initialized CPU Usage The current usage percentage of CPU Memory Usage The current usage percentage of Mem...

Страница 65: ...tings will be erased The default IP address password and ALL other settings will be restored to the factory default values The DCHP server function will be enabled These changes may mean that the current connection is invalid and you will have to re connect to the Dual WAN VPN Firewall using its default IP address 192 168 1 1 ...

Страница 66: ...s 2 10 100BaseT RJ45 for WAN LEDs 14 LAN 2 WAN 2 Status 1 Power Power Input AC 110V 230V 0 5A FCC Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation CE Marking Warning This is a ...

Страница 67: ...formation to each PC when the PC boots For all non Server versions of Windows the default TCP IP setting is to act as a DHCP client If you wish to check your TCP IP settings the procedure is described in the following sections If your LAN has a Router the LAN Administrator must re configure the Router itself Checking TCP IP Settings Windows 9x ME 1 Select Control Panel Network You should see a scr...

Страница 68: ...ng Specify an IP Address If your PC is already configured check with your network administrator before making the following changes If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK On the Gateway tab enter Dual WAN VPN Firewall IP address in the New Gateway field and click Add as shown below Y...

Страница 69: ...s beside the Add button then click Add Checking TCP IP Settings Windows 2000 6 Select Control Panel Network and Dial up Connection Right click the Local Area Connection icon and select Properties You should see a screen like the following Figure B 5 Network Configuration Win 2000 Select the TCP IP protocol for your network card Click on the Properties button You should then see a screen like the f...

Страница 70: ... VPN Firewall Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter Dual WAN VPN Firewall IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the Multi WAN VPN Link Balancer If the DNS Server fields are empty sele...

Страница 71: ...l Panel Network Connection Right click the Local Area Connection and choose Properties You should see a screen like the following Figure B 7 Network Configuration Windows XP Select the TCP IP protocol for your network card Click on the Properties button You should then see a screen like the following ...

Страница 72: ... WAN VPN Link Balancer Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter Dual WAN VPN Firewall IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to Dual WAN VPN Firewall If the DNS Server fields are empty selec...

Страница 73: ...00 Mask Internet Access Problem When I try to reach an URL or IP address I get a time out error Solution A number of things could be causing this Try the following troubleshooting steps Check if other PCs work If they do ensure that your PCs IP settings are correct If using a Fixed Static IP Address check the Network Mask Default gateway and DNS as well as the IP Address If the PCs are configured ...

Страница 74: ...o replace these addresses with IP addresses that are available to you These settings are only possible if you have a static IP address available on one or both of your WAN ports This example takes a tunnel between a VPN 3000 and a VPN 2000 This example applies to the BaseWall VPN 1000 2000 and 3000 series you can use eather unit at both sides You can use the IP addresses from the network diagram a...

Страница 75: ...ets so they need to be different in order to avoid IP address conflicts These are all the settings you need to setup the tunnel You can push the connect buttons at one of the locations this unit will be initiator of the tunnel the other unit will be the responder You can check the tunnel status in the SA list Information about key lifetimes and these kind of things you can find by pushing the tunn...

Страница 76: ...BaseWall Tel 31 74 2491004 Fax 31 74 2593934 76 ...

Отзывы:

Нет отзывов