Billion BiGuard 30 Скачать руководство пользователя | Manualshive

Страница: 166 / 211

background image

166

E.2.4 Tunnel Mode ESP

Here is an example of a packet with ESP applied:

E.2.5 Internet Key Exchange (IKE)

Before either AH or ESP can be used, it is necessary for the two communication
devices to exchange a secret key that the security protocols themselves will use. To
do this, IPSec uses Internet Key Exchange (IKE) as a primary support protocol. IKE
facilitates and automates the SA setup, and exchanges keys between parties
transferring data. Using keys ensures that only the sender and receiver of a
message can access it. These keys need to be re-created or refreshed frequently so
that the parties can communicate securely with each other. Refreshing keys on a
regular basis ensures data confidentiality.

There are two phases to this process. Phase I deals with the negotiation and
management of IKE and IPSec parameters. This phase can be carried out in either
one of two modes: Main Mode or Aggressive Mode. Main mode utilizes three
message pairs that negotiate IKE parameters, establish a shared secret and derive
session keys, and exchange and provide identities, retroactively authenticating the
information sent. This method is very secure, but when using the pre-shared key
method for authentication, it is possible to use IDs other than the packets’s IP
addresses. Aggressive mode reduces this process to three messages, but parameter
negotiation is limited, identity protection is lacking except when using public key

Original Packet

Packet with IPSec Encapsulation Security Payload

IP Header

TCP

Data

New IP Header ESP Header

TCP

Data

ESP Trailer

ESP

Authentication

encrypted

Authenticated

Org IP Header

«
...
164
165
166
167
168
...
»

Содержание BiGuard 30

Страница 1: ...BiGuard 30 iBusiness Security Gateway SMB User s Manual Version Release 5 00 FW 1 03...

Страница 2: ...All rights reserved Disclaimer Billion does not assume any liability arising out of the application of use of any products or software described herein Neither does it convey any license under its pat...

Страница 3: ...be stepped on DO NOT use BiGuard 30 in environments with high humidity or high temperatures DO NOT use the same power source for BiGuard 30 as other equipment DO NOT use your BiGuard 30 and any acces...

Страница 4: ...Overview 2 2 Bandwidth Management with QoS 2 2 1 QoS Technology 2 2 2 QoS Policies for Different Applications 2 2 3 Guaranteed Maximum Bandwidth 2 2 4 Policy Based Traffic Shaping 2 2 5 Priority Band...

Страница 5: ...ring 3 4 3 2 Verifying Settings 3 4 4 Windows 98 ME 3 4 4 1 Installing Components 3 4 4 2 Configuring 3 4 4 3 Verifying Settings 3 5 Factory Default Settings 3 5 1 Username and Password 3 5 2 LAN and...

Страница 6: ...4 4 2 1 1 DHCP 4 4 2 1 2 Static IP 4 4 2 1 3 PPPoE 4 4 2 1 4 PPTP 4 4 2 1 5 Big Pond 4 4 2 2 Bandwidth Settings 4 4 3 Dual WAN 4 4 3 1 General Settings 4 4 3 2 Outbound Load Balance 4 4 3 3 Inbound L...

Страница 7: ...ement 4 5 Save Configuration To Flash 4 6 Logout Chapter 5 Troubleshooting 5 1 Basic Functionality 5 1 1 Router Won t Turn On 5 1 2 LEDs Never Turn Off 5 1 3 LAN or Internet Port Not On 5 1 4 Forgot M...

Страница 8: ...1 3 Dynamic Host Configuration Protocol DHCP D 2 Router Basics D 2 1 Why use a Router D 2 2 What is a Router D 2 3 Routing Information Protocol RIP D 3 Firewall Basics D 3 1 What is a Firewall D 3 2...

Страница 9: ...G 4 Who Needs QoS G 4 1 Home Users G 4 2 Office Users Appendix H Router Setup Examples H 1 Outbound Fail Over H 2 Outbound Load Balancing H 3 Inbound Fail Over H 4 DNS Inbound Fail Over H 5 DNS Inboun...

Страница 10: ...WAN ports BiGuard 30 combines two broadband lines such as DSL or Cable into one Internet connection providing optimal bandwidth sharing for multiple PCs on your network or allowing maximum reliability...

Страница 11: ...t network security and peace of mind 1 2 4 Intelligent Bandwidth Management BiGuard 30 utilizes Quality of Service QoS to give you full control over the priority of both incoming and outgoing data ens...

Страница 12: ...vice is connected Blinking when data is transmitting receiving WAN1 Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit w...

Страница 13: ...em here 3 WAN1 WAN1 10 100M Ethernet port with auto crossover support connect xDSL Cable modem here 4 LAN 1 8 Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the eight LAN ports when connecting...

Страница 14: ...d in four twisted pairs and terminated with an RJ45 type connector One of the most common causes of networking problems is bad cabling Make sure that all connected devices are turned on On the front p...

Страница 15: ...ming data like gaming packets or even mission critical files efficiently move through the router even under a heavy load You can throttle the speed at which different types of outgoing data pass throu...

Страница 16: ...ferent QoS policies according to the applications you are running you can use BiGuard 30 to optimize the bandwidth that is being used on your network As illustrated in the diagram above applications s...

Страница 17: ...that a particular service receives a minimum percentage of bandwidth For example you can configure BiGuard 30 to reserve 10 of the available bandwidth for a particular computer on the network to trans...

Страница 18: ...ilization Assigning priority to a certain service allows BiGuard 30 to give either a higher or lower priority to traffic from this particular service Assigning a higher priority to an application ensu...

Страница 19: ...er on the network 2 2 7 DiffServ DSCP Marking DiffServ a k a DSCP Marking allows you to classify traffic based on IP DSCP values These markings can be used to identify traffic within the network Other...

Страница 20: ...ve example PC 1 IP_192 168 2 2 and PC 2 IP_192 168 2 3 are connected to the Internet via WAN1 IP_230 100 100 1 on BiGuard 30 Should WAN1 fail Outbound Fail Over tells BiGuard 30 to reroute outgoing tr...

Страница 21: ...m the same source IP address and destination IP address will go through the same WAN port This is useful for some server applications that need to identify the source IP address of the client By balan...

Страница 22: ...30 to reroute incoming traffic to WAN2 by using the Dynamic DNS mechanism Configuring your BiGuard 30 for Inbound Fail Over provides a more reliable connection for your incoming traffic Please refer t...

Страница 23: ...w billion2 dyndns org while the R D group can access www billion3 dyndns org By balancing the load between WAN1 and WAN2 your BiGuard 30 can ensure that inbound traffic is efficiently handled with bot...

Страница 24: ...he built in DNS server The remote PC then accesses the network via the specified WAN port How BiGuard 30 directs this traffic through the built in DNS server depends on whether it is configured for Fa...

Страница 25: ...rk via WAN2 By configuring BiGuard 30 for DNS Inbound Fail Over incoming requests will enjoy increased reliability when accessing your network Please refer to appendix H for example settings 2 5 2 DNS...

Страница 26: ...g the load between WAN1 and WAN2 your BiGuard 30 can ensure that inbound traffic is efficiently handled making sure that both ports are equally sharing the load and preventing situations where service...

Страница 27: ...TP request will be send to BiGuard 30 s URL Host Map 7 The Host Map will then redirect the HTTP request to the HTTP server 8 The HTTP server will reply 9 The URL Host Map will route the packet through...

Страница 28: ...with all VPNs data is kept secure with secure tunnels The final type of VPN setup is the Client to Gateway A good example of where this can be applied is when a remote sales person accesses the corpo...

Страница 29: ...the domain name In this Gateway to Gateway example BiGuard 30 is communicating to a remote gateway using WAN1 through a secure VPN tunnel Should WAN1 fail outbound traffic from BiGuard 30 will automat...

Страница 30: ...xample settings 100 100 100 1 200 200 200 1 192 168 2 x 192 168 3 x 201 201 201 1 192 168 4 x Local subnet 0 0 0 0 Local mask 0 0 0 0 Remote subnet 192 168 3 0 Remote mask 255 255 255 0 Local subnet 1...

Страница 31: ...whether you are going to use one or both WAN ports For one WAN port you may need a fully qualified domain name either for convenience or if you have a dynamic IP address If you are going to use both W...

Страница 32: ...networked PCs to the LAN ports on the router Connect BiGuard 30 to your broadband Internet connection via router s WAN port 2 Plug BiGuard 30 to an AC outlet with the included AC Power Adapter 3 Ensu...

Страница 33: ...mask of 255 255 255 0 Using the default configuration networked PCs must reside in the same subnet and have an IP address in the range of 192 168 1 1 to 192 168 1 253 However you ll find that the quic...

Страница 34: ...TCP IP application package Any TCP IP capable workstation can be used to communicate with or through BiGuard 30 To configure other types of workstations please consult the manufacturer s documentatio...

Страница 35: ...35 2 In the Network Connections window right click Local Area Connection and select Properties 3 Select Internet Protocol TCP IP and click Properties...

Страница 36: ...To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember tha...

Страница 37: ...finish the configuration 3 4 2 2 Verifying Settings To verify your settings using a command prompt 1 Click Start Programs Accessories Command Prompt 2 In the Command Prompt window type ipconfig and t...

Страница 38: ...Guard 30 s default settings your PC should have An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 To verify your settings using the Windows XP GUI 1 Click Start Settin...

Страница 39: ...39 2 Right click one of the network connections listed and select Status from the pop up menu 3 Click the Support tab...

Страница 40: ...ng BiGuard 30 s default settings your PC should Have an IP address between 192 168 1 1 and 192 168 1 253 Have a subnet mask of 255 255 255 0 3 4 3 Windows 2000 3 4 3 1 Configuring 1 Select Start Setti...

Страница 41: ...41 2 In the Control Panel window double click Network and Dial up Connections 3 In Network and Dial up Connections double click Local Area Connection...

Страница 42: ...42 4 In the Local Area Connection window click Properties 5 Select Internet Protocol TCP IP and click Properties...

Страница 43: ...To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember tha...

Страница 44: ...44 7 Click OK to finish the configuration 3 4 3 2 Verifying Settings 1 Click Start Programs Accessories Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER...

Страница 45: ...5 0 3 4 4 Windows 98 Me 3 4 4 1 Installing Components To prepare Windows 98 Me PCs for TCP IP networking you may need to manually install TCP IP on each PC To do this follow the steps below Be sure to...

Страница 46: ...46 2 Double click the Network icon The Network window displays a list of installed components...

Страница 47: ...u must have the following installed An Ethernet adapter TCP IP protocol Client for Microsoft Networks If you need to install a new Ethernet adapter follow these steps a Click Add b Select Adapter then...

Страница 48: ...48 c Select the manufacturer and model of your Ethernet adapter then click OK If you need TCP IP a Click Add...

Страница 49: ...49 b Select Protocol then click Add c Select Microsoft TCP IP then OK If you need Client for Microsoft Networks a Click Add...

Страница 50: ...50 b Select Client then click Add c Select Microsoft Client for Microsoft Networks and then click OK 3 Restart your PC to apply your changes 3 4 4 2 Configuring 1 Select Start Settings Control Panel...

Страница 51: ...51 2 In the Control Panel double click Network and choose the Configuration tab...

Страница 52: ...52 3 Select TCP IP ASUSTek or the name of any Network Interface Card NIC in your PC and click Properties 4 Select the IP Address tab and click the Obtain an IP address automatically radio button...

Страница 53: ...53 5 Select the DNS Configuration tab and select the Disable DNS radio button 6 Click OK to apply the configuration...

Страница 54: ...54 3 4 4 3 Verifying Settings To check the TCP IP configuration use the winipcfg exe utility 1 Select Start Run 2 Type winipcfg and then click OK 3 From the drop down box select your Ethernet adapter...

Страница 55: ...192 168 1 254 3 5 Factory Default Settings Before configuring your BiGuard 30 you need to know the following default settings Web Interface Username admin Password admin LAN Device IP Settings IP Addr...

Страница 56: ...s for LAN and WAN ports are shown below LAN Port WAN Port IP address 192 168 1 254 Subnet Mask 255 255 255 0 DHCP server function Enabled IP addresses for distribution to PCs 100 IP addresses continui...

Страница 57: ...will login automatically and you will no longer need to run the login program from your PC 3 6 2 Configuration Information If your ISP does not dynamically assign configuration information but instead...

Страница 58: ...trations from Windows XP However other versions of Windows will follow a similar procedure Have your Windows CD handy as it may be required during the configuration process 1 Select Start Settings Con...

Страница 59: ...59 3 In the Network Connections window right click Local Area Connection and select Properties 4 Select Internet Protocol TCP IP and click Properties...

Страница 60: ...down the information If no address is present your account s IP address is dynamically assigned Click the Obtain an IP address automatically radio button 6 If any DNS server addresses are shown write...

Страница 61: ...rtually any browser on your network To access this interface open your web browser enter the IP address of your router which by default is 192 168 1 254 and click Go A user name and password window pr...

Страница 62: ...Configuration Interface appears congratulations You are now ready to configure your BiGuard 30 If you are having trouble accessing the interface please refer to Chapter 5 Troubleshooting for possible...

Страница 63: ...e device 3 Click RESTART to restart the device There are two options to restart the device Select Current Settings if would like to restart using the current configuration Select Factory Default Setti...

Страница 64: ...us options that have been selected and a number of statistics about your BiGuard 30 In this menu you will find the following sections ARP Table Routing Table Session Table DHCP Table IPSec Status PPTP...

Страница 65: ...on See the Firewall section of this chapter for more information on this feature No Number of the list IP Address A list of IP addresses of devices on your LAN MAC Address The Media Access Control MAC...

Страница 66: ...and dynamic routes are displayed No Number of the list Destination The IP address of the destination network Netmask The destination netmask address Gateway Interface The IP address of the gateway or...

Страница 67: ...P of the session To port Destination port of the session Sessions Filter when the presented field is filled please click Filter button From IP please input the source IP you would like to filter From...

Страница 68: ...s that have been assigned to PCs on your network via Dynamic Host Configuration Protocol DHCP No Number of the list IP Address A list of IP addresses of devices on your LAN Device Name The host name c...

Страница 69: ...rticular IPSec entry Enable Whether the IPSec connection is currently Enable or Disable Status Whether the IPSec is Active Inactive or Disable Local Subnet The local IP address or subnet used Remote S...

Страница 70: ...ed to the particular PPTP entry Enable Whether the PPTP connection is currently Enable or Disable Status Whether the PPTP is Active Inactive or Disable Type Whether the Connection type is Remote Acces...

Страница 71: ...tes sec over a one hour duration The line in red represents WAN1 while the line in blue represents WAN2 WAN1 Transmitted Tx and Received Rx bytes and packets for WAN1 WAN2 Transmitted Tx and Received...

Страница 72: ...ries Major events are logged on this window Refresh Refresh the System Log Clear Log Clear the System Log Send Log Send the System Log to your email account You can set the email address in Configurat...

Страница 73: ...stem Email Alert See the Email Alert section for more details Please refer to Appendix F IPSec Log Events for more information on log events 4 3 Quick Start The Quick Start menu allows you to quickly...

Страница 74: ...ur ISP that you will need to enter in order to properly configure your Internet connection If you select to Obtain an IP Address Automatically these will be automatically set for you provided that you...

Страница 75: ...ays Connect or Trigger on Demand If you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP select Always Con...

Страница 76: ...or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the ISP select Always Connect If you w...

Страница 77: ...our ISP Click Apply to save your changes To reset to defaults click Reset For detailed instructions on configuring WAN settings please refer to the WAN section of this chapter 4 4 Configuration The Co...

Страница 78: ...78 Virtual Server Advanced These items are described below in the following sections 4 4 1 LAN There are two items within this section Ethernet and DHCP Server...

Страница 79: ...55 0 by default RIP RIP v2 Broadcast and RIP v2 Multicast Check to enable RIP 4 4 1 2 DHCP Server In this menu you can disable or enable the Dynamic Host Configuration Protocol DHCP server The DHCP pr...

Страница 80: ...by default To configure the router s DHCP Server select the Enable radio button and then configure parameters of the DHCP Server including the IP Pool starting IP address and ending IP address to be...

Страница 81: ...81 IP Address Enter the IP address that you want to reserve for the above MAC address MAC Address Enter the MAC address of the PC or server you wish to be assigned a reserved IP...

Страница 82: ...to the Host Table Press the Delete button to delete a configuration from the Host Table 4 4 2 WAN WAN refers to your Wide Area Network connection In most cases this means your router s connection to t...

Страница 83: ...hat are configured on BiGuard 30 To edit any of these connections click Edit You will be taken to the following menu Connection Method Select how your router will connect to the Internet Selections in...

Страница 84: ...this field MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below DNS If your ISP requires you to manually setup DNS settin...

Страница 85: ...net MAC check the checkbox and enter your MAC address in the blanks below Primary DNS Enter the primary DNS provided by your ISP Secondary DNS Enter the secondary DNS provided by your ISP RIP To activ...

Страница 86: ...no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trigger on Demand is selected IP Assigned by your ISP If your IP is dynamically assign...

Страница 87: ...connection should Always Connect or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the IS...

Страница 88: ...ve or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Click Apply to save your changes To reset to defau...

Страница 89: ...alternative is to select Quick Start from the main menu Please see the Quick Start section of this chapter for more information 4 4 2 2 Bandwidth Settings Under Bandwidth Settings you can easily confi...

Страница 90: ...bles or disables the service detection feature For fail over the service detection function is enabled For load balance user is able to enable or disable it Connectivity Decision Establishes the numbe...

Страница 91: ...chanism The source IP address and destination IP address might go through WAN1 or WAN2 according to policy settings in this mechanism You can choose this mechanism if the applications the users use wi...

Страница 92: ...Based on IP hash mechanism The source IP address and destination IP address will go through specific WAN port WAN1 or WAN2 according to policy settings in this mechanism This will assure that some ap...

Страница 93: ...an ending character a dot for this text field ex abc com When you enter the following domain name you can only input different chars without an ending dot its name is then added with domain name and i...

Страница 94: ...Server MX Record Mail Exchanger The name of the mail server IP Address The mail server IP address Click Apply to save your changes To edit the Host Mapping URL list click Edit This will open the Host...

Страница 95: ...Candidates You can also select the Candidates which are referred from the ARP table for automatic input Name1 The Alias Host URL Name2 The Alias Host URL Click Apply to save your changes 4 4 3 4 Proto...

Страница 96: ...inding section please note that it would take precedence over the settings that are already configured in the Load Balance Setting section The Protocol Binding Table lists any protocol binding that ha...

Страница 97: ...k If Specified Source IP was chosen here s where the subnet mask can be entered Destination IP Range All Destination IP Click it to specify all source IPs Specified Destination IP Click to specify a s...

Страница 98: ...adjust a variety of basic router settings upgrade firmware set up remote access and more In this menu are the following sections Time Zone Remote Access Firmware Upgrade Backup Restore Restart Passwor...

Страница 99: ...Your ISP may provide an NTP server for you to use To have BiGuard 30 automatically adjust for Daylight Savings Time check the Automatic checkbox 4 4 4 2 Remote Access To allow remote users to configu...

Страница 100: ...our firmware simply visit Billion s website http www billion com and download the latest firmware image file for BiGuard 30 Next click Browse and select the newly downloaded firmware file Click Upgrad...

Страница 101: ...d select where to save the settings backup file You may also change the name of the file when saving if you wish to keep multiple backups Click OK to save the file To restore a previously saved backup...

Страница 102: ...If you wish to restart the router using the factory default settings select Factory Default Settings and click Restart to reboot BiGuard 30 with factory default settings You may also reset your router...

Страница 103: ...our router s configuration interface it requires the administrator to login with a password You can change your password by entering your new password in both fields Click Apply to save your changes C...

Страница 104: ...n industry standard protocol used to capture information about network activity To enable this function select the Enable radio button and enter your Syslog server IP address in the Log Server IP Addr...

Страница 105: ...ng mail server It may be an IP address or a domain name Sender s Email Address Enter the email address where you wish the alert logs to be sent by which address Mail Server Login some SMTP servers may...

Страница 106: ...teful Packet Inspection SPI firewall for controlling Internet access from your LAN and preventing attacks from hackers Your router also acts as a natural Internet firewall when using Network Address T...

Страница 107: ...LAN The Filter Table displays all current filter rules If there is an entry in the Filter Table you can click Edit to modify the setting of this entry click Delete to remove this entry or click Move t...

Страница 108: ...rce IP Select Any Subnet IP Range or Single Address Starting IP Address Enter the source IP or starting source IP address this filter rule is to be applied End IP Address Enter the End source IP Addre...

Страница 109: ...sed to limit access to certain URLs on the Internet You can block web sites based on keywords or even block out an entire domain Certain web features can also be blocked to grant added security to you...

Страница 110: ...n IP address as the domain name Exception List You can input a list of IP addresses as the exception list for URL filtering Enter a keyword to be filtered and click Apply Your new keyword will be adde...

Страница 111: ...ng depending on which you selected previously Restrict URL Features Use this to disable certain web features Select the options you want Block Java Applet Block ActiveX Block Web proxy Block Cookie Bl...

Страница 112: ...List and excluded from the URL filtering rules in effect 4 4 5 3 LAN MAC Filter LAN Mac Filter can decide that BiGuard will serve those devices at LAN side or not by MAC Address Default Rule Forward...

Страница 113: ...hed Select to Drop or Forward the packet specified in this filter entry MAC Address The MAC Address you would like to apply Candidates You can also select the Candidates which are referred from the AR...

Страница 114: ...an prevent most common DoS attacks from the Internet or from LAN users Intrusion Detection Enable or disable this function Intrusion Log All the detected and dropped attacks will be shown in the syste...

Страница 115: ...ished Note Auto only applies to Fail Over mode For Load Balance mode please do not select Auto In Load Balance mode Auto will be forced to WAN1 interface if Auto is selected Pre shared Key This is for...

Страница 116: ...th remote router using Fixed Internet IP or domain name by using main mode Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN gateway Remote Network The subnet of the r...

Страница 117: ...sing aggressive mode Remote Identifier The Identifier of the remote gateway According to the input value the ID type will be auto defined as IP Address FQDN DNS or FQUN E mail Remote Network The subne...

Страница 118: ...remote client software using Fixed Internet IP or domain name by using main mode Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establ...

Страница 119: ...emote client software using Dynamic Internet IP by using aggressive mode Remote Identifier The Identifier of the remote gateway According to the input value the ID type will be auto defined as IP Addr...

Страница 120: ...Sec VPN tunnel with BiGuard VPN Client software C01 by using aggressive mode VPN Client IP Address The VPN Client Address for BiGuard VPN Client this value will be applied on both remote ID and Remote...

Страница 121: ...your configuration is done you will see a Configuration Summary Back Back to the Previous page Done Click Done to apply the rule 4 4 6 1 2 IPSec Policy Click Create to create a new IPSec VPN connectio...

Страница 122: ...being established Note Auto only applies to Fail Over mode For Load Balance mode please do not select Auto In Load Balance mode Auto will be forced to WAN1 interface if Auto is selected Local This sec...

Страница 123: ...mote gateway Address as ID with ID type IP Address IP Address Use an IP address format FQDN DNS Fully Qualified Domain Name Consists of a hostname and domain name For example WWW VPN COM is a FQDN WWW...

Страница 124: ...tion Protocol Authentication establishes data integrity and ensures it is not tampered with while in transit There are two options Message Digest 5 MD5 and Secure Hash Algorithm SHA1 While slower SHA1...

Страница 125: ...the user defined name of the connection Enable This function activates or deactivates the IPSec connection Local Subnet Displays IP address and subnet of the local network Remote Subnet Displays IP ad...

Страница 126: ...ateless or Allow Stateless and Stateful IP Addresses Assigned to Peer Start from 192 168 1 x please input the IP assigned range from 1 254 except BiGuard 30 s LAN IP address with 192 168 1 254 as BiGu...

Страница 127: ...nection Type Select Remote Access for single user Select LAN to LAN for remote gateway Peer Network IP Please input the IP for remote network Peer Netmask Please input the Netmask for remote network N...

Страница 128: ...th afforded by the ISP for WAN1 s outbound traffic WAN1 Inbound QoS Function QoS status for WAN1 inbound Select Enable to activate QoS for WAN1 s incoming traffic Select Disable to deactivate Max ISP...

Страница 129: ...Rule To get started using QoS you will need to establish QoS rules These rules tell BiGuard 30 how to handle both incoming and outgoing traffic The following example shows you how to configure WAN1 Ou...

Страница 130: ...highest DSCP Marking Used to classify traffic Select from Best Effort Premium Gold Service High Medium Low Silver H M L and Bronze H M L Address Type The type of address this rule applies to Select I...

Страница 131: ...etworks a port is a 16 bit number used to identify which application program usually a server incoming connections should be delivered to Some ports have numbers that are pre assigned to them by the I...

Страница 132: ...s a virtual server so that remote users accessing services such as Web or FTP services via the public WAN IP address can be automatically redirected to local servers in the LAN network Depending on th...

Страница 133: ...2 Port Forwarding Table Because NAT can act as a natural Internet firewall your router protects your network from being accessed by outside users as all incoming connection attempts will point to you...

Страница 134: ...add a new port forwarding rule This function allows any incoming data addressed to a range of service port numbers from the Internet WAN Port to be re directed to a particular LAN private internal IP...

Страница 135: ...nal IP Address Enter the LAN server host IP address that the service request from the Internet will be sent to Candidates You can also select the Candidates which are referred from the ARP table for a...

Страница 136: ...heir router unless advised to do so by support staff There are three items within the Advanced section Static Route Dynamic DNS and Device Management 4 4 9 1 Static Route The static route settings ena...

Страница 137: ...ly to save your changes 4 4 9 2 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname allowing users whose ISP does not assign them a static IP address to...

Страница 138: ...c DNS Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service y...

Страница 139: ...r on a PC within their LAN Management IP Address You may specify an IP address allowed to logon and access the router s web server Setting the IP address to 0 0 0 0 will disable IP address restriction...

Страница 140: ...IP Address Input the device IP address with SNMP software installed SNMP V3 Username Input the Username for your SNMP software Password Input the Password for your SNMP software Access Right Select Re...

Страница 141: ...on interface at a time Once a PC has logged into the web interface other PCs cannot gain access until the current PC has logged out If the previous PC forgets to logout the second PC can access the pa...

Страница 142: ...may have a hardware problem and should contact technical support 5 1 2 LEDs Never Turn Off When your BiGuard 30 is turned on the LEDs turn on for about 10 seconds and then turn off If all the LEDs st...

Страница 143: ...f this fails you can restore your BiGuard 30 to its factory default settings by holding the Reset button on the back of your router until the Status LED begins to blink Then enter the default User Nam...

Страница 144: ...en the PC and the router Make sure your PC s IP address is on the same subnet as the router If your BiGuard 30 s IP address has changed and you don t know the current IP address reset the router to fa...

Страница 145: ...e sure that the Delete All Offline Content checkbox is checked and click OK 4 Click OK under Internet Options to close the dialogue In Windows type arp d at the command prompt to clear you computer s...

Страница 146: ...ab clear the Block pop ups checkbox and click Apply to save your changes Enabling Pop up Blockers with Exceptions If you only want to allow pop up windows with your BiGuard 30 1 In Internet Explorer s...

Страница 147: ...OK to close the dialogue 5 2 3 3 Java Permissions The following Java Permissions should also be given for the Web Configuration Interface to display properly 1 In Internet Explorer click Tools Interne...

Страница 148: ...uires MAC address authentication clone the MAC address from your PC on the LAN as BiGuard 30 s WAN MAC address If your ISP requires host name authentication configure your PC s name as BiGuard 30 s sy...

Страница 149: ...modem 4 When the modem has finished synchronizing with the ISP generally shown by LEDs on the modem turn on the power to your router If an IP address still cannot be obtained Your ISP may require a l...

Страница 150: ...C may not have the router correctly configured as its TCP IP gateway 5 5 Problems with Date and Time If the date and time is not being displayed correctly be sure to set it for your BiGuard 30 via the...

Страница 151: ...30 Mbps PPTP VPN support up to 4 PPTP tunnels PPTP VPN performance is up to 10 Mbps Manual key Internet Key Exchange IKE authentication and Key Management Authentication MD5 SHA 1 DES 3DES encryption...

Страница 152: ...iagnostics System Logs PPPoE PPTP Big Pond and DHCP client connections to the ISP NAT static routing and RIP 2 Dynamic Domain Name System DDNS Virtual Server and DMZ DHCP Server NTP Physical Interface...

Страница 153: ...be solved by referring to the Troubleshooting section in the User s Manual If you cannot resolve the problem with the Troubleshooting chapter please contact the dealer where you purchased this produc...

Страница 154: ...nterference in a commercial environment If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encourag...

Страница 155: ...ifferent methods to determine the network and host sections of the address which makes multiple hosts on a network possible TCP IP software identifies each address class by reading a unique bit patter...

Страница 156: ...an be made from a Class B address For example the IP address of 172 20 0 0 allows eight extra bits to use as a subnet address since node addresses are limited to a maximum of 255 The IP address of 172...

Страница 157: ...IP address is handled by the router which means added security for your network from intruders If a particular PC on your LAN requires access from outside PCs you can use port forwarding to accomplis...

Страница 158: ...orks D 2 2 Why use a Router While large bandwidth can easily and inexpensively be provided in a LAN having high bandwidth between a LAN and the Internet can be prohibitively expensive Because of this...

Страница 159: ...network from intrusions and attacks Unlike less sophisticated Internet sharing routers SPI ensures secure firewall filtering by intercepting incoming packets at the network layer and analyzing them f...

Страница 160: ...A simple NAT router provides a basic level of protection by shielding your network from the outside Internet Still there are ways for more dedicated hackers to either obtain information about your ne...

Страница 161: ...ons between two or more organizations IPSec based VPNs are ideal for extranet connections as they can be quickly and inexpensively installed Extranets are often used to securely share a company s info...

Страница 162: ...nfidentiality authentication and integrity Internet Key Exchange IKE Provides key management and Security Association SA management These components are discussed below E 2 1 1 Authentication Header A...

Страница 163: ...eader Placed before encrypted data the ESP Header contains the SPI and Sequence Number Its placement depends on whether ESP is used in transport mode or tunnel mode ESP Trailer Placed after the encryp...

Страница 164: ...rameters Security Parameters Index SPI a locally unique value Destination IP Address Security Protocol AH or ESP but not both There are several other parameters associated with an SA that are stored i...

Страница 165: ...the two tunnel end points Since tunnel mode hides the original IP header it provides security of the networks with private IP address space E 2 3 Tunnel Mode AH AH is typically applied to a data pack...

Страница 166: ...ty There are two phases to this process Phase I deals with the negotiation and management of IKE and IPSec parameters This phase can be carried out in either one of two modes Main Mode or Aggressive M...

Страница 167: ...ys from the IKE shared secret exchange DH values to generate a new key and identify which traffic this SA bundle will protect using selectors IDi and IDr payloads The following is an illustration on h...

Страница 168: ...thm and authentication method Send Aggressive mode initial message of ISAKMP Sending the first message of aggressive mode phase I Received Main mode initial message of ISAKMP Received the first messag...

Страница 169: ...gressive mode Send Aggressive mode first response message of ISAKMP Sending the first response message of aggressive mode Done to exchange proposal and key values Received Aggressive mode first respon...

Страница 170: ...SEN PFS is required in Quick Initial SA NO PROPOSAL CHOSEN PFS is not required in Quick Initial SA NO PROPOSAL CHOSEN Initial Aggressive Mode message from s but no connection has been configured NO PR...

Страница 171: ...171 Main Aggressive mode peer ID is identifier string ISAKMP SA Established IPsec SA Established...

Страница 172: ...er which applications they are running If you ve ever experienced slow Internet speeds due to other network users using bandwidth consuming applications like P2P you ll understand why QoS is such a br...

Страница 173: ...the ability to control the bandwidth Using IP Throttling bandwidth limits can be enforced on a particular application or any system within the LAN Prioritization specifies which packets have priority...

Страница 174: ...and voice frequently lag Sales people are talking to international agencies via VoIP phone while sending orders via email to vendors for production However some staff are downloading MP3 music files...

Страница 175: ...dix H Router Setup Examples H 1 Outbound Fail Over Step 1 Go to Configuration WAN ISP Settings Select WAN1 and WAN2 and click Edit Step 2 Configure WAN1 and WAN2 according to the information given by...

Страница 176: ...il Over radio button Under Connectivity Decision input the number of times BiGuard 30 should probe the WAN before deciding that the ISP is in service or not 3 by default Next input the duration of the...

Страница 177: ...ep 4 Click Save Config to save all changes to flash memory H 2 Outbound Load Balancing With Outbound Load Balancing you can improve upload performance by optimizing your connection via Dual WAN To do...

Страница 178: ...178 Step 2 Configure your WAN2 ISP settings and click Apply Step 3 Go to Configuration Dual WAN General Settings Select the Load Balance radio button...

Страница 179: ...n Dual WAN Outbound Load Balance Choose the Load Balance mechanism you want and click Apply Step 5 Complete To check traffic statistics go to Status Traffic Statistics Step 6 Click Save Config to save...

Страница 180: ...onnection for incoming requests To do so follow these steps NOTE Before you begin ensure that both WAN1 and WAN2 have been properly configured See Chapter 4 Router Configuration for more details Step...

Страница 181: ...181 Step 2 Configure Fail Over options if necessary Step 3 Go to Configuration Advanced Dynamic DNS Set the WAN1 DDNS settings...

Страница 182: ...182 Step 4 From the same menu set the WAN2 DDNS settings Step 5 Click Save Config to save all changes to flash memory...

Страница 183: ...Dual WAN General Settings Select the Fail Over radio button and configure your fail over policy Step 2 Go to Configuration Dual WAN Inbound Load Balance Select the Built in DNS 192 168 2 2 192 168 2 3...

Страница 184: ...by clicking Edit Step 3 Input DNS Server 1 settings and click Apply Step 4 Configure your Host URL Mapping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List Click Create and input...

Страница 185: ...e Load Built in DNS 192 168 2 2 192 168 2 3 FTP HTTP 200 200 200 1 www mydomain com 200 200 200 1 Authoritative Domain Name Server 100 100 100 1 100 100 100 1 DNS Request DNS Reply Built in DNS 192 16...

Страница 186: ...186 Balance radio button Step 2 Go to Configuration Dual WAN Inbound Load Balance Server Settings and configure DNS Server 1 Step 3 Go to Configuration Dual WAN Inbound Load Balance Host URL...

Страница 187: ...187 Mapping and configure your FTP mapping Step 4 Next configure your HTTP mapping Step 5 Click Save Config to save all changes to flash memory...

Страница 188: ...Go to Configuration WAN Bandwidth Settings Configure your WAN inbound and outbound bandwidth www billion2 dyndns org Remote Access from Internet www billion3 dyndns org www billion3 dyndns org www bil...

Страница 189: ...oose your load balance policy and click Apply to apply your changes If you selected Based on session mechanism as your policy the source IP address and destination IP address may go through WAN1 or WA...

Страница 190: ...190 Step 4 Go to Configuration Advanced Dynamic DNS and input the dynamic DNS settings for WAN1 and WAN2 WAN1...

Страница 191: ...191 WAN 2 Step 5 Go to Configuration Virtual Server and set up a virtual server for both FTP and HTTP...

Страница 192: ...192 Step 6 Click Save Config to save all changes to flash memory H 7 VPN Configuration This section outlines some concrete examples on how you can configure BiGuard 30 for your VPN H 7 1 LAN to LAN...

Страница 193: ...1 0 Netmask 255 255 255 0 255 255 255 0 Remote Secure Gateway Address or Hostname 69 121 1 3 69 121 1 30 ID IP Address IP Address Data 69 121 1 3 69 121 1 30 Network Subnet Subnet IP Address 192 168 1...

Страница 194: ...ss IP Address Data 69 121 1 30 69 121 1 3 Network Any Local Address Any Local Address IP Address 0 0 0 0 192 168 1 0 Netmask 0 0 0 0 255 255 255 0 Remote Secure Gateway Address or Hostname 69 121 1 3...

Страница 195: ...shared Key 12345678 12345678 Security Algorithm Main Mode ESP MD5 3DES PFS Main ESP MD5 3DES PFS H 8 IP Sec Fail Over Gateway to Gateway Before Fail Over After Fail Over 192 168 2 x 192 168 2 x 200 2...

Страница 196: ...n Dual WAN General Settings Enable Fail Over by selecting the Fail Over radio button Then configure your Fail Over policy Step 2 Go to Configuration Advanced Dynamic DNS and configure your dynamic DNS...

Страница 197: ...3 Go to Configuration VPN IPSec IPSec Policy Click Create to configure VPN settings Step 4 Click Save Config to save all changes to flash memory To configure BiGuard 10 gateway refer to the screensho...

Страница 198: ...et 192 168 3 0 Remote mask 255 255 255 0 Local ID Type Subnet Local subnet 192 168 3 0 Local mask 255 255 255 0 Remote ID Type Subnet Remote subnet 0 0 0 0 Remote mask 0 0 0 0 Local ID Type Subnet Loc...

Страница 199: ...Configuration VPN IPSec IPSec Policy and configure the link from BiGuard 30 to BiGuard 10 Branch B Step 3 Go to Configuration VPN IPSec IPSec Policy and configure the connection from BiGuard 10 Branch...

Страница 200: ...olicy and configure the connection from BiGuard 10 Branch B to BiGuard 30 Step 5 Click Save Config to save all changes to flash memory H 10 Protocol Binding Step 1 Go to Configuration Dual WAN General...

Страница 201: ...Configuration Dual WAN Protocol Binding and configure settings for WAN1 Step 3 Go to Configuration Dual WAN Protocol Binding and configure settings for WAN2 Step 4 Click Save Config to save all change...

Страница 202: ...net Detected Dropped BiGuard Safe Server Safe Hacker DoS Attack DoS Attack Hacker Hacker DoS Attack DoS Attack Step 1 Go to Configuration Firewall Intrusion Detection and Enable the settings Step 2 Cl...

Страница 203: ...lient Internet Internet 100 100 100 1 Headquarter BiGuard PPTP Server Business Trip PPTP Tunnel Public IP Local subnet 192 168 30 0 Local mask 255 255 255 0 Step1 Go to Configuration VPN PPTP and Enab...

Страница 204: ...204 Step3 Click Apply you can see the account is successfully created Step4 Click Save Config to save all changes to flash memory Step5 In Windows XP go Start Settings Network Connections...

Страница 205: ...205 Step6 In Network Tasks Click Create a new connection and press Next Step7 Select Connect to the network at my workplace and press Next...

Страница 206: ...206 Step8 Select Virtual Private Network connection and press Next Step9 Input the user defined name for this connection and press Next...

Страница 207: ...207 Step10 Input PPTP Server Address and press Next Step11 Please press Finish...

Страница 208: ...208 Step12 Double click the connection and input Username and Password that defined in BiGuard PPTP Account Settings PS You can also refer the Properties Security page as below by default...

Страница 209: ...ternet 100 100 100 1 Headquarter BiGuard PPTP Server PPTP Tunnel Branch Office 200 200 200 1 BiGuard PPTP Client Local subnet 192 168 30 0 Local mask 255 255 255 0 Step1 Go to Configuration VPN PPTP a...

Страница 210: ...210 Step2 Click Create to create a PPTP Account Step3 Click Apply you can see the account is successfully created Step4 Click Save Config to save all changes to flash memory...

Страница 211: ...211 Step5 In another BiGuard as Client Go to Configuration WAN ISP Settings Step6 Click Apply and Save CONFIG...

Отзывы:

Нет отзывов

Похожие инструкции для BiGuard 30

Бренд: auto maskin Страницы: 13

SmartWire-DT EU5C-SWD-DP

Бренд: Eaton Страницы: 88

Бренд: SenseNet Страницы: 11

Бренд: Dinstar Страницы: 100

Бренд: SIEB & MEYER Страницы: 40

SureCross DX80G9M6S0P0V4V4C

Бренд: Banner Страницы: 8

Бренд: Ericsson Страницы: 12

Бренд: ProSoft Technology Страницы: 104

Бренд: NetComm Страницы: 7

Бренд: NetComm Страницы: 4

NetComm Gateway Series

Бренд: NetComm Страницы: 62

Бренд: NetComm Страницы: 12

Бренд: NETGEAR Страницы: 2

Бренд: NETGEAR Страницы: 76

Бренд: Netgate Страницы: 58

NexusWay 800 Series

Бренд: Neteyes Страницы: 118

Бренд: QEI Страницы: 47

Бренд: Nexotek Страницы: 61

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды