manualshive.com logo in svg

Geneko GWR High Speed Router Series, Руководство пользователя

Серия высокоскоростных маршрутизаторов Geneko GWR обеспечивает надежное и быстрое подключение к Интернету. Для удобства пользователей предоставляются бесплатные руководства по эксплуатации, которые можно скачать с manualshive.com. Настройте свою сеть без труда с помощью наших руководств.

Поделиться
Скачать
background image

 

 

User Manual 

 

 

 

Geneko GWR High Speed Router Series 

44 

that produces a 128–bit digest. SHA1 is a one–way hashing algorithm that produces a 
160–bit digest. SHA1 is recommended because it is more secure. Make sure both ends 
of the IPSec tunnel use the same authentication method. 

Phase 1 SA Life Time 

Configure the length of time IPSec tunnel is active in Phase 1. The default value is 
28800 seconds. Both ends of the IPSec tunnel must use the same Phase 1 SA Life Time 
setting. 

Perfect Forward Secrecy 

If the Perfect Forward Secrecy (PFS) feature is enabled, IKE Phase 2 negotiation will 
generate new key material for IP traffic encryption and authentication, so hackers using 
brute force to break encryption keys will not be able to obtain future IPSec keys. Both 
ends of the IPSec tunnel must enable this option in order to use the function. 

Phase 2 DH Group 

If the Perfect Forward Secrecy feature is disabled, then no new keys will be generated, 
so you do not need to set the Phase 2 DH Group. There are three groups of different 
prime key lengths. Group 1 is 768 bits, Group 2 is 1024 bits, and Group 5 is 1536 bits 
long. If network speed is preferred, select Group 1. If network security is preferred, 
select Group 5. You do not have to use the same DH Group that you used for Phase 1, 
but both ends of the IPSec tunnel must use the same Phase 2 DH Group. 

Phase 2 Encryption 

Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec 
sessions. Select a method of encryption: NULL, DES (56–bit), 3DES (168–bit) or AES–128 
(128–bit). It determines the length of the key used to encrypt or decrypt ESP packets. 
AES–128 is recommended because it is the most secure. Both ends of the IPSec tunnel 
must use the same Phase 2 Encryption setting. 

NOTE: If you select a NULL method of encryption, the next Phase 2 Authentication method 
cannot be NULL and vice versa.

 

Phase 2 Authentication 

Select a method of authentication: NULL, MD5 or SHA1. The authentication method 
determines how the ESP packets are validated. MD5 is a one–way hashing algorithm 
that produces a 128–bit digest.  SHA1 is a one–way hashing algorithm that produces a 
160–bit digest. SHA1 is recommended because it is more secure. Both ends of the IPSec 
tunnel must use the same Phase 2 Authentication setting. 

NOTE: If you select a NULL method of authentication, the previous Phase 2 Encryption 
method cannot be NULL. 

Phase 2 SA Life Time 

Configure the length of time an IPSec tunnel is active in Phase 2. The default is 3600 
seconds. Both ends of the IPSec tunnel must use the same Phase 2 SA Life Time setting. 

Preshared Key 

This specifies the pre–shared key used to authenticate the remote IKE peer. Enter a key 
of keyboard and hexadecimal characters, e.g., Ay_%4222 or 345fa929b8c3e. This field 
allows a maximum of 1023 characters and/or hexadecimal values. Both ends of the 
IPSec tunnel must use the same Preshared Key.  

NOTE: It is strongly recommended that you periodically change the Preshared Key to 
maximize security of the IPSec tunnels

 

Enable IKE failover 

Enable IKE failover option which try periodically to •eestablish security association. 

IKE SA retry 

Number of IKE retries, before failover. 

Restart PPP After IKE SA 
Retry Exceeds Specified 
Limit 

With this option enabled PPP connection is restarted when IKE SA retry reaches defined 
number of failed attempts. After restart SIM1 is used for connection. 

Enable tunnel failover 

Enable tunnel failover. If there is more than one tunnel defined, this option will failover 
to other tunnel in case that selected one fails to established connection. 

Ping IP or Hostname 

IP address/Hostname at remote side of tunnel which will be pinged in order to 
determine current state. 

Ping interval 

Specify time period in seconds between two ping. 

Packet size 

Specify packet size for ping message. 

Содержание GWR High Speed Router Series

Страница 1: ...GWR High Speed Cellular Router Series User Manual version 1 1 Date June 2014...

Страница 2: ...Status Router Monitoring 23 SETTINGS NETWORK 24 SETTINGS DHCP SERVER 25 SETTINGS WAN SETTING 27 SETTINGS WIRELESS 31 SETTINGS ROUTING 33 Port translation 34 SETTINGS DYNAMIC ROUTING PROTOCOL 35 Routi...

Страница 3: ...GOUT 78 CONFIGURATION EXAMPLES 79 GWR HS ROUTER AS INTERNET ROUTER 79 GRE TUNNEL CONFIGURATION BETWEEN TWO GWR HS ROUTERS 80 GRE TUNNEL CONFIGURATION BETWEEN GWR HS ROUTER AND THIRD PARTY ROUTER 84 IP...

Страница 4: ...on page 40 Figure 24 IPSec Summary screen 41 Figure 25 IPSec Settings 42 Figure 26 OpenVPN example 46 Figure 27 OpenVPN Summary screen 46 Figure 28 OpenVPN configuration page 49 Figure 29 OpenVPN netw...

Страница 5: ...re 80 IPSec configuration page III for GWR HS Router 2 92 Figure 81 IPSec start stop page for GWR HS Router 2 93 Figure 82 Network configuration page for GWR HS Router 1 94 Figure 83 IPSEC configurati...

Страница 6: ...2 Portforwarding example 119 Figure 123 GWR HS portforwarding configuration 119 Figure 124 Transparent serial connection 120 Figure 125 GWR HS Serial port settings 120 Figure 126 GWR HS settings for S...

Страница 7: ...meters 40 Table 12 IPSec Summary 42 Table 13 IPSec Parameters 45 Table 14 OpenVPN parameters 48 Table 15 PPTP parameters 51 Table 16 L2TP parameters 52 Table 17 Firewall parameters 54 Table 18 MAC fil...

Страница 8: ...ormance backup solution for existing land lines or satellite networks is now a simple task thanks to modern cellular networks Therefore no matter if the goal is to provide primary internet access or b...

Страница 9: ...tral site Vehicle based bank service POS Vending machine Bank office supervision Security Traffic control Video Surveillance Solutions Other Remote Office Solution Remote Access Solution There are num...

Страница 10: ...UART RS 232C 1 x USB Host RF characteristics GWR402 GPRS EDGE UMTS HSPA LTE LTE 800 900 1800 2100 2600 MHz UMTS HSDPA HSUPA 900 2100MHz GSM GPRS EDGE Quad band 850 900 1800 1900MHz GPRS EDGE multi sl...

Страница 11: ...p www justlinux com http www dhs org http www dyndns org http www ods org http www dyn ca http www tzo com http www easydns com http www dyns cx http www zoneedit com http www no ip com Firewall NAT P...

Страница 12: ...kets PPTP max number of tunnels 5 L2TP L2TP is suitable for Layer 2 tunneling L2TP max number of tunnels 5 GSM UMTS features Dual SIM support For operator backup SIM card detection Status of active SI...

Страница 13: ...et or a reset to factory defaults Warm reset If the GWR HS Router is having problem connecting to the Internet press and hold the reset button for a second using the tip of a pen Reset to Factory Defa...

Страница 14: ...Fi supported Figure 4 GWR HSW Router back panel WiFi supported Top Panel There is a sequence of 8 LED indicators on the top of this device by which the indication of the system current state WiFi stat...

Страница 15: ...er is in initializing state 4 Signal strength LED indicator 107 or less dBm Unacceptable 1 LED 107 to 98 dBm Weak 2 LED 98 to 87 dBm Moderate 3 LED 87 to 76 dBm Good 4 LED 76 or better dBm Excellent 5...

Страница 16: ...needed for the operation GSM antenna Ethernet cable and SIM card must be inserted And finally device should have powered up using power supply adaptor Power consumption of GWR HS router is 2W in stan...

Страница 17: ...User Manual Geneko GWR High Speed Router Series 17 Declaration of conformity Figure 7 Declaration of conformity...

Страница 18: ...and instructions Device configuration using web application The GWR HS Router s web based utility allows you to set up the Router and perform advanced configuration and troubleshooting This chapter w...

Страница 19: ...elds click Add link To Update the row in the table Change data directly in fields you want to change To Remove the row from the table Click Remove link to remove selected row from the table Save Reloa...

Страница 20: ...n CPU vendor Up Time since last reboot hardware resources utilization and MAC address of LAN port Screenshot of General Router information is shown at Figure 9 Data in Status menu are read only and ca...

Страница 21: ...se status Figure 11 DHCP Information Status WAN Information WAN Information Tab provides information about GPRS EDGE HSPA HSPA LTE connection and traffic statistics WAN information menu has three subm...

Страница 22: ...uter If Local DNS is configured it has priority to those DNS servers Status Firewall Firewall Information Tab provides information about active firewall and MAC filtering rules divided in three groups...

Страница 23: ...y active routes on the router The same information can be previewed on Routing page in first routing table Figure 14 Information about active routes Status Router Monitoring Router Monitoring Tab prov...

Страница 24: ...r portion of an IP address The GWR HS Router support sub netting You must specified subnet mask for your LAN TCP IP settings Primary Local DNS IP address of your primary local DNS server Secondary loc...

Страница 25: ...ld specifies the first of the contiguous addresses in the IP address pool IP Ending Address To This field specifies last of the contiguous addresses in the IP address pool Lease Duration This field sp...

Страница 26: ...User Manual Geneko GWR High Speed Router Series 26 Figure 17 DHCP Server configuration page...

Страница 27: ...pecifies Username for client authentication at GSM UMTS network Mobile provider will assign you specific username for each SIM card Password This field specifies Password for client authentication at...

Страница 28: ...alive option Advanced ping interval This field specifies the time interval of advanced ping proofing Advanced ping wait for a response This field specifies the timeout for advanced ping proofing Maxim...

Страница 29: ...onnection Status line show real time status connected disconnected If your SIM Card credit is too low the GWR HS Router will performed periodically connect disconnect actions WAN Settings advanced Lab...

Страница 30: ...is option should only be required if the peer is buggy and gets confused by requests from pppd for CCP negotiation Magic Number negotiation Disable magic number negotiation With this option pppd canno...

Страница 31: ...in Station mode where router is connected as wireless client to other router In following figure are represented wireless settings Figure 19 Wireless configuration page Each field is described in the...

Страница 32: ...is always in 802 11 power save mode Auto restores control of Power Save mode to the factory default Beacon Interval This is the time interval between beacon transmissions DTIM This value determines t...

Страница 33: ...t route Port translation Reroute TCP and UPD packets to desired destination inside the network Routing Settings Label Description Routing Table Enable This check box allows you to activate deactivate...

Страница 34: ...N interface is done on PPP and in reverse direction on br0 interface Destination IP This field specifies IP address of the incoming traffic Destination Netmask This field specifies netmask for the pre...

Страница 35: ...as the possible routes change Routing Information Protocol RIP The Routing Information Protocol RIP is a dynamic routing protocol used in local and wide area networks As such it is classified as an in...

Страница 36: ...nter in global configuration mode telnet 192 168 1 1 2602 telnet to eth0 at TCP port 2602 To enable RIP use the following commands beginning in global configuration mode router router rip To associate...

Страница 37: ...timer router timers basic UPDATE INTERVAL INVALID TIMEOUT GARBAGE COLLECT router no timers basic Configure interface for RIP protocol router interface greX router ip rip send version VERSION router i...

Страница 38: ...routers for virtual router with this ID in the network Priority Routers have a priority of between 1 255 and the router with the highest priority will become the master Password Enter authentication...

Страница 39: ...use PPTP which uses GRE Solution where you can use GRE protocol You need to encrypt multicast traffic GRE tunnels can carry multicast packets just like real network interfaces as opposed to using IPSe...

Страница 40: ...rify the integrity of the tunnel from end to end By default GRE tunnel keepalives are disabled Use the keepalive check box to enable this feature Keepalives do not have to be configured on both ends o...

Страница 41: ...bled or disabled After clicking on Start button only enabled tunnels will be started Status Field indicates status of the IPSec tunnel Click on Refresh button to see current status of defined IPSec tu...

Страница 42: ...Restart button Stop This button will stop all IPSec started negotiations Refresh Click on this button to refresh the Status field in the Summary table Table 12 IPSec Summary To create a tunnel click...

Страница 43: ...ostname behind the Router at the other end that can use this IPSec tunnel Select the type you want to use IP Only or hostname NOTE The Remote Security Group Type you select should match the Local Secu...

Страница 44: ...t Phase 2 Authentication method cannot be NULL and vice versa Phase 2 Authentication Select a method of authentication NULL MD5 or SHA1 The authentication method determines how the ESP packets are val...

Страница 45: ...ault interval is 20 seconds NAT Traversal Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port as defined in RFC 3947 N...

Страница 46: ...SSLv3 TLSv1 protocol and contains many security and control features The server and client have almost the same configuration The difference in the client configuration is the remote endpoint IP or ho...

Страница 47: ...advantages of being fast very secure and allowing key sizes of up to 448 bits Blowfish is designed to be used in situations where keys are changed infrequently OpenVPN supports the CBC cipher mode Ha...

Страница 48: ...local private key DH Group Choose the DH Group from the following 786 bits 1024 bits 1536 bits 2048 bits Remote Host or IP Address Specify server IP address or hostname Redirect Gateway This option a...

Страница 49: ...User Manual Geneko GWR High Speed Router Series 49 Figure 28 OpenVPN configuration page Figure 29 OpenVPN network topology...

Страница 50: ...PTP server Remote network After the tunnel is established route to this network will be added Remote netmask Netmask of remote subnet to route Domain Some PPTP servers require domain name for authenti...

Страница 51: ...sion id and its parent tunnel s tunnel id A tunnel must be created before a session can be created in the tunnel Figure 31 L2TP configuration page VPN Settings L2TP Tunneling Parameters Label Descript...

Страница 52: ...ch the session ID value being used at the peer Peer Cookie Optional peer cookie value is assigned to the session This is a 4 or 8 byte value specified as 8 or 16 hex digits e g 014d3636deadbeef The va...

Страница 53: ...orts and Custom option for user defined services Protocol Type of protocol TCP UDP UDPLITE AH SCTP ESP ICMP Custom Port Number of port Four options are available FULL UNDEF all port numbers RANGE for...

Страница 54: ...is number the default is 5 Action Back Click Back to return on firewall home page Reload Click Reload to discard any changes and reload previous settings Save Click Save to save your changes back to t...

Страница 55: ...changes back to the GWR HS router Table 18 MAC filtering parameters Figure 33 MAC filtering configuration page DMZ Host Demilitarized Zone DMZ allows one IP Address to be exposed to the Internet Becau...

Страница 56: ...rvice The type of service that you are using try one of no ip dhs pgpow dyndns dyndns static dyndns custom ods easydns dyns justlinux and zoneedit Custom Server IP The server IP to connect to Custom S...

Страница 57: ...nt of time to wait on I O network problem Period Time between update retry attempts default value is 1800 Reload Click Reload to discard any changes and reload previous settings Save Click Save to sav...

Страница 58: ...meters Serial Port over TCP UDP Settings Label Description Bits per second The unit and attached serial device such as a modem must agree on a speed or baud rate to use for the serial connection Valid...

Страница 59: ...ty port is closed default is 1 hour Check TCP connection Enable connection checking Kepalive idle time Set keepalive idle time in seconds Kepalive interval Set time period between checking Log level S...

Страница 60: ...stop bits are 1 and 2 The default is 1 Flow control Flow control manages data flow between devices in a network to ensure it is processed efficiently Too much data arriving before a device is prepared...

Страница 61: ...User Manual Geneko GWR High Speed Router Series 61 Figure 38 Modbus gateway configuration page...

Страница 62: ...After the command is executed router sends one of the following status reports to the user CONNECTING CONNECTED WAN_IP WAN IP address or the router DISCONNECTING DISCONNECTED 5 In order to establish...

Страница 63: ...nd SMS SMS Gateway is used for sending SMS with GET query Command format is following 192 168 1 1 cgi send_exec lua group sms phone 2B38164112233 message hello world auth YWRtaW46YWRtaW4 Field marked...

Страница 64: ...HS Router Only for information purpose Location This field specifies location of the GWR HS Router Only for information purpose Save Click Save button to save your changes back to the GWR HS Router R...

Страница 65: ...cters and cannot contain any space Confirm Password Re enter the new password to confirm it EnableRADIUS Authentication Activation or deactivation of function for authentication via remote RADIUS serv...

Страница 66: ...work Time Protocol NTP automatically Time Date This field species Date and Time information You can change date and time by changing parameters Sync Clock With Client Date and time setting on the basi...

Страница 67: ...on If you need to download the latest version of the GWR HS Router firmware please visit Geneko support site Follow the on screen instructions to access the download page for the GWR HS Router If you...

Страница 68: ...on on the router Import Configuration File To import a configuration file first specify where your backup configuration file is located Click Browse and then select the appropriate configuration file...

Страница 69: ...red Click Default Setting to have the GWR HS Router with default parameters Keep network settings check box allows user to keep all network settings after factory default reset System will be reset af...

Страница 70: ...screen to configure CLI parameters Figure 50 Command Line Interface Figure 50 Command Line Interface Command Line Interface Label Description CLI Settings CLI service on serial port This option is con...

Страница 71: ...routers More information about this utility can be found in other document Remote_Management pdf In order to use this utility user has to enable Remote Management on the router Figure 51 Figure 51 Re...

Страница 72: ...some basic functions of the router Connection Manager is enabled by default on the router and if you do not want to use it you can simply disable it Figure 52 Figure 52 Connection Manager Getting sta...

Страница 73: ...er Connection Wizard inspects the network whole broadcast domain you ll see a list of routers present in the network with following information Serial number Model Ethernet IP Firmware version Pingabl...

Страница 74: ...ction When you select one of the routers from the list and click Next you will get to the following screen Figure 55 Connection Wizard LAN Settings If you selected to configure LAN and WAN interface c...

Страница 75: ...d WAN Settings After entering the configuration parameters if you mark option Establish connection router will start with connection establishment immediately when you press Finish button If not you h...

Страница 76: ...SNMP configuration page SNMP Settings Label Description Enable SNMP SNMP is enabled by default To disable the SNMP agent click this option to unmark Get Community Create the name for a group or commu...

Страница 77: ...tral repository Figure 58 Syslog configuration page The GWR HS Router supports this protocol and can send its activity logs to an external server Syslog Settings Label Description Disable Mark this op...

Страница 78: ...be stored You can store System Ipsec events or both of them Enable syslog saver Save logs periodically on filesystem Save log every Set time duration between two saves Reload Click Reload to discard a...

Страница 79: ...he changes Use SIM card with a dynamic static IP address obtained from Mobile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS p...

Страница 80: ...or GSM UMTS networks GWR HS Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections...

Страница 81: ...u if you want to use host name as peer identifier KeepAlive enable no Period none Retries none Press ADD to put GRE tunnel rule into GRE table Press Save to accept the changes Figure 62 GRE configurat...

Страница 82: ...ab If disconnected please click Connect button Click VPN Settings GRE to configure GRE tunnel parameters Enable yes Local Tunnel Address 10 10 10 2 Local Tunnel Netmask 255 255 255 252 Unchangeable al...

Страница 83: ...ies 83 Figure 66 Routing configuration page for GWR HS Router 2 Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic On the device connected on GWR HS...

Страница 84: ...s it appears that it has two paths to the remote physical interface and the tunnel interface running through the tunnel This tunnel could then transmit unroutable traffic such as NetBIOS or AppleTalk...

Страница 85: ...rce FastEthernet0 0 tunnel destination 172 29 8 5 ip route 10 1 1 0 255 255 255 0 tunnel0 The GWR HS Router Sample Configuration Click Network Tab to open the LAN NETWORK screen Use this screen to con...

Страница 86: ...ress Save to accept the changes Figure 69 GRE configuration page Configure GRE Route Click Routing on Settings Tab Parameters for this example are Destination Network 10 2 2 0 Netmask 255 255 255 0 Fi...

Страница 87: ...el destination address Dynamic IP WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM UMTS ne...

Страница 88: ...N Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator Check the status of GSM UMTS conn...

Страница 89: ...2 Authentication MD5 Phase 2 SA Life Time 3600 Preshared Key 1234567890 Failover Enable Tunnel Failover false Advanced Compress Support IP Payload Compression Protocol IPComp false Dead Peer Detection...

Страница 90: ...onnection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec establishing requests from Connect side Figure 76 IPSec start stop page for GWR HS Router 1 Cli...

Страница 91: ...eway Type SIM card Local ID Type IP Address IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type IP IP Address 192 168 10 1 Remote Group Setup Remote Security Gatew...

Страница 92: ...s 92 Figure 78 IPSEC configuration page I for GWR HS Router 2 Figure 79 IPSec configuration page II for GWR HS Router 2 NOTE Options NAT Traversal and Send Initial Contact are predefined Figure 80 IPS...

Страница 93: ...indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec e...

Страница 94: ...configuration should be required from mobile operator Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button Click VPN Settings IPSEC to configure IPSEC...

Страница 95: ...Address Remote Security Group Type IP IP Address 192 168 10 1 Failover Eanble IKE failover false Enable Tunnel Failover false Advanced Compress Support IP Payload Compression Protocol IPComp false Dea...

Страница 96: ...IPSec tunnel If connection mode Connect is selected that indicates side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates si...

Страница 97: ...disconnected please click Connect button Click VPN Settings IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are Add New Tunnel Tunn...

Страница 98: ...false Advanced Compress Support IP Payload Compression Protocol IPComp false Dead Peer Detection DPD false NAT Traversal true Send Initial Contact true Press Save to accept the changes Figure 88 IPSEC...

Страница 99: ...side of IPSec tunnel which sends requests for establishing of the IPSec tunnel If connection mode Wait is selected that indicates side of IPSec tunnel which listens and responses to IPSec establishin...

Страница 100: ...WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM UMTS networks GWR HS Router connections m...

Страница 101: ...M 1 WAN connection is established over SIM 1 Local Security Group Type Subnet IP Address 192 168 10 0 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only IP Address 150 1...

Страница 102: ...User Manual Geneko GWR High Speed Router Series 102 Figure 94 IPSEC configuration page I for GWR HS Router Figure 95 IPSec configuration page II for GWR HS Router...

Страница 103: ...rvice timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Cisco Router boot start marker boot end marker username admin password 7 enable secret...

Страница 104: ...1 255 255 255 0 ip nat inside no ip route cache no ip mroute cache duplex auto speed auto ip route 0 0 0 0 0 0 0 0 150 160 170 2 ip http server no ip http secure server ip nat inside source list nat_l...

Страница 105: ...uter Idea is to create IPSec tunnel for LAN to LAN site to site connectivity Figure 98 IPSec tunnel between GWR HS Router and Cisco Router The GWR HS Routers requirements Static IP WAN address for tun...

Страница 106: ...ying Mode IKE with Preshared key Mode aggressive Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication SHA1 Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group G...

Страница 107: ...Geneko GWR High Speed Router Series 107 Figure 100 IPSEC configuration page I for GWR HS Router Figure 101 IPSec configuration page II for GWR HS Router Figure 102 IPSec configuration page III for GW...

Страница 108: ...Protocol Security page to initiate IPSEC tunnel Click Start button and after that Connect button on Internet Protocol Security page to initiate IPSEC tunnel Figure 103 IPSec start stop page for GWR HS...

Страница 109: ...figuration Step1 Create New Tunnel Interface Click Interfaces on Network Tab Figure 104 Network Interfaces list Bind New tunnel interface to Untrust interface outside int with public IP addresss Use u...

Страница 110: ...way Click New button Enter gateway parameters Gateway name TestGWR HS Security level Custom Remote Gateway type Dynamic IP address because your GWR HS router are hidden behind Mobile operator router s...

Страница 111: ...aversal enabled Click Return and OK Figure 108 Gateway advanced parameters Step 3 Create AutoKey IKE Click VPNs in main menu Click AutoKey IKE Click New button Figure 109 AutoKey IKE AutoKey IKE param...

Страница 112: ...ecurity level User defined custom Phase 2 proposal pre g2 3des sha Bind to Tunnel interface tunnel 3 from step 1 Proxy ID Enabled LocalIP netmask 10 10 10 0 24 RemoteIP netmask 192 168 10 0 24 Click R...

Страница 113: ...0 24 Gateway tunnel 3 tunnel interface from step 1 Click OK Figure 112 Routing parameters Step 5 Policies Click Policies in main menu Click New button from Untrust to trust zone Source Address 192 16...

Страница 114: ...peed Router Series 114 Click Policies in main menu Click New button from trust to untrust zone Source Address 10 10 10 0 24 Destination Address 192 168 10 0 24 Services Any Click OK Figure 114 Policie...

Страница 115: ...t configuration is the remote endpoint IP or hostname field Also the client can set up the keepalive settings For successful tunnel creation a static key must be generated on one side and the same key...

Страница 116: ...ation file directory Configuration file and pre shared key must be in same directory d If you have more remote locations every location has to have its own configuration file with different remote int...

Страница 117: ...OpenVPN interface which is in this case 2 2 2 2 Enter following command in the command prompt route p add 192 168 11 0 mask 255 255 255 0 2 2 2 2 first remote location route p add 192 168 12 0 mask 2...

Страница 118: ...PN status on PC On the GWR HS side status of the OpenVPN tunnel should be established Figure 121 OpenVPN status on GWR HS Portforwarding example Portforwarding feature enables access to workstations b...

Страница 119: ...from port range 300 400 is forwarded to workstation 192 168 1 4 to port 12345 4 WEB traffic from the workstation 192 168 1 5 is forwarded to one outside IP address 212 62 49 109 for example If Source...

Страница 120: ...ort application on central side As application is in server mode IP address of the workstation has to be accessible from the router In this example that is IP address GWR HS routers supports both serv...

Страница 121: ...CP UDP Settings Protocol TCP Mode client Server IP address 96 34 56 2 IP address of server Connect to TCP port 1234 Type of socket raw Enable local echo Disabled Enable timeout 3600 sec Keepalive Sett...

Страница 122: ...only should be enabled Figure 127 Virtual COM port application In Virtual Serial Port tab settings should be following Figure 128 Settings for virtual COM port IP address not used in server mode Port...

Страница 123: ...rface 2 Allow already established traffic For inbound TCP only Allows TCP traffic to pass if the packet is a response to an outbound initiated session 3 Allow TELNET on ppp_0 Accepts telnet connection...

Страница 124: ...nder firewall rules In the picture presented with green are marked permitted packets and with red blocked Figure 129 Firewall example Firewall is enabled in SETTINGS FIREWALL page Page for firewall co...

Страница 125: ...be changed from ACCEPT to REJECT ICMP error message type can be selected when policy reject is selected After that SAVE button should be pressed and user is returned to main configuration page 2 ICMP...

Страница 126: ...firewall rule configuration shown above IP address stated in Source address field is excluded from REJECT policy but in order to allow ping from that IP address it has to be matched with another rule...

Страница 127: ...DD NEW RULE button Policy should be configured in following way Rule name Allow SSH Enable selected Chain INPUT Service Custom Protocol TCP Port Custom 22 Input interface ppp_0 Source address Range 21...

Страница 128: ...uration page Priority of rule is changed by selecting number in drop down menu In this example number 8 is selected 8 Access from LAN to router is allowed This is first rule in predefined firewall set...

Страница 129: ...selected and user is returned to main configuration page Priority of rule is changed by selecting number in drop down menu In this example number 9 is selected Additionally to these 11 rules two more...

Страница 130: ...anual Geneko GWR High Speed Router Series 130 Figure 137 Complete firewall configuration SMS management example GWR HS routers can be managed over the SMS messages Commands from the SMS are executed o...

Страница 131: ...is one of four possible states CONNECTING CONNECTED WAN_IP WAN IP address DISCONNECTING DISCONNECTED 5 SWITCH SIM for changing SIM slot 6 REBOOT for router reboot After every SMS sent to the router r...

Страница 132: ...on switch SIM SIM2 Ping target 212 62 32 1 Ping interval 120 Advanced ping interval 10 Advanced ping wait for response 5 Maximum number of failed packets 40 more restrictive condition compared to SIM1...

Страница 133: ...HS Router outside the building and run an RJ 45 Ethernet cable to your switch located in the building Keep antenna cable away from interferers AC wiring Antenna Options Once optimum placement is achi...

Отзывы:

Нет отзывов

Похожие инструкции для GWR High Speed Router Series

D-Link Air DCS-1000W Setting-Up Manual preview
Air DCS-1000W
Бренд: D-Link Страницы: 13
Accelerated 6330-MX User Manual preview
6330-MX
Бренд: Accelerated Страницы: 10
Accelerated 6300-CX Customer Setup Instructions preview
6300-CX
Бренд: Accelerated Страницы: 4
Datasheen D902AC User Manual preview
D902AC
Бренд: Datasheen Страницы: 25
Oracle Talari E1000 Installation Manual preview
Talari E1000
Бренд: Oracle Страницы: 24
Vaisala TERMBOX-1200 User Manual preview
TERMBOX-1200
Бренд: Vaisala Страницы: 32
ICT Protege PRT-PX16-PCB Installation Manual preview
Protege PRT-PX16-PCB
Бренд: ICT Страницы: 34
Planet ADSL 2/2+ VPN Firewall Router ADE-4300A/B User Manual preview
ADSL 2/2+ VPN Firewall Router ADE-4300A/B
Бренд: Planet Страницы: 132
EVOC 6336-STG-YX Manual preview
6336-STG-YX
Бренд: EVOC Страницы: 57
Airlink101 AWMB100 User Manual preview
AWMB100
Бренд: Airlink101 Страницы: 46
Zoom Realtek Series User Manual preview
Realtek Series
Бренд: Zoom Страницы: 31
Doro GW7001 Quick Installation Manual preview
GW7001
Бренд: Doro Страницы: 50
Watchguard Firebox T20 Hardware Manual preview
Firebox T20
Бренд: Watchguard Страницы: 21
Toto Link ND300V2 Manual preview
ND300V2
Бренд: Toto Link Страницы: 57
Linksys WRT330N - Wireless-N Gigabit Gaming Router Wireless User Manual preview
WRT330N - Wireless-N Gigabit Gaming Router Wireless
Бренд: Linksys Страницы: 92
B&B Electronics ZXT9-IO-222R2 Product Manual preview
ZXT9-IO-222R2
Бренд: B&B Electronics Страницы: 74
3Com 3CRWE737A - 11Mbps Airconnect Wireless Lan PC Card... Datasheet preview
3CRWE737A - 11Mbps Airconnect Wireless Lan PC Card...
Бренд: 3Com Страницы: 6
IBM Turbo 16/4 Token-Ring PC Card 2 User Manual preview
Turbo 16/4 Token-Ring PC Card 2
Бренд: IBM Страницы: 123

Бренды по названию

Популярные бренды

Загрузить еще бренды