manualshive.com logo in svg

InHand InGateway502, Руководство пользователя

Поделиться
Скачать
InHand InGateway502 Скачать руководство пользователя страница 93

89 

 

Transport Mode: inserts an IPsec header (AH or ESP) between the IP header 

and upper-layer protocol header. This mode retains the original IP header but 

changes the IP protocol field to AH or ESP, and calculates a new checksum for 

the IP header. The transport mode is applicable to communication between two 

hosts or between a host and a security gateway. 

 

IPsec Tunnels 

o

 

Basic Parameters 

 

Destination Address: specifies the IP address or domain name of the 

IKE peer. (Set this parameter to 0.0.0.0 when the IG902 acts as a 

server.) 

 

Map Interface: specifies the interface to which the IPsec policy is 

applied. 

 

IKE Version: specifies the version of the IKE protocol. Options are 

IKEv1 and IKEv2. 

 

IKEv1 Policy: specifies a policy ID defined in the IKEv1 policy list. 

 

IKEv2 Policy: specifies a policy ID defined in the IKEv2 policy list. 

 

IPsec Policy: specifies a policy ID defined in the IPsec policy list. 

 

Authentication Type: specifies the authentication method used 

for the IPsec tunnel. Shared key authentication and digital 

certificate authentication are supported. 

 

Shared Key: specifies the shared key used for 

authentication. 

 

Digital Certificate: specifies the digital certificate used for authentication. You 

need to import a valid certificate on the certificate management page. 

 

Negotiation Mode: specifies the mode of IKEv1 negotiation. 

 

Main Mode: separates key exchange information from the identity information. 

This mode protects identity information to enhance the security. 

 

Aggressive Mode: does not provide identity authentication but meets 

requirements of some special network environments. The aggressive mode 

can be used when the address of the tunnel initiator cannot be obtained in 

advance or keeps changing, but both parties want to establish an IKE SA by 

using a pre-shared key. 

 

Local Subnet: specifies the source network of the interested flow defined for 

the IPsec tunnel. 

 

Remote Subnet: specifies the destination network of the interested flow defined 

for the IPsec tunnel. 

Содержание InGateway502

Страница 1: ......

Страница 2: ...d interpretation 2021 InHand Networks All rights reserved Conventions Symbol Indication Content in angle brackets indicates a button name For example the OK button indicates a window name or menu name...

Страница 3: ...r Supply 13 3 6 Installing the Ground Protection 13 3 7 Connecting the Network Cable 14 3 8 Connecting Terminals 14 3 8 1 Power serial Terminals 14 3 8 2 IO Terminal 15 4 Configuring Network Connectio...

Страница 4: ...re Upgrade 75 4 7 6 Access Tools 76 4 7 7 User Management 79 4 7 8 Reboot 80 4 7 9 Network Tools 81 4 7 10 3rd Party Notification 83 4 8 Advanced 83 4 8 1 Administration 83 4 8 2 Services 84 4 8 3 VPN...

Страница 5: ...ctual product during operation 2 Packing List Each edge computing gateway product is delivered with accessories such as standard accessories frequently used at the customer site Check the received pro...

Страница 6: ...cification Product warranty card 1 Warranty period 1 year Certificate of conformance 1 Certificate of conformance for the edge computing gateway Optional accessories Accessory Quantity Description AC...

Страница 7: ...puting gateway 2 1 Panel Figure 2 1 IG502 Caution The IG502 series product is applicable to multiple panel appearances as they have the same installation method Refer to the actual product during oper...

Страница 8: ...4 2 2 Structure and Dimensions Figure 2 2 1 Wall Mounting A Figure 2 3 2 Wall Mounting B...

Страница 9: ...rrounding environment Avoid direct sunlight and keep away from thermal sources or areas with strong electromagnetic interferences Install the gateway product on an industrial DIN rail Check whether th...

Страница 10: ...3 1 2 Uninstalling with a DIN Rail Procedure Step 1 Press the device downward in the direction indicated by arrow 1 in Figure 3 2 to create a gap near the lower end of the device so that the device is...

Страница 11: ...7 Figure 3 1 2 DIN rail disassembly schematic diagram 3 2 Installing and Uninstalling the Device in Wall mounted Mode 3 2 1 Installing in Wall mounted Mode 3 2 1 1 Wall Mounting A 1 2...

Страница 12: ...y using a screwdriver as shown in Figure 3 2 1 1 Figure 3 2 1 1 Wall mounted installation diagram Step 3 Take out the screws packaged with the wall mounting bracket fasten the screws in the installati...

Страница 13: ...gh space for installation Step 2 Install the wall mounting bracket on the back of the device by using a screwdriver as shown in Figure 3 2 2 1 Figure 3 2 1 2 1 Wall mounted installation diagram Step 3...

Страница 14: ...secure as shown in Figure 3 2 2 1 2 Figure 3 2 1 2 Wall mounted installation diagram 3 2 2 Uninstalling in Wall mounted Mode Procedure Hold the device with one hand and unfasten the screws that fix th...

Страница 15: ...ual SIM card Figure 3 3 Install SIM card 3 4 Installing an Antenna Revolve the movable part of the metal SMAJ interface with gentle force until it cannot be revolved in which state the outer thread of...

Страница 16: ...antenna ANT antenna and AUX antenna The ANT antenna sends and receives data The AUX antenna only increases the antenna signal strength and cannot be used independently for data transmission Only the...

Страница 17: ...e locking screw on the terminal Step 3 Connect the power cable to the terminal and fasten the locking screw Figure 3 5 Installing the Power Supply 3 6 Installing the Ground Protection Procedure Step 1...

Страница 18: ...ce resistance Connect the ground cable to the ground post of the gateway based on the operation environment 3 7 Connecting the Network Cable Connect the gateway to a PC directly by using the Ethernet...

Страница 19: ...nd fasten the screws Sort the cables in order Figure 3 8 Terminal line 3 8 2 IO Terminal IG502 supports the digital input pulse counting digital output and pulse output functions In addition IG502 can...

Страница 20: ...0 V DC 1 connected 1 10 V DC to 30 V DC 30 V DC to 10 V DC 4 mA min Figure 3 8 2 1 Digital input 3 8 2 2 Pulse counting A maximum of 3000 Hz pulse signal counting is supported up to 4294967296 The fo...

Страница 21: ...supply is connected no voltage is output The maximum voltage output is 30 V 500 mA The following figure shows the connection modes 0 OFF 1 ON Figure 3 8 2 3 Digital output 3 8 2 4 Pulse output A maxim...

Страница 22: ...18 Figure 3 8 2 4 Pulse output Note This section is only applicable to IG500 with industrial interfaces...

Страница 23: ...efault the IP address of WAN LAN on IG502 is 192 168 1 1 the IP address of LAN on IG502 is 192 168 2 1 This document uses the LAN port to access the IG502 as an example Set the PC s IP address to be o...

Страница 24: ...address Select Use the following IP address enter an IP address By default any from 192 168 2 2 to 192 168 2 254 subnet mask By default 255 255 255 0 default gateway By default 192 168 2 1 and DNS se...

Страница 25: ...p to the web login page Enter the user name default adm and password default 123456 and click OK or press Enter to access the web configuration page Figure 4 2 Login gateway Web management interface 4...

Страница 26: ...lish 4 4 Overview The Overview page displays information about the IG502 such as its network connection status system information and data usage You can quickly obtain the IG502 running status on this...

Страница 27: ...arameters to connect the IG502 to a cellular network or view details about the dial up interface on this page Follow these steps to configure the dial up interface 1 Choose Network Network Interfaces...

Страница 28: ...DMA LTE system provides services based on the APN of the connected WCDMA LTE network This parameter does not need to be set for the CDMA2000 series Access Number specifies the dial string provided by...

Страница 29: ...is gprs o Password specifies the password of the PDN user It is provided by your network operator The default value is gprs Dual SIM Enable enables or disables the dual SIM card mode oMain SIM specifi...

Страница 30: ...the auto mode in which the gateway automatically registers to the suitable network Profile specifies the index of the dial up parameter set Roaming enables the roaming function to allow the gateway t...

Страница 31: ...e system o On demand Dial Data Trigger indicates that the gateway is offline by default and will dial up automatically when data is sent to the Internet o Manual Dial indicates that the network connec...

Страница 32: ...t period of an ICMP probe If the gateway does not receive any ICMP Reply packet within this period it considers that the ICMP probe times out o ICMP Detection Max Retries specifies the maximum number...

Страница 33: ...way checks the module status and dials up to the network again o MRU specifies the maximum receive unit which is expressed in bytes o MTU specifies the maximum transmit unit which is expressed in byte...

Страница 34: ...o Expert Options allows you to set command parameters 4 5 1 2 WAN The following figure shows the configuration of WAN LAN with Interface Type set to WAN The Ethernet parameters are described as follo...

Страница 35: ...information through DHCP Static IP mode Primary IP specifies the IP address of the Ethernet interface By default the IP address of WAN LAN is 192 168 1 1 and the IP address of LAN is 192 168 2 1 Netm...

Страница 36: ...t is physically connected After this feature is disabled the interface state is displayed as UP regardless of whether the interface is physically connected o Shutdown disables the interface o Descript...

Страница 37: ...interface Secondary IP Setting allows you to set up to 10 secondary IP addresses in addition to the primary IP address 4 5 1 4 Loopback The loopback interface is a logical virtual interface on the IG...

Страница 38: ...ge You can set or view loopback interface parameters on this page 2 Click the Add icon in the table under Secondary IP Setting to add a secondary IP address for the loopback interface The default IP a...

Страница 39: ...ation is assigned dynamically You can configure a DHCP server and view its configuration on the DHCP Server page Follow these steps to configure a DHCP server 1 Choose Network Network Services DHCP DH...

Страница 40: ...ess pool for address allocation to DHCP clients Ending Address specifies the end IP address of the IP address pool for address allocation to DHCP clients Lease specifies the validity period of allocat...

Страница 41: ...applications by using easy to remember meaningful domain names which are then translated into the correct IP addresses by a DNS server on the network You can configure a DNS server and the DNS relay s...

Страница 42: ...service cannot be disabled when the DHCP server feature is enabled 3 Click the Add icon to add a domain name IP address pair 4 Enter the domain name or IP address of a host and specify the matching IP...

Страница 43: ...work Network Services Host List to display the Host List page as shown in the following figure 4 5 3 Routing 4 5 3 1 Routing Status Choose Network Routing Routing Status to display the Routing Status...

Страница 44: ...outing page Then packets sent to a specific destination are forwarded through the specified route Generally you do not need to configure static routes Follow these steps to configure a static route 1...

Страница 45: ...4 Click OK to save the configuration and then click Submit to apply the configuration The following figure shows the configuration of a static route Parameters of a static route are described as foll...

Страница 46: ...cifies the track index or ID 4 5 4 Firewall 4 5 4 1 ACL An access control list ACL permits or denies specified data flows such as the data flow from a specified source IP address or account based on a...

Страница 47: ...under ACL to add an access control list on a specified interface 5 Set the parameters For details about these parameters see access control list parameter description 6 Click OK to save the configura...

Страница 48: ...44 The following figure shows the configuration of an extended access control policy...

Страница 49: ...45 The following figure shows the configuration of an access control list...

Страница 50: ...smaller value indicates a higher priority of the rule Action permits or denies forwarding of matching packets Source IP specifies the source IP address of packets in the ACL rule If this field is kep...

Страница 51: ...ss of packets in the ACL rule If this field is kept blank the rule matches packets from all networks Source Wildcard specifies the wildcard mask of the source IP address in the ACL rule Source Port sp...

Страница 52: ...ablished connections If this option is deselected the system controls TCP packets on both established and unestablished connections This parameter is available only when the TCP protocol is selected F...

Страница 53: ...follows 1 Choose Network Firewall NAT to display the NAT page 2 Select an interface from the Interface drop down list 3 Click the Add icon under Network Address Translation NAT Rules to add an NAT ru...

Страница 54: ...n feature that translates source IP addresses of data packets into another IP address Generally this feature is used for data packets sent to the Internet through the router DNAT uses the destination...

Страница 55: ...esses Outside translates public IP addresses Translation Type which can be IP to IP IP to INTERFACE IP PORT to IP PORT ACL to INTERFACE ACL to IP Access Control List unavailable for 1 1 NAT specifies...

Страница 56: ...cess this document takes Device Supervisor as an example Step 1 Install the App Before installing the App you need to ensure that the Python Edge Computing Engine is enabled and the Python SDK is inst...

Страница 57: ...53 After importing you can view the imported Apps as shown in the following figure Step 2 Run the App Select enable App and click Submit...

Страница 58: ...54 Once enabled the App automatically runs and will run every time the IG502 is started...

Страница 59: ...onfiguration files to modify the running mode you can update the App running configuration by referring to the following process Step 1 Choose Edge Computing Python Edge Computing click the Import Con...

Страница 60: ...56 Step 2 Restart the App after the import is successful After the App restarts it will runing according to the imported configuration file...

Страница 61: ...57 4 6 1 3 Update Python App version Generally if you need to update the Python App version you only need to import the new version of the App on the Edge Computing Python Edge Computing page...

Страница 62: ...58 After the update is completed as shown below...

Страница 63: ...you need to enable IG502 s debug mode Choose Edge Computing Python Edge Computing select Enable Debug Mode After enabling you can develop IG502 through VS Code How to use VS Code for Python developmen...

Страница 64: ...r to listen on port 22 of LAN default IP address being 192 168 2 1 The user name and password of the SSH server are displayed on the previous web page A random password is generated every time the deb...

Страница 65: ...and obtaining I O status data is as follows Step 1 configure the I O functions Choose Edge Computing IO Module Configuration and configure the I O functions based on the site requirements The followin...

Страница 66: ...62 Pulse counting The starting value is 0 After power down the value counted by the power down is retained...

Страница 67: ...63 Digital output Pulse output According to the frequency of 5000 Hz the duty cycle is 50 for the pulse output...

Страница 68: ...l Set the pulse counting and pulse output After setting DI to the pulse counting click Start to count the pulses received by the DI Otherwise do not count it Click Reset to reset the count value to th...

Страница 69: ...n the Enable switch to enable the Modbus TCP Slave function This function allows Modbus TCP Master to read the I O status of IG502 After you turn on the External Access switch Modbus TCP Master outsid...

Страница 70: ...e I O status of IG502 in Step 3 as an example First add a Modbus TCP controller and set the controller communication parameters based on Modbus TCP Slave Then configure the data to be collected accord...

Страница 71: ...67...

Страница 72: ...68 After the configuration is completed you can obtain DI0 Counter Value 4 7 System 4 7 1 System Time...

Страница 73: ...evices maintain the same clock to provide applications based on the consistent time Follow these steps to set the system time Method 1 Select a time zone 1 Choose System System Time to display the Sys...

Страница 74: ...ters see SNTP client parameter description 4 Click Submit to apply the configuration 4 7 2 System Logs Choose System Log to display the Log page This page displays a large amount of information about...

Страница 75: ...ter this option is selected all passwords configured on the IG502 web system are displayed in encrypted text This feature improves the security of passwords Configuration Files Operations Import Start...

Страница 76: ...Restore Factory Configuration allows you to restore the factory settings of the IG502 This operation restores all parameters on the IG502 to the default settings The factory settings are restored aft...

Страница 77: ...e maintenance channels and the InHand Device Manager platform mainly provides users with gateway management services such as batch remote upgrades etc Server address the address of the InHand Cloud Re...

Страница 78: ...74 After the IG502 is successfully connected to the InHand Device Manager the status is described as Connection Accepted...

Страница 79: ...s or better user experiences Follow these steps to upgrade the firmware version 1 Choose System Firmware Upgrade to display the Firmware Upgrade page 2 Click Select File to select a firmware file for...

Страница 80: ...ls page 2 Select Enable HTTPS and set the parameters For details about these parameters see HTTPS parameter description 3 Click Submit to apply the configuration Configure Telnet 1 Choose System Acces...

Страница 81: ...ng figure shows the configuration of HTTPS based management The HTTPS parameters are described as follows 1 Listen IP Address specifies the listening IP address Options include Any 127 0 0 1 and other...

Страница 82: ...he Telnet parameters are described as follows 1 Listen IP Address specifies the listening IP address Options include Any 127 0 0 1 and other IP addresses 2 Port specifies the listening port number of...

Страница 83: ...ber of SSH 3 Timeout specifies the SSH timeout period The valid value range is 0 120 4 Key Mode fixed as RSA 5 Key Length specifies the length of the key used Options are 512 1024 2048 and 4096 6 Remo...

Страница 84: ...e steps to add a user 1 Choose System User Management to display the User Management page 2 Click the Add icon to add a user 3 Set the parameters 4 Click OK to save the configuration 4 7 8 Reboot Choo...

Страница 85: ...2 on this page You can enter some extension options in the Expert Options area For example expert option t for the ping tool enables the IG502 to ping a specified host continuously until you stop the...

Страница 86: ...ute used to transmit IP datagrams to a destination The following figure shows the configuration of a traceroute test The Tcpdump tool can be used to capture packets transmitted on a specified interfac...

Страница 87: ...statement about the third party software used for the IG502 4 8 Advanced 4 8 1 Administration 4 8 1 1 System On this page you can view the system status and network status including the firmware versi...

Страница 88: ...84 4 8 2 Services 4 8 2 1 DDNS The DDNS parameters are described as follows Method Name specifies the name Service Type specifies the type of the software Dynamic Domain Name Service Disable DynAccess...

Страница 89: ...ynamic DynDNS Static Url the address of a web page on the world wide web Username Registered username for DDNS Password Registered password for DDNS Hostname Registered hostname for DDNS 4 8 2 2 Data...

Страница 90: ...er to ensure the security of data transmission over the Internet IPsec lowers the risk of data leakage and interception ensures data integrity and confidentiality and protects security of service data...

Страница 91: ...IKEv2 Policy o ID specifies the ID of an IKEv2 policy o Encryption specifies the algorithm used to encrypt plain text Options are 3DES DES AES128 AES192 and AES256 3DES uses three 64 bit DES keys to...

Страница 92: ...payload The receiver calculates the digest for the received IP packet and compares it with the digest field carried in the packet to determine whether the packet has been tampered with during transmis...

Страница 93: ...list Authentication Type specifies the authentication method used for the IPsec tunnel Shared key authentication and digital certificate authentication are supported Shared Key specifies the shared k...

Страница 94: ...er the receiving end triggers a DPD probe by sending a DPD request to the peer it waits for a DPD response If no DPD response is received from the peer it deletes the IPsec SA The valid value range is...

Страница 95: ...itiate a connection This mode is often used on a server On demand indicates that the local device completes IKE negotiation to set up an IPsec tunnel only when detecting IPsec packets on the interface...

Страница 96: ...er end The GRE parameters are described as follows Enable enables or disables GRE Index specifies a GRE tunnel ID The valid range is 1 100 Network Type specifies the GRE network type Local Virtual IP...

Страница 97: ...cription of the GRE tunnel Note NHRP is applicable only to dynamic multipoint virtual private networks DMVPNs and does not need to be enabled for GRE GRE is usually used when both ends use a fixed pub...

Страница 98: ...scribed as follows Enable enables or disables the OpenVPN client Index specifies a tunnel ID OpenVPN Server specifies the IP address or domain name of an OpenVPN server Port specifies the port number...

Страница 99: ...nd subnet net30 Four IP addresses with a 30 bit mask are selected from the IP address pool The larger one between the two intermediate IP addresses is used as the IP address of the client s virtual NI...

Страница 100: ...tting must be the same on the client and server o Compression LZO specifies the compression format of data transmitted over the OpenVPN tunnel o Redirect Gateway enables the OpenVPN interface to act a...

Страница 101: ...s expressed in bytes o Enable Debug enables or disables debugging logs o Expert Configuration specifies OpenVPN extension parameters o Import Configuration Select the OpenVPN configuration file you wa...

Страница 102: ...the interface used to establish the OpenVPN tunnel Interface Type specifies the type of data sent from the interface Tun mostly used for IP based communication Tap allows complete Ethernet frames to...

Страница 103: ...t of data transmitted over the OpenVPN tunnel The setting must be the same as that on the client Link Detection Interval specifies the interval for sending link detection packets after an OpenVPN tunn...

Страница 104: ...clients and certification authorities CAs The certification management parameters are described as follows Enable SCEP enables or disables the Simple Certificate Enrollment Protocol Force to re enroll...

Страница 105: ...e through SCEP for example http 100 17 145 158 8080 certsrv mscep mscep dll Common Name specifies the general name of the certificate required FQDN specifies the fully qualified domain name FQDN of th...

Страница 106: ...m the server The valid value range is 30 3600 and the unit is second Poll Timeout specifies the maximum duration for querying the certificate status The device considers the certificate application fa...

Страница 107: ...on within 10s after the device is powered on 3 When the ERR indicator turns red release the RESET button 4 After a few seconds when the ERR indicator turns off hold down the RESET button again 5 When...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды