manualshive.com logo in svg

insys icom EBW-E100, Руководство пользователя

Поделиться
Скачать
insys icom EBW-E100 Скачать руководство пользователя страница 64

Functions 

EBW-E100 

 

 

64 

In order to assign a descriptive name to the loaded tunnel, enter it into 
the field "Tunnel name". This makes the assignment of messages in the 
log or status view easier. 

In order to specify the remote terminal, to which the tunnel is to be 
established, enter the IP address or the domain name of the remote 
terminal into the field "IP address or domain name of remote site". If no 
remote terminal is specified, incoming connection requests from all 
remote terminals are accepted, but no connection can be initiated. In this 
case, the "Action on dead peer" of the dead peer detection must be set 
to "hold", since no new incoming connection request can be accepted 
any more in case the existing connection has been terminated. 

In order to define a network behind the switch of the EBW-E100 to be 
tunnelled, enter this network with according netmask into the field 
"Local subnet". This does not have to be the actual local subnet, but can 
also be behind further gateways. In such a case it must be observed that 
the required routing rules are entered correctly. If this field is not 
completed, the local subnet is used automatically. 

In order to define the local subnet behind the remote terminal, enter this 
network with according netmask into the field "Remote subnet". Only 
data, which is addressed to this network, is packed in ESP packets. 

In order to specify the ID of the remote terminal, enter it into the field 
"Remote ID". The respective IP address is used as ID by default. If the 
actual IP address differs from the received ID (e.g. due to NAT routers in 
between) or is unknown, the ID of the remote terminal can be specified 
explicitly (a self-defined string, which must contain an "@"). When using 
certificates, the DN (Distinguished Name) is used as ID by default. The 
domain name of the remote terminal can also be used as ID, because it is 
resolved by a DNS lookup. 

In order to adjust the own ID, enter it into the field "Local ID". This is only 
necessary, if the default ID can or shall not be used. 

In order to permit only a certain protocol and a certain port for the local 
tunnel end, enter the IANA protocol number and the port (if the protocol 
supports ports) into the fields "Local protocol and port". If protocol 
and/or port are not specified here, all protocols or ports are permitted. 

In order to permit only a certain protocol and a certain port for the 
remote tunnel end, enter the IANA protocol number and the port (if the 
protocol supports ports) into the fields "Remote protocol and port". If 
protocol and/or port are not specified here, all protocols or ports are 
permitted. 

In order to specify the authentication mode, select it in the drop-down 
list "Authentication mode". The main mode is more secure, because all 
authentication data is transmitted encrypted. The aggressive mode is 
quicker, because it does not use encryption and the authentication is 
preformed via a passphrase. 

Содержание EBW-E100

Страница 1: ...EBW E100 Manual...

Страница 2: ......

Страница 3: ...Inc IBM PC AT XT are registered trademarks of International Business Machine Cor poration INSYS VCom e Mobility LSG and e Mobility PLC are registered trademarks of INSYS MICROELECTRONICS GmbH Windows...

Страница 4: ...Electrical Installation 13 2 9 General Safety Instructions 13 3 Using Open Source Software 15 3 1 General Information 15 3 2 Special Liability Regulations 16 3 3 Used Open Source Software 16 4 Scope o...

Страница 5: ...3 2 OpenVPN General 51 12 3 3 Setting Up an OpenVPN Server 53 12 3 4 Setting Up an OpenVPN Client 56 12 3 5 PPTP General 60 12 3 6 Setting Up a PPTP Server 60 12 3 7 Setting Up a PPTP Client 61 12 3...

Страница 6: ...e Disposal 90 14 1 Repurchasing of Legacy Systems 90 15 Declaration of Conformity 91 16 FCC Statement 92 17 Licenses 93 17 1 GNU GENERAL PUBLIC LICENSE 93 17 2 GNU LIBRARY GENERAL PUBLIC LICENSE 96 17...

Страница 7: ...of our Delivery and Purchasing Conditions are effective These can be found on our website www insys icom de imprint under General Terms and Conditions 1 2 Feedback We are permanently improving our pr...

Страница 8: ...ion It might cause death or severe injuries if not avoided Caution Slight injury and or material damage This symbol in conjunction with the key word Caution indicates a possibly hazardous or harmful s...

Страница 9: ...rerequisites which must be fulfilled to be able to process the subsequent steps in a meaningful way You will also learn which software or which equipment you will need 1 One individual action step Thi...

Страница 10: ...the operating conditions of the device are effective An optimum protection of the personnel and the environment from hazards as well as a safe and fault free operation of the product is only possible...

Страница 11: ...ned expert personnel which has been authorised by the plant opera tor The expert personnel must have read and understood this documentation and observe the instructions Electrical connection and commi...

Страница 12: ...ately from residual waste via appropriate collecting points See also Section Disposal in this manual CE marking By applying a CE marking the manufacturer confirms that the product complies with the Eu...

Страница 13: ...o commissioning of the device to be able to isolate it completely from power supply 2 9 General Safety Instructions Caution Moisture and liquids from the environment may seep into the interior of the...

Страница 14: ...uct due to overvoltage Install suitable overvoltage protection Caution Damage due to chemicals Ketones and chlorinated hydrocarbons dissolve the plastic housing and damage the surface of the device Ne...

Страница 15: ...of charge We do not de mand usage fees or any comparable fees for the use of the open source software contained in our product The use of the open source software in our product by the customer is not...

Страница 16: ...ective effective open source software license for the respective open source software as listed in the following are effective for the use of the open source software beyond the purpose of the contrac...

Страница 17: ...E100 1 Quick Installation Guide The scope of delivery does not include optional accessories The following parts are available from your distributor or INSYS icom DIN rail power supplies The following...

Страница 18: ...erature range 30 C 70 C max 85 C s below Maximum permissible humidity 95 non condensing IP rating Housing IP40 Terminals IP20 Table 1 Physical Features Max specification applies to occasional data tra...

Страница 19: ...l elements on the front of the device Position Description 1 Reset key 2 Power LED 3 COM LED 4 Signal LED 5 Status LED 6 Activity LED for LAN ext 7 Link LED for LAN ext 8 Activity LED for LAN 9 Link L...

Страница 20: ...PP data traffic Status green VPN VPN connec tion estab lished red Status Initialization FW update fault Table 4 Meaning of display elements 6 2 Function of the Control Elements Description Operation M...

Страница 21: ...nt Panel Connections Figure 2 Connections on the front panel of the device Position Description 1 Ethernet port LAN 1 RJ45 10 100 BT 2 Ethernet port LAN 2 ext RJ45 10 100 BT Table 6 Description of the...

Страница 22: ...the device Terminal Designation Description 1 10 48 VDC Power supply 10 V 48 V DC 2 GND Ground 3 Reset Reset input Table 7 Description of the connections on the top of the device The reset input must...

Страница 23: ...eLess Address Auto Configuration If a router with router advertisement advertises IPv6 address prefixes in the LAN the router configures itself another IPv6 address with the advertised prefix in addit...

Страница 24: ...outside via an unsafe network An entire LAN can also be connected interception proof and interference proof via an unsafe Internet connection through a VPN tunnel to another network e g the company ne...

Страница 25: ...Stateful Firewall will allow connections also for protocols with special requirements e g FTP MAC filter The MAC filter allows that only those packets are accepted at the Ethernet interface that come...

Страница 26: ...a comfortable option for an alternative configuration Firmware update via web interface The firmware can be updated via the web interface An update can be performed locally or remotely Automatic daily...

Страница 27: ...damage of the product The device must not be used in wet or damp environments or in the direct vicinity of water Install the device at a dry location protected from water spray Disconnect the power su...

Страница 28: ...edge of the DIN rail 2 Lift the device perpendicular to the DIN rail until the two lower flexible snap in hooks engage in the DIN rail The EBW E100 is now readily mounted Connecting the power supply T...

Страница 29: ...al for the power supply The EBW E100 is disconnected from the power supply Removing the device from the DIN rail How to uninstall the EBW E100 from a DIN rail in a switch cabinet You will need a small...

Страница 30: ...shown in the following figure The plastic spring of the snap in hook is stretched 3 While you hold the plastic spring apart with the lower snap in hooks pull the device away from the DIN rail 4 Un ho...

Страница 31: ...an external LAN The power supply is disabled You will need a Cat 5 network patch cable You will need a network card in the PC You will need a connection to your external LAN via a network cable 1 Loc...

Страница 32: ...e URL http 192 168 1 1 into the address bar The browser loads the start page of the EBW E100 If you see the message in your browser window that the page with this address cannot be found follow the fo...

Страница 33: ...lawless configuration Configuring with the web interface How to configure with the web interface basically The device is ready for operation and you have access to it refer to Commissioning section 1...

Страница 34: ...S protocol the browser indicates again that an invalid security certificate is used The certificate is not trusted because the Common Name of the certificate differs from your input in the address bar...

Страница 35: ...ication with password and enter the access data into the respective fields For an authentication at the Radius server select the radio button Authentication at Radius server The Radius server must be...

Страница 36: ...address LAN In order to configure a static IP address enter the IPv4 address of the router in the LAN as well as the netmask When changing the local IP address the address range of the DHCP server wi...

Страница 37: ...NAT can be enabled or disabled here This is configured in the menu LAN ext on the respective page Routing 12 1 4 Entering Host Names You can specify the host and domain name of the EBW E100 here More...

Страница 38: ...tion will be possible any more It is necessary that you enter the MAC address of the computer that is used for configuration into the list of allowed source MAC addresses before activating the MAC fil...

Страница 39: ...EBW E100 for this Configuration via web interface menu Basic Settings page Radius In order to configure access protection via a Radius server enter its address and port into the respective fields Por...

Страница 40: ...al authentication at the device select the radio button Authentication with password and enter the access data into the respective fields For an authentication at the Radius server select the radio bu...

Страница 41: ...ss Then enter into the entry fields static IP address and Netmask an IPv4 address as well as a netmask The IP address must be an address from the external LAN to which you connect the device Check the...

Страница 42: ...ime in seconds after which the connection will be terminated Enter 0 to disable the time controlled connection termination In order to adjust the MTU maximum permissible number of bytes in a packet to...

Страница 43: ...into the entry field Interval for checking connection The default setting is 5 minutes If a closed connection is determined after this time the EBW E100 will attempt to re establish the connection af...

Страница 44: ...to the entry fields for hours and minutes Save your settings by clicking OK 12 2 5 Routing Routing is the core function of the EBW E100 Routing means that incoming data packets are routed to certain n...

Страница 45: ...er to disable NAT for outgoing packets uncheck the checkbox Activate NAT for outgoing IPv4 packets This may be useful in LAN operation if the routed packets must not be changed The router will unblock...

Страница 46: ...source IP address into the entry field Source IP address In order to permit connections to certain ports enter the permitted destination port into the entry field Destination port In order to permit...

Страница 47: ...6 firewall for LAN ext interface It is strongly recommended to keep the firewall for IPv6 always enabled even if IPv6 is not used In order to create a rule for a permitted IP connection proceed as fol...

Страница 48: ...wall is enabled Otherwise all packets that are not directed to these IP addresses would be discarded Configuration via web interface menu LAN ext page IP forwarding In order to enable IP forwarding ch...

Страница 49: ...on attempts have already been made Configuration via web interface menu LAN ext page Port forwarding In order to enable port forwarding check the checkbox Activate port forwarding for LAN ext interfac...

Страница 50: ...e not been requested by the local network of the EBW E100 or which have not been forwarded to a participant in the local network by a port forwarding rule If no exposed host is configured these incomi...

Страница 51: ...EBW E100 as OpenVPN server or OpenVPN client Figure 4 shows a sample configuration for an OpenVPN connection One EBW E100 is configured as OpenVPN server and a second as OpenVPN client here Both clien...

Страница 52: ...ods when establishing the VPN tunnel Authentication type Usage Characteristics None For testing purposes and to connect networks without encryption No encrypted connection It is not possible to log in...

Страница 53: ...he INSYS icom web site www insys icom com driver This program is used as remote terminal if you want to establish an OpenVPN connection from a Windows PC Configuration via web interface menu LAN ext p...

Страница 54: ...the packet size In order to adjust the interval up to the key renegotiation use the entry field Interval for renegotiation of data channel key This interval configures the time in seconds which must e...

Страница 55: ...create a new route to a client network enter in the section Create new route to a client network the Common Name of the client into the field Name in certificate as well as its net address and netmas...

Страница 56: ...hind the tunnel fields In order to confirm all settings made above click on OK In order to upload a certificate or key click in the section Upload key or certificates on the Browse button button depen...

Страница 57: ...io buttons and enter its port into the Port field If the proxy server requires an authentication enter the access data into the User name and Password fields In order to set a default route check the...

Страница 58: ...the time in seconds which must expire before new keys are created In order to adjust the VPN ping interval use the entry field Ping interval Enter the interval in the amount of seconds in which the O...

Страница 59: ...configured for bot or the settings are complementary 0 1 or 1 0 In order to configure the authentication with static key select the radio button No authentication or authentication with preshared key...

Страница 60: ...terface menu LAN ext page PPTP server For an operation as PPTP server check the checkbox Activate PPTP server In order to display the messages of the last connection select the link Display log of las...

Страница 61: ...n In order to define the IP address or the domain name of the remote terminal to which the VPN connection is to be established enter an IP address or a domain name in the field IP address or domain na...

Страница 62: ...or IP address which can only be connected via the tunnel here If the connection check is not successful a possibly existing tunnel will be terminated and a new tunnel will be established The ping inte...

Страница 63: ...you select activate default setting all ESP Encapsulating Security Payload packets are additionally packed into a UDP packet and sent using the UDP port 4500 if a NAT router is detected If you select...

Страница 64: ...kets In order to specify the ID of the remote terminal enter it into the field Remote ID The respective IP address is used as ID by default If the actual IP address differs from the received ID e g du...

Страница 65: ...ad peer If you select restart default setting here the connection will be restarted for clear it will be terminated and for hold it will be held In order to enable perfect forward secrecy check the ch...

Страница 66: ...on white box The private key can only be deleted The authentication with passphrase can be used for main mode and aggressive mode The passphrase which must be used by all IPsec participants must be en...

Страница 67: ...te route to this network will be created automatically which enables to access the tunnel address of the remote terminal for example In order to adjust the MTU maximum permissible number of bytes in a...

Страница 68: ...or the e mail account into the field User name as well as the associated password into the field Password Check the checkbox Use SSL TLS to send the e mails encrypted In order to enable to trigger an...

Страница 69: ...in the section Create new e mail Enter the e mail address of the recipient into the field Recipient for this Select from the drop down list Event the respective event for triggering the e mail dispatc...

Страница 70: ...te SNMP traps In order to download the private MIB click on the link Download private MIB In order to create an SNMP trap you have to define this in the section Create new SNMP trap Enter the IP addre...

Страница 71: ...hment If IP addresses are combined with host names in the local host table Basic Settings menu Host names page these will be processed first Configuration via web interface menu Server services page D...

Страница 72: ...ure the dynamic DNS update check the checkbox Activate dynamic DNS update Select a DynDNS provider from the drop down list DynDNS provider In order to define an own DynDNS server select in the drop do...

Страница 73: ...cates addresses in the LAN The IP address range of the DHCP server must be located in the same network as the IP address of the EBW E100 Enter into the entry field Lease Time a validity period in seco...

Страница 74: ...ed at the LAN ext interface Configuration via web interface menu Server services page Router advertiser In order to enable the router advertiser check the checkbox Activate router advertiser Select th...

Страница 75: ...ield Timeout for inactive connections In order to avoid overloading you can restrict the number of clients which can connect at the same time Enter the maximum number of simultaneously authorized clie...

Страница 76: ...2 5 7 Configuring IPT The EBW E100 also allows data transfer via an IPT channel It can act as IPT slave here Configuration via web interface menu Server services page IPT In order to enable IPT check...

Страница 77: ...aster will be disconnected and re established again enter this time in seconds into the field Timeout between characters In order to enable scrambling of the IPT connection check the checkbox Use scra...

Страница 78: ...d Port In order to specify a contact information for the SNMP agent you can enter this into the field Contact information In order to specify a description for the SNMP agent you can enter this into t...

Страница 79: ...s can be set and or queried via the device drivers Configuration via web interface menu Server services page MCIP In order to enable device drivers to register with the MCIP server via TCP check the c...

Страница 80: ...interval can be configured Configuration via web interface menu System page System data In order to view the detailed system messages via the web interface click on the link Show the extensive system...

Страница 81: ...ion Configuration via web interface menu System page Time In order to configure time and date enter the values for day month year as well as hours and minutes into the entry fields DD MM YYYY hh mm Co...

Страница 82: ...ry defaults see Section Display and Control Elements Function of the Control Elements Configuration via web interface menu System page Reset In order to restart select the radio button Reset Click on...

Страница 83: ...update files enter the IP address or the domain name of the server into the Server field and the respective port into the Port field It is also possible to specify sub directories of the server that...

Страница 84: ...web interface via a dial up connection the connection must be maintained long enough to perform the uploads The option Maximum connect time should be set to 0 for the update also the Idle time You ha...

Страница 85: ...ect Reset and click on OK The new firmware is now active 12 6 7 Uploading the Configuration File You may upload a previously downloaded or edited configuration file to the EBW E100 to replace the curr...

Страница 86: ...onfiguration and thus all data to provide a good troubleshooting basis when using the support of the manufacturer The support packet will be encrypted so that the secret passwords or keys contained in...

Страница 87: ...omain name into the field Parameter and click on OK Optionally you may increase the standard number of 3 hops by increasing the number of hops to 5 for example using the parameter m 5 before The reply...

Страница 88: ...nd is configured independently from the device It must be kept in mind that the functionality of the monitoring application can be affected by settings at the device e g interface reservations for the...

Страница 89: ...rt insys tec de and via phone under 49 941 58692 0 13 3 Repair Send defect devices with detailed failure description to the source of supply of your device If you have purchased the device directly fr...

Страница 90: ...wing address carriage prepaid Frankenberg Metalle Gaertnersleite 8 D 96450 Coburg Germany This regulation applies to all devices which were delivered after August 13 2005 Please consider possible stor...

Страница 91: ...Hereby INSYS Microelectronics GmbH declares that herein described device types are in compliance with Directives 2004 108 EC and 2011 65 EC The full text of the EC Declaration of Conformity is availa...

Страница 92: ...to operate the equipment under FCC rules Note Export restriction Possible violation of export regulations This device uses encryption technology and is therefore subject to export control as per Germ...

Страница 93: ...ou distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have Yo...

Страница 94: ...and can be reasonably considered independent and separate works in them selves then this License and its terms do not apply to those sections when you distribute them as sepa rate works But when you d...

Страница 95: ...both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the bal ance o...

Страница 96: ...freedom to share and change free software to make sure the software is free for all its users This license the Library General Public License applies to some specially designated Free Software Foundat...

Страница 97: ...that uses the library The former con tains code derived from the library while the latter only works together with the library Note that it is possible for a library to be covered by the ordinary Gene...

Страница 98: ...t bring the other work un der the scope of this License 3 You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library To do this yo...

Страница 99: ...e same user the materials specified in Subsection 6a above for a charge no more than the cost of performing this distribution c If distribution of the work is made by offering access to copy from a de...

Страница 100: ...to decide if he or she is willing to distrib ute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a c...

Страница 101: ...n net to link the LZO library with the OpenSSL library http www openssl org Markus F X J Oberhumer OpenSSL License The OpenSSL toolkit stays under a dual license i e both the conditions of the OpenSSL...

Страница 102: ...this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documenta...

Страница 103: ...licence and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence includ...

Страница 104: ...d via a dial in connection and then create a connection to the LAN Dial out The device can use a dial up connection to make calls and establish In ternet connections for example DF Datenfern bertragun...

Страница 105: ...ess and device ad dresses Net address Consists of the overlap of IP address and netmask It always ends with 0 The netmask e g 255 255 255 0 is applied in binary form to an IP address e g 192 168 1 1 t...

Страница 106: ...l a transport protocol to enable data exchange between network devices It operates without connection i t the data transmission is not protected UMTS Universal Mobile Telecommunications System stands...

Страница 107: ...ons and meaning of the control elements 20 Table 6 Description of the connections on the front panel of the device 21 Table 7 Description of the connections on the top of the device 22 Table 8 Authent...

Страница 108: ...26 33 35 40 86 Configuration file 26 83 85 Connection 27 Connection check 43 Connection Establishment 44 46 68 Connection log 54 58 Connection timeout 75 Daily connection termination 44 Data directio...

Страница 109: ...34 Humidity 18 ICMP 105 ICMP ping 62 87 Idle time 24 42 44 Intended Use 10 Internal clock 81 Internal network 41 IP address 32 36 61 64 72 73 76 105 IP address range 73 IP forwarding 24 48 IP packet 8...

Страница 110: ...assphrase 64 Password 32 33 35 40 68 72 Perfect forward secrecy 65 Permissible limit 11 Personnel 11 Ping 43 65 87 Ping restart interval 54 58 Port 49 52 53 57 105 Port forwarding 24 49 50 105 Port of...

Страница 111: ...PN LED 84 Storage 11 Subnet 64 Surface 14 Switch 106 Switch cabinet 29 Symbol 8 9 System data 80 System log 80 System messages 80 81 System time 25 TCP 106 TCP connection 60 Technological Features 18...

Страница 112: ......

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды