background image

                                                                                                         

Chapter 12 VPN

 

http://www.level1.com 

 

Page 133   

 

Figure 12_13 PPTP Client Info List 1 

 

Figure 12_14 PPTP Client Info List 2 

12.2

 

IPSec 

12.2.1

 

IPSec Overview 

With  the  development  of  security  standards  and  network  protocols,  various  VPN  technologies 

Содержание GBR-4001

Страница 1: ...GBR 4001 4 WAN Gigabit Broadband VPN Router User Manual V1 0 Digital Data Communications Asia Co Ltd http www level1 com...

Страница 2: ...WAN1 Port Configuration Dynamic IP access 12 4 2 WAN1 port configuration Static IP access 13 4 3 WAN1 configuration PPPoE access 13 Chapter 5 Start menu 15 5 1 Configuration Wizard 15 5 2 Interface s...

Страница 3: ...Port mirroring 55 7 6 Port VLAN 56 7 7 SYSLOG configuration 58 Chapter 8 User management 59 8 1 User status 59 8 2 IP MAC binding 61 8 2 1 IP MAC binding list 62 8 2 2 IP MAC binding configuration 63...

Страница 4: ...103 11 2 1 Access Control Rule 104 11 2 2 Access control list 105 11 2 3 Access Control Settings 106 11 2 4 Access Control Settings instance 112 11 3 Domain filtering 115 11 3 1 Domain filtering Setti...

Страница 5: ...stem log information 163 14 3 2 Log Management Settings 165 Chapter 15 Customer service 166 Appendix A Configuration of LAN computers 167 Appendix A FAQ 170 B 1 How ADSL users go online 170 B 2 How th...

Страница 6: ...rfaces IP address subnet mask LAN port 192 168 1 1 255 255 255 0 WAN port Dynamic IP access Table 0 1 Factory settings of interfaces 2 The factory user name of the system administrator is admin and th...

Страница 7: ...d provide a fixed IP allocation account billing and other functions Support routine business notification due account notification functions Support WEB authentication function Support Internet behavi...

Страница 8: ...s Support filtering of MAC addresses 1 2 Specifications Meets IEEE802 3 Ethernet and IEEE802 3u Fast Ethernet standards Supports TCP IP DHCP ICMP NAT PPPoE static routes and other protocols The physic...

Страница 9: ...system burden is heavy Defective often light or often Link Act Port status indicator When a device is properly connected to a port the status LED that corresponds to the port stays lit and it will fl...

Страница 10: ...on and automatically restart Note The above operations will delete all the original device configurations please use it with care 2 2 Precaution for installation 1 Make sure to install the workbench a...

Страница 11: ...device on a sufficiently large stable and properly grounded workbench with its bottom up 2 Remove the adhesive protective paper from the foot pad and stick the 4 pads in the 4 round slots at the bott...

Страница 12: ...e 2 Establish a WAN connection Connect the WAN port of the router to the Internet with a network cable as shown in the figure below 3 Connect the power supply Before connecting the power supply make s...

Страница 13: ...P address You can use either of the following methods 1 Set the computer s IP address as one of the addresses from 192 168 1 2 192 168 1 254 the subnet mask is 255 255 255 0 and the default gateway is...

Страница 14: ...ce can be configured through browsers such as Internet Explorer or Firefox Open the browser and type in the IP address of the device s LAN port in the address bar such as http 192 168 1 1 After the co...

Страница 15: ...f username password are Admin case sensitive on the login interface and then click OK Figure 3_1 WEB login interface If user name and password are correct the browser will display the homepage of the...

Страница 16: ...n 3 Booking Service Link to the booking service page of LEVELONE s official website for advance reservation of the customer service in a certain working period 2 This page displays the main menu bar o...

Страница 17: ...izard homepage appears directly in the main operating page As shown in Figure 4_1 Figure 4_1 Home page of configuration wizard In logging next time the wizard will no longer automatically pop up When...

Страница 18: ...The following describes the meaning of the parameters for configuration of fixed IP access Figure 4_3 Configuration Wizard Static IP access IP address subnet mask gateway address primary DNS server s...

Страница 19: ...you If you have any questions please ask your ISP User name Type in the password the ISP provides you If you have any questions please ask your ISP Tip 1 After configuring the Internet line for the WA...

Страница 20: ...faces and view the statistics data of the devices real time traffics 5 1 Configuration Wizard The Start Configuration wizard pages can help you to quickly configure the basic parameters required by so...

Страница 21: ...Figure 5_2 Interface Traffic WAN WAN port of the device click on the tab to view the dynamic figure of receiving sending traffic LAN LAN port of the device click on the tab to view the dynamic figure...

Страница 22: ...Flip bLeveloneon and the colors can swap to receive and send data 5 4 Restart Device If you need to restart the device just enter into the Start Restart device page to click Restart Figure 5_3 Restart...

Страница 23: ...onfigure not only the line information modify or delete the configured lines according to the actual needs but also view the connection status of lines After completing the configuration of Internet l...

Страница 24: ...and China Mobile respectively Working mode options include NAT and routing mode NAT mode Network address translation The router working in this mode can convert the IP address of the Intranet LAN side...

Страница 25: ...through Operator policy and the system will generate a corresponding route based on the user s choice you can easily achieve the goal that Telecom traffic flows on the Telecom routes while Unicom traf...

Страница 26: ...rnet media are selected the device will obtain the IP address subnet mask and gateway address information through dial up User name and password The user name and password provided by the operator whe...

Страница 27: ...n the premise of using the correct user name and password Idle time The time length after there is no traffic of access and before automatic disconnection 0 means no automatic disconnection Unit minut...

Страница 28: ...for the WAN interface provided by ISP Downstream rate upstream rate The downlink uplink average rate of the current line in the time interval of two times of list refreshing The unit is KB s 1 Dial u...

Страница 29: ...re 6_7 Internet Connection List Dynamic IP access Update The system automatically complete the process of releasing the IP address and then obtaining an IP address again Release Releases the currently...

Страница 30: ...nse within a detection cycle this line will be deemed to be failed and it will be shielded immediately For example if the 3 inspection packets that are sent have no response within a detection cycle t...

Страница 31: ...s automatically redistributed In the Partial line load balancing while the others backed up mode part of the lines are used as main lines the other part of the lines is used as backup lines Working pr...

Страница 32: ...ation mode Partial Load Balancing is selected here Main line The list box represents the main line group and all the lines in the list box are used as the main lines Main line The list box represents...

Страница 33: ...ion Click on the interface of the line or the Edit hyperlink corresponding to the line to skip to the relevant page for change Refresh Click Refresh to get the latest status information of line combin...

Страница 34: ...hosts on the current line is to be used in priority in Intranet Save The above configuration parameters take effect Refill Restores to the configuration parameters before modification Return Returns t...

Страница 35: ...multiple lines are configured please enable the device s identity binding function to make normal use of such apps as QQ online bank 6 3 Configuration of LAN port The device s LAN ports can be config...

Страница 36: ...plex 100M HD 100M half duplex 1000M FD 1000M full duplex supported by Gigabit devices The default is Auto which is usually not required to be modified and if there is any compatibility issue or the de...

Страница 37: ...ort of the device Gateway address The gateway IP address the DHCP server automatically assigns to the network computer which should be consistent with the LAN IP address of the device Leasing time The...

Страница 38: ...unction without having to change the PC setting after the device enables the DNS proxy function 6 4 2 Static DHCP This section describes the static DHCP list and the way to configure a static DHCP Usi...

Страница 39: ...below Below is a description of the meaning of the parameters for configuring static DHCP Figure 6_16 Static DHCP configuration User name Configures the user name of the computer bound by this DHCP c...

Страница 40: ...lient Enabling this function can protect against network ARP spoofing If it is not enabled no automatic binding operation is to be done Enable DHCP automatic deletion When DHCP automatic deletion is e...

Страница 41: ...e addresses The host with the MAC address of00 21 85 9B 45 46 assigns the fixed IP address of 192 168 1 15 while the host with the MAC address of00 1F 3C 0f 07 F4 assigns the fixed IP address of 192 1...

Страница 42: ...CP service settings Instance The third step is to enter the Network parameters DHCP server Static DHCP page and click Add new entry to configure the two static DHCP instances in the request such as Fi...

Страница 43: ...list as shown in Figure 6_22 If configuration errors are found you can click the corresponding item s icon directly and enter into the Static DHCP configuration page for modification and saving Figur...

Страница 44: ...ELONE does not guarantee the DDNS service must be able to meet the requirements nor guarantee the service will not be uninterrupted nor guarantee the timeliness safety and accuracy of network services...

Страница 45: ...s feature Figure 6_23 UPnP configuration Enable UPnP Ticking the check box for enabling the UPnP feature Internal address The host IP address when port translation is needed in the intranet Internal p...

Страница 46: ...limited range of public network IP addresses Since the internal network can be effectively isolated from the outside world so NAT can also provide some assurance for network security LEVELONE routing...

Страница 47: ...omputers if any If there are no matching static mappings it will check to see if there is a matching virtual server 3 Two types of NAT rules The device provides two NAT types Easy IP and One2One Easy...

Страница 48: ...tic mapping entry named as admin is added in the list after remote management is enabled in Systems management Remote management page they cannot be edited or deleted in this page 2 Static NAT mapping...

Страница 49: ...hen you are unable to confirm that the protocol used by the application is TCP or UDP select TCP UDP External starting port The starting service port the device provides to the Internet IP address The...

Страница 50: ...with the intranet IP address of 192 168 1 20 192 168 1 25 to 200 200 202 20 and binds to the WAN1 port to achieve Internet access The NAT type of an instance One2One converts the address with the intr...

Страница 51: ...ng IP address internal ending IP address The IP address range for the computers in the intranet that have the priority to use the NAT rules for Internet access Binding Selects the interface bound by t...

Страница 52: ...ternal starting IP address is set to 192 168 1 50 Internal ending IP address is set to 192 168 1 52 external starting address is set to 200 200 202 50 then 192 168 1 50 192 168 1 51 192 168 1 52 are i...

Страница 53: ...a single line for Internet access and the ISP has assigned 8 addresses for this line 218 1 21 0 29 218 1 21 7 29 where 218 1 21 1 29 is the gateway address of the line and 218 1 21 2 29 is the IP addr...

Страница 54: ...he next hop is set to the IP address of the bound interface III One2One configuration instance Demands An enterprise applies for a line of Telecom which adopts the fixed IP access method and the bandw...

Страница 55: ...e Configuration steps are follows The first step is to enter the Advanced configuration NAT and DMZ configurations NAT rules page and click Add new entry The second step is to enter the NAT rules conf...

Страница 56: ...network failure you need to manually modify the static routing information in the routing table Setting and using static routes correctly can improve network performance and meet special requirements...

Страница 57: ...etwork segment Priority Sets the priority of a static route When the destination network subnet mask are the same select the high priority routing for forwarding data and the smaller the value is the...

Страница 58: ...policy routing This is a global switch of policy routing Only after it is enabled can the configured policy routing can take effect Move to Users can appropriately sort the policies using this bLevelo...

Страница 59: ...ss and the ending IP address following this policy route User group The user group following this policy route click on User group to refer to the source address for policy reference for the user grou...

Страница 60: ...t 7 4 Anti NetSniper This section describes the Advanced Configuration Anti NetSniper page and configuration methods Network vanguard defense is used to crack the shared detection set by the network o...

Страница 61: ...monitored port cannot be the same port as the monitoring port 7 6 Port VLAN This section describes the port VLAN function of the Advanced configuration Port VLAN page VLAN virtual LAN can split the n...

Страница 62: ...he VLAN group name of the VLAN VLAN members Displays the members to the VLAN 4 Port VLAN Figure 7_17 Port VLAN settings VLAN group number Sets the VLAN group number VLAN group name Sets the name of th...

Страница 63: ...tionally both LAN2 port and LAN3 port are not in the same VLAN and the hosts under LAN2 and LAN3 cannot access to each other 7 7 SYSLOG configuration This section describes the Advanced Configuration...

Страница 64: ...o on by viewing analyzing the pie charts and lists in this page Figure 8_1 User Status Analysis of the current network traffic usage analyzes the current percentage of network traffic used by Intranet...

Страница 65: ...d minor yellow normal green When an intranet user s behavior of accessing shopping websites social networking sites using stock software and playing online web game accounts for a range of 100 70 of a...

Страница 66: ...n and the list will refresh the list at the automatic refreshing interval 8 2 IP MAC binding This section describes the User management IP MAC binding page and configuration method To implement networ...

Страница 67: ...e device Allow Ticking this check box means to allow the bound user to connect to the device but unchecking it means to disallow the bound user to connect to the device Modify the IP MAC binding entri...

Страница 68: ...Figure 8_5 IP MAC binding configuration Network segment The management IP address subnet mask of the device by default Text box Displays the scanned IP MAC information or the configured IP MAC bindin...

Страница 69: ...white list are legal users their IP and MAC address exactly matches an entry in the IP MAC binding information list and the entry selects Allow The users in the black list are illegal users their IP a...

Страница 70: ...es of the host that is prohibited from Internet access as the IP MAC address binding pair and deselect Allow no in the box namely to prohibit the users that exactly match the IP MAC address from acces...

Страница 71: ...t to prohibit a host with the IP address of 192 168 1 30 and the MAC address of 0021859b2564 from connecting and passing the device you can add an IP MAC address binding pair enter the host s IP addre...

Страница 72: ...overy stage This stage is used to establish a connection When a user host wants to start a PPPoE session it must first implement the discovery stage to identify the Ethernet MAC address of PPPoE Serve...

Страница 73: ...PPoE session together uniquely 2 PPP session stage When PPPoE enters the PPP session stage the client and the server will conduct a standard PPP negotiation and after this the data is sent over PPP en...

Страница 74: ...oE server automatically assigns to the network computers Primary DNS server The IP address of the primary DNS server automatically assigned by the PPPoE server to the network computers Secondary DNS s...

Страница 75: ...nd confirming password 4 Click Submit to display Operation is successful and the password is successfully changed 2 Users can modify their password 5 times a day on their own 3 The administrator can u...

Страница 76: ...feature please go to Behavior management Electronic notification page for configuration Expired Means that the account is not in the effective date of account Date of account opening date of account...

Страница 77: ...ed IP address assigned for the PPPoE dial up user which must be within the scope of address pool Added to the account groups the user name will be added to the appropriate account group which must be...

Страница 78: ...formation of the IP addresses the user s MAC address online time of PPPoE connections upload download rates etc the PPPoE server assigns to the user in the list Figure 8_13 PPPoE User Status List Tip...

Страница 79: ...password for the account in the txt format 8 3 6 Import PPPOE Accounts Figure 8_15 Import PPPOE Accounts Tip 1 When configuring PPPOE accounts to be imported and bound in batch its input format is Ac...

Страница 80: ...or to account expiration the maximum number of sessions of test3 is set to 5 2 Configuration steps 1 Configure the PPPoE server Log on to the device enter the User management PPPoE server page configu...

Страница 81: ...the maximum number of sessions for its account to 5 Figure 8_18 Instance PPPoE User Status List 4 Configure the account expiration notification feature Enter the Behavior management Electronic notifi...

Страница 82: ...ure 8_19 WebAuth Global Settings Enable WEB authentication Checking it means that the intranet users cannot access the Internet unless passing the WEB authentication Enable background image Check it t...

Страница 83: ...text Tip texts for custom WEB authentication pop up window Network image link Enters the network link to the picture to make this picture as the background of the WEB authentication pop up window 8 4...

Страница 84: ...s the maximum number of sessions for the account Hang up Clicks this bLeveloneon to hang up the connection to the user Add new entry Click this bLeveloneon to enter the Figure 8_21 page to configure t...

Страница 85: ...lick Go off line safely 3 Click OK in the web page message dialog box that opens 8 4 3 WEB Authentication Client Status Figure 8_22 WEB Authentication Client Status User name Displays the user name of...

Страница 86: ...oup list Figure 8_24 User group Settings Group name Customizes the group name of the user group Group type It consists of address group and account group Here account group refers to the PPPoE authent...

Страница 87: ...and click Add new entry to enter into the configuration page as shown in Figure 9_2 Time period defines the effective time for related features one time period can define the three time units Figure 9...

Страница 88: ...http www level1 com Page 83 Figure 9_2 Schedule Settings 9 2 Application Control This section describes the net behavior management list and net behavior management configuration in the App Control Ap...

Страница 89: ...behavior management feature 9 2 2 Internet Application Management Settings Click Add new entry on the above image to enter the Net behavior management configuration page to manage intranet users net b...

Страница 90: ...ets the time when the net behavior management instance takes effect Tip When a net behavior management feature does not take effect make sure that this policy library is up to date In the Behavior man...

Страница 91: ...and game software checking stocks and game site information and access to the shopping website during the working time In the rest of the time all operations are opened up Here the users at the manage...

Страница 92: ...1 Enter the Behavior management Net behavior management page to enter the Net behavior management configuration page 2 Configure behavior management policies for sales department customer service dep...

Страница 93: ...evel1 com Page 88 Figure 9_5 Internet Application Management Figure 9_6 Internet Application Management Continued Figure 9_5 9 3 QQ white list QQ white list refers to the QQ users who are defined to b...

Страница 94: ...entry to add QQ white list users in the QQ white list configuration page Figure 9_7 QQ white list Allow 400 800 Business QQ Checks to allow 400 800 Business QQ Enable QQ white list Checks to enable th...

Страница 95: ...TM Whitelist Aliwangwang White List refers to the Aliwangwang users allowed to log in after Aliwangwang is prohibited in the Net behavior management Enter the App Control TM Whitelist page and after t...

Страница 96: ...he App Control Notification page to configure routine business notification and account expiration notification Notification is a notice sent by the device to users in the form of Web pages when the I...

Страница 97: ...dress range of routine business notification which can only contain 65535 addresses at maximum Notification title content Sets the title and content of the routine business notification Redirecting ti...

Страница 98: ...page for the first time with the effective time period Tip When the routine business notification only involves the change of Notification title Notification content click Save and the notification wi...

Страница 99: ...ction describes the net behavior audit feature Enter the App Control Application Audit Log Management page as shown in the figure below Figure 9_12 Log management Enable web logs Enables the web log t...

Страница 100: ...rd the latest 400 log information 9 7 Policy Database This section describes the App Control Policy Database page and operating procedures The system provides 11 different types of policies at present...

Страница 101: ...scribes the meaning of the parameters in the policy library info list Name The name of a policy Type The type of a policy for example QQ is of the IM type as shown in the above figure Notes A detailed...

Страница 102: ...ers can limit the uploading downloading rates of the Intranet users in a segment of address through the fine rate limit feature in order to achieve a rational distribution and utilization of bandwidth...

Страница 103: ...the fine rate limit to take effect Rate limit policy The available options are exclusive and shared Exclusive means each IP addresses in this range can use this bandwidth Shared means the IP addresses...

Страница 104: ...width feature Uplink and downlink bandwidth of WAN1 Sets the uplink and downlink bandwidth of WAN1 applied for from ISP and the custom maximum value of Gigabit devices can be set to 1000M Uplink and d...

Страница 105: ...connections The maximum number of TCP connections established per host in the Intranet whose default is 1000 Total connections The maximum number of UDP connections established per host in the Intran...

Страница 106: ...set too low so it is recommended that The number of TCP connections is not less than 100 the number of UDP connections is not less than 50 the number of ICMP connections is not less than 10 If their v...

Страница 107: ...ion 1 Internal Attack Prevention Figure 11_1 Attack Prevention Internal Attack Prevention Enable DDoS attack defense When enabled the device will effectively defend against the common Intranet DDOS at...

Страница 108: ...d the WAN port of the device does not respond to the ping requests from the external network 11 2 Access control This section describes the functions and configuration methods of the Firewall Access c...

Страница 109: ...l in the IP header is TCP or UDP then filter again according to the TCP header information source port and destination port or UDP header information source port and destination port When filter type...

Страница 110: ...warding and discarding and the corresponding actions are allow or disallow When the packets to be processed match a defined access control policy and if the action of the policy is allow then the devi...

Страница 111: ...ttings Access control policy is to control the packets flowing through the device Click Add new entry in the above figure to enter the Access control policy configuration page to configure the require...

Страница 112: ...e access control policy Action The implementing action for the access control policy the options are allow or disallow Allow Allows the packet that matches the access control policy to pass that is th...

Страница 113: ...defined then set them to the same value with the range of values as 1 65535 Destination starting address destination ending address The destination starting IP address and destination ending address f...

Страница 114: ...es that start with the domain name are matched Or you can enter the substring of the domain name and then all pages that contain the substring in the URL are matched thus filtering all web pages of a...

Страница 115: ...e you need to disallow or allow FTP connections by configuring the access control policy of IP filter type 3 Access Control Settings Keyword filtering Figure 11_6 Access Control Settings Keyword filte...

Страница 116: ...ther parameters have the same meaning as that of the parameters in the IP filter type which will not be repeated here Please refer to the related description Filter type Here DNS filtering is selected...

Страница 117: ...0 Analysis Custom policy 1 Allows the DNS application in 192 168 1 10 192 168 1 20 Custom policy 2 Allows the WEB application in 192 168 1 10 192 168 1 20 Custom policy 3 Disallows all other applicati...

Страница 118: ...100 from visiting the website http www bbc com IP address is 212 58 246 93 and the website http www cnn com IP address is 157 166 255 18 but allow all other online services of the group Analysis Conf...

Страница 119: ...Chapter 11 Firewall http www level1 com Page 114 Figure 11_10 Access Control Settings Instance II Figure 11_11 Access Control Settings Instance I Continued Figure 11_10...

Страница 120: ...attention in the domain name filtering operation steps domain name filtering configuration process 11 3 1 Domain filtering Settings Figure 11_12 Domain filtering page Steps of configuring domain name...

Страница 121: ...one as displayed in the Domain list in whole word it will not be able to access the web page corresponding to that domain name 3 You can filter multiple domain names by entering the wildcard character...

Страница 122: ...le of the notification information pushed by the device Redirecting time Sets the redirecting time for accessing the domain name as listed in the domain name list Blank means no redirecting while 0 me...

Страница 123: ...k Notification page 11 4 MAC Address Filtering This section describes the MAC address filtering function of the Firewall MAC address filtering page including The steps of MAC address filtering and the...

Страница 124: ...MAC address filtering function Filtering rules Users can choose Allow Allow only the MAC addresses in the list to access to the network or Disallow Disallow only the MAC addresses in the list to acce...

Страница 125: ...ddress filtering configuration page as shown in the figure below Figure 11_16 MAC Address Filtering Settings User name Displays the user name of the configured MAC address filtering MAC address Config...

Страница 126: ...ss which can be obtained using the ipconfig all command under the DOS environment on Windows platforms User name It can be ignored because the system will automatically assign a name for it Tip 1 In t...

Страница 127: ...e Intranet The basic function of the PPTP is to transmit user data packets encapsulated using PPP in the IP network PPTP client is responsible for receiving the raw data from users and encapsulates it...

Страница 128: ...iew the information related to the PPTP tunnel such as user name business type remote Intranet IP address session state time of connection established Figure 12_2 PPTP list Tip 1 The operation of the...

Страница 129: ...figuration PPTP page click Add a server in the page as shown in Figure 12_2 and enter the PPTP server page 12 1 3 1 Global Settings Figure 12_3 PPTP server Global Settings Enable PPTP server Check to...

Страница 130: ...server after dialing through the VPN but cannot open the web pages Encryption mode Sets the data encryption mode with the options of MPPE encryption no encryption Note In the use of MPPE encryption m...

Страница 131: ...r address pool Remote Intranet network address Fills in the IP addresses used by the LAN at the opposite end of the PPTP tunnel which may be the LAN IP address of the device at the opposite end of the...

Страница 132: ...The password used when dialing the tunnel Password authentication mode Sets the password authentication mode to establish PPTP VPN The options include MS CHAPV2 PAP CHAP ANY automatically negotiate w...

Страница 133: ...ses the PPTP to establish VPN tunnels and the VPN gateway in both places are using HiPER router and the mobile users using the built in PPTP client software of the Windows operating systems at the fol...

Страница 134: ...LAN User name Test2 Password 123456 Password authentication mode MS CHAPV2 Remote Intranet network addresses 192 168 16 1 Remote Intranet subnet mask 255 255 255 0 Figure 12_8 PPTP server Settings LA...

Страница 135: ...lients are configured as shown in the above figure user name test1 Password 123456 Password authentication mode MS CHAPV2 Remote Intranet network addresses 192 168 1 1 Remote subnet mask 255 255 255 0...

Страница 136: ...elect Optional encryption which can connect without encryption 12 In Allow these protocols check Unencrypted password PAP Challenge Handshake Authentication Protocol CHAP Microsoft CHAP MS CHAP Micros...

Страница 137: ...ectively to view the PPTP instance connection information As shown in the figure below you can view the user name service type session status using time remote Intranet IP address mask and other infor...

Страница 138: ...www level1 com Page 133 Figure 12_13 PPTP Client Info List 1 Figure 12_14 PPTP Client Info List 2 12 2 IPSec 12 2 1 IPSec Overview With the development of security standards and network protocols vari...

Страница 139: ...tegrity and authenticity of packets sent across the Internet through encryption and data origin authentication at the IP layer IKE Internet Key Exchange IKE is used for both communicating parties to n...

Страница 140: ...rties data integrity and data source authentication as well as the anti replay feature PSK Pre Shared Key One of the IKE authentication methods which requires that each IKE peer use a predefined and s...

Страница 141: ...ond phase both parties negotiate about encryption algorithms keys life cycle as well as authentication of IPSec and establish a channel for encryption and authentication of user data IPSec SA 1 Phase...

Страница 142: ...icate if you are using a certificate The third message The initiator authenticates the responder and confirms the exchange Since the participants identities are exchanged in the plain text in the firs...

Страница 143: ...y DH exchanges and generation of current numbers So the survival time of SA is usually set to relatively long 1 hour to 1 day typically Within the validity period the two communicating parties can onl...

Страница 144: ...IPSec NAT Traversal NAT T is under standardization by the IPSec network of the Internet Engineering Task Force In the IPSec negotiation process the two peers can be determined automatically according...

Страница 145: ...s of connection namely gateway to gateway dynamic connection to the gateway the other party dynamically connects to the local The following describes the meaning of the configuration parameters for th...

Страница 146: ...ddress of the Intranet protected at the remote end of the IPSec tunnel if the remote end is a mobile single user then fill in the IP address of the device Network mask The subnet mask of the Intranet...

Страница 147: ...cond phase Figure 12_17 IPSec Advanced options Main mode First phase Negotiation mode Sets the negotiation mode in the first phase with the options main mode and aggressive mode When selecting gateway...

Страница 148: ...re to reject the received packets or copies of packets in order to protect themselves from attacks DPD Sets whether to enable DPD After enabled the device sends a heartbeat packet on a regular basis t...

Страница 149: ...can only be used as the initiator when establishing an IPSec tunnel and the IPSec tunnel should have the aggressive mode selected at both ends for the IKE negotiation in the first phase Remote end Id...

Страница 150: ...onnect to local machine has been described in the previous two sections so there is no need to repeat any more When selecting Other party dynamically connects to the local the remote gateway address d...

Страница 151: ...ijing and hopes to achieve a mutual access to the internal resources of the LAN in two places This scenario uses the IPSec protocol to establish VPN tunnels and the HiPER router is used by the VPN gat...

Страница 152: ...N IP address of Beijing gateway 200 200 202 127 and remote Intranet address is the LAN IP address of Beijing gateway 192 168 1 1 which is locally bound at WAN1 port Set the preshared key for the first...

Страница 153: ...68 1 1 which is locally bound at WAN1 port Set the preshared key for the first phase to testing and the encryption and authentication algorithms for the second phase is esp ase 128 View connection sta...

Страница 154: ...Chapter 12 VPN http www level1 com Page 149 Figure 12_23 IPSec connection status Shanghai gateway Figure 12_24 IPSec connection status Beijing gateway...

Страница 155: ...utual access to the internal resources of the LAN in two places This scenario uses the IPSec protocol to establish VPN tunnels and the HiPER router is used by the VPN gateway in two places at the foll...

Страница 156: ...mically connecting to the local machine and Beijing gateway dynamically connecting to Shanghai gateway Meanwhile set the Beijing gateway information such as Intranet addresses identity ID Locally boun...

Страница 157: ...gateway to a dynamic connection to the gateway Meanwhile sets up Shanghai gateway related information such as gateway address Intranet address identity ID Locally bound at the WAN1 port set the presha...

Страница 158: ...Chapter 12 VPN http www level1 com Page 153 Figure 12_28 IPSec connection status Other party connects to local host dynamically Figure 12_29 IPSec connection status Connect to local host dynamically...

Страница 159: ...software upgrade remote management scheduled task page This chapter mainly describes how to change administrator user name and password How to set the device clock How to back up and import configura...

Страница 160: ...dification you must use the new user name and password to log into the device 13 2 Language This section describes the System management Language selection page Select the device s WEB interface langu...

Страница 161: ...nchronization After using the network time synchronization function to set up a right NTP server and when the device is connected to the Internet it will automatically synchronize the time with the se...

Страница 162: ...u have checked the check box Restore factory settings before import click the Import bLeveloneon and the device will be restored to the factory settings Tip Do not cut off the device s power supply in...

Страница 163: ...st version of the software Upgrading steps Step 1 Download the latest version of software Click on the hyperlink Download the latest version and go to the official site of LEVELONE to download the lat...

Страница 164: ...ed of human intervention 13 6 Remote Management This section describes the System Remote management page To facilitate the network maintenance by remote administrators on this page you can configure t...

Страница 165: ...ty purposes unless absolutely necessary do not enable the remote management function In looking for LEVELONE s customer service engineer s service please enable the remote management function 13 7 Sch...

Страница 166: ...13 10 Scheduled Task Settings Task name Name of the custom tasks Startup type Indicates time cycle and the options are per week per day per hour per minute Running time Means the specific time for im...

Страница 167: ...again here 14 2 System information In the System status System information page network administrators can understand the system related information and view the system history Through system informa...

Страница 168: ...the product model of the device Hardware version Displays the hardware version number of the device Software version Displays the software version number of the device Refresh Click Refresh to view th...

Страница 169: ...it to a user at this point the system will assign another IP address to the user ARP Spoof mac MAC address New IP IP address mac MAC address Old IP IP address mac MAC address Means the spoofing of ga...

Страница 170: ...Check to enable DHCP logging for recording the conflicts of the DHCP server and DHCP Distribute the address conflicts and other messages Enable notification logging Check to enable notification loggin...

Страница 171: ...ces LEVELONECare Link to the customer service page of LEVELONE s official website to acquire customer services and technical supports Product Discussion Link to the discussion forums of LEVELONE s off...

Страница 172: ...on the Network connections icon right click on Local connection and select Properties In the Local connection Properties This connection uses the following items check to see if TCP IP is already ins...

Страница 173: ...Figure A 1 select Internet Protocol TCP IP option in This connection uses the following items and then click the Properties bLeveloneon 3 Enter the Internet Protocol TCP IP properties window select U...

Страница 174: ...ght click the Local connection select Properties enter the Local connection Properties window as shown in Figure A 1 select Internet Protocol TCP IP option in This connection uses the following items...

Страница 175: ...ckage fee you can select the type of dial up as Auto dial If not you can select the type of dial up as Dial on demand or Manual dial and you can type in the idle time to prevent forgetting line breaka...

Страница 176: ...rmal which can be tested by a PC 2 Connect the WAN port of the device to the ISP network device with a network cable 3 In the Network parameters WAN configuration page configure the parameters of the...

Страница 177: ...ion you can view the configuration and status information for the line Figure B 3 when a dynamic IP is connected such as Connection status which is displayed as Connected in normal connection with the...

Страница 178: ...password If you forget the administrator password you will not be able to enter the WEB interface and now you can only use the Reset bLeveloneon to restore the factory settings of the device The step...

Страница 179: ...gure 6_3 PPPoE access 21 Figure 6_4 Internet Connection List 22 Figure 6_5 Internet Connection List information Continued Figure 6_4 23 Figure 6_6 Internet Connection List PPPoE access 24 Figure 6_7 I...

Страница 180: ...e 8_6 IP MAC binding information list Instance I 65 Figure 8_7 IP MAC binding information list Instance II 66 Figure 8_8 IP MAC binding information list Instance III 66 Figure 8_9 Basic workflow of Di...

Страница 181: ...cess Control Settings DNS filtering 111 Figure 11_8 Access Control Settings Instance I 112 Figure 11_9 Access Control Settings Instance I Continued Figure 11_8 113 Figure 11_10 Access Control Settings...

Страница 182: ...12_26 Dynamic on one party The other party dynamically connects to local machine 151 Figure 12_27 Dynamic on one party Dynamically connects to the gateway 152 Figure 12_28 IPSec connection status Oth...

Страница 183: ...d LGPLv2 inquiries Please direct all GPL and LGPL inquiries to the following address Digital Data Communications GmbH Zeche Norm Str 25 44319 Dortmund Deutschland Phone 49 231 9075 0 Fax 49 231 9075 1...

Страница 184: ...oftware and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know yo...

Страница 185: ...m does 1 You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate...

Страница 186: ...te the Program or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following we use this doubled UL t...

Страница 187: ...ribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enfor...

Страница 188: ...er of this License you may choose any version ever published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions a...

Страница 189: ...GNU General Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This program is distributed in the hope that it will be usef...

Страница 190: ...e program Gnomovision which makes passes at compilers written by James Hacker signature of Ty Coon 1 April 1989 Ty Coon President of Vice This General Public License does not permit incorporating your...

Страница 191: ...http www level1 com Page 186...

Отзывы: