Proscend 6200-2W Скачать руководство пользователя

Страница: 63 / 93

A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network. The Secure

is called a VPN Tunnel.

The VPN Router supports three main type of VPN: IPsec, L2TP and PPTP.

IPsec is a near-ubiquitous VPN security standard, designed for use with TCP/IP networks. It works at the packet level,

and authenticates and encrypts all packets traveling over the VPN Tunnel. Thus, it does not matter what applications

are used on your PC. Any application can use the VPN like any other network connection.

IPsec VPNs exchange information through logical connections called SAs(Security Associations). An SA is simply a

definition of the protocols, algorithms and keys used between the two VPN devices(endpoints)

There are two security modes possible with IPsec:

Transport Mode

– the payload (data) part of the packet is encapsulated through encryption but the IP header remains

in the clear (unchanged)

Tunnel Mode

– everything is encapsulated including the original IP header, and a new IP header is generated. Only the

new header in the clear (i.e. not protected). This system provides enhanced security.

IKE(Interface Key Exchange) is an optional, but widely used, component of IPsec.

IKE provides a method of negotiating and generating the keys and IDs required by IPsec. If using IKE, only a single key is

required to be provided during configuration. Also, IKE supports using Certificates to authenticate the identify of the

remote user or gateway.

If IKE is not used, then all keys and IDs(SPIs) must be entered manually, and Certificates can’t be used, This is called a

“Manual Key Exchange”.

Содержание 6200-2W

Страница 1: ...1 6200 SERIES G SHDSL BIS VPN ROUTER USER MANUAL VERSION 1 00 ...

Страница 2: ...OTECTIVE EARTH FRAME GROUND TERMINAL 12 3 CONFIGURATION 12 3 1 CONFIGURATION METHODS 12 3 1 1 Web Configuration 12 3 1 2 Serial Console Configuration 13 3 1 3 Telnet Configuration 13 3 1 4 Installation 14 3 1 5 Login via Web Browser 16 3 2 MENU TREE 17 3 3 QUICK SETUP 24 3 3 1 System Mode 24 3 4 NETWORK 30 3 4 1 SHDSL 30 3 4 2 Interfaces 32 3 4 3 3 5G Backup 34 3 4 4 DNS 35 3 4 5 DHCP 36 3 4 6 NAT...

Страница 3: ...NMP 71 3 7 3 TR 069 72 3 7 4 UPnP 73 3 7 5 Sys Log 73 3 7 6 Telnet 74 3 7 7 SSH 74 3 7 8 Web 75 3 8 SHOW 75 3 8 1 Information 76 3 8 2 Sys Log 77 3 8 3 CPU Info 77 3 8 4 Script 78 3 9 STATUS 79 3 9 1 SHDSL 79 3 9 2 WAN 80 3 9 3 Route Table 80 3 9 4 Interfaces 81 3 9 5 STP 81 3 9 6 Switch 82 3 10 UTILITIES 83 3 10 1 Upgrade 83 3 10 2 Config Tool 83 3 10 3 Users 85 3 10 4 Ping 86 3 10 5 Trace Route ...

Страница 4: ...twork With always on connection that DSL features 6200 series VPN routers provide advanced firewall with SPI Stateful Packet Inspection and DoS protection serving as a powerful firewall to protect from outside intruders of secure connection It also supports IP precedence to classify and prioritize types of IP traffic In additional its VPN feature supports data transmission over the Internet by dat...

Страница 5: ...ver SHDSL bis PPPoA and PPPoE support user authentication with PAP CHAP MS CHAP MS CHAPv2 SNMP management with SNMPv1 v2c v3 agent and MIB II Getting enhancements and new features via Internet software upgrade 1 1 3 3 S Sp pe ec ci if fi ic ca at ti io on ns s Hardware Interface WAN Port SHDSL bis ITU T G 991 2 2004 Annex A B F G supported Encoding scheme TC PAM 16 TC PAM 32 Data Rate N x 64kbps N...

Страница 6: ...hrough VPN PPTP L2TP pass through Virtual Server Network Protocol IPv4 ARP RARP TCP UDP ICMP DHCP Client Server Relay DNS Relay Proxy Dynamic DNS DDNS IGMP v1 v2 v3 IGMP Proxy IGMP Snooping SNTP and UPnP ATM 8 PVC OAM F4 F5 Loopback AAL5 VC Multiplexing and SNAP LLC Ethernet over ATM RFC 2684 RFC1483 Multiple protocol over ATM AAL5 MPOA REF1483 2684 PPP over ATM RFC 2364 Classic IP over ATM RFC 15...

Страница 7: ...Mark Up to 8 priority queues IP Precedence Alternation VPN IPSec RFC2411 up to 4 Tunnels DES 3DES AES MD5 SHA 1 IKE Manual Key ISAKMP RFC 2407 2408 4306 IKE v1 RFC 2409 4109 PSK L2TP PPTP Firewall SPI Stateful Packet Inspection Intrusion Detection DoS Denial of Service DMZ Content Filtering URL Blocking Packet Filtering Access Control List ACL ...

Страница 8: ...port TR 069 WAN management protocol Physical Electrical Dimensions 18 7 x 3 3 x 14 5cm WxHxD Power 100 240VAC via power adapter Power Consumption 9 watts Max Temperature 0 40ºC Humidity 0 95 RH non condensing Model Number list Model Number Specification 6200 2W 6200 4W 6200 8W 6200 2W U 6200 4W U 6200 8W U Maximum DSL wires 2 wires 4 wires 8 wires 2 wires 4 wires 8 wires Maximum data rate 5 696 Mb...

Страница 9: ... 3 On SHDSL bis line 3 connection is established Blink SHDSL bis line 3 handshake Transmit or received data over SHDSL bis link 3 LINK 4 On SHDSL bis line 4 connection is established Blink SHDSL bis line 4 handshake Transmit or received data over SHDSL bis link 4 LAN LINK ACT1 On Ethernet cable is connected to LAN 1 Blink Transmit or received data over LAN 1 LINK ACT2 On Ethernet cable is connecte...

Страница 10: ...12VDC CONSOLE RJ 45 for system configuration and maintenance RST Reset button for reboot or load factory default LAN 1 2 3 4 10 100BaseT auto sensing and auto MDIX for LAN port RJ 45 USB USB ports for 6200 2W U 6200 4W U and 6200 2W U only DSL G SHDSL Bis interface for WAN port RJ 45 Frame Ground Protective earth ...

Страница 11: ...r model Loop1 2 3 and 4 have been used Channel A Channel B Channel C Channel D 2 wire model 6200 2W 6200 2W U 2 wire mode Loop1 4 5 4 wire model 6200 4W 6200 4W U 2 wire mode 4 wire mode Loop1 4 5 Loop1 4 5 Loop2 3 6 8 wire model 6200 8W 6200 8W U 2 wire mode 4 wire mode 8 wire mode Loop1 4 5 Loop1 4 5 Loop2 3 6 Loop1 4 5 Loop3 1 2 Loop4 7 8 Loop2 3 6 For test on point to point connection purpose ...

Страница 12: ...9 T 568A Straight Through Ethernet Cable T 568B Straight Through Ethernet Cable Both the T 568A and the T 568B standard Straight Through cables are been used ...

Страница 13: ... the optimum Ethernet speed 10 100 Mbps and duplex mode full duplex or half duplex of the connected device The auto crossover auto MDI MDI X ports automatically works with a straight through or crossover Ethernet cable 2 2 3 3 C Co on ns so ol le e P Po or rt t Connect the RJ 45 jack of the console cable to the console port of the VPN Router Connect the DB 9 female end to a serial port COM1 COM2 o...

Страница 14: ...aptor Inset the female end of power adaptor s cord into the power receptacle on the rear panel Connect the power adaptor to an appropriate power source 2 2 6 6 R Re es se et t B Bu ut tt to on n The reset button can be used only in one of two ways 1 Press the Reset Button for two second will cause system reboot 2 Pressing the Reset Button for eight seconds will cause the product loading the factor...

Страница 15: ...wser Users have to choose one method to configure the VPN Router 3 3 1 1 1 1 W We eb b C Co on nf fi ig gu ur ra at ti io on n Make sure that Ethernet Adapter had been installed in PC or NB used for configuration of the modem TCP IP protocol is necessary for web configuration so please check the TCP IP protocol whether it has been installed The VPN Router provides a browser interface that allows y...

Страница 16: ... and password in order to remote login when using telnet please use root for username and root for password Please check the following screen shot for what you will see in your terminal window 3 3 1 1 3 3 T Te el ln ne et t C Co on nf fi ig gu ur ra at ti io on n The VPN Router also supports telnet for remote management Please make sure the correct Ethernet cable connected the LAN ports of device ...

Страница 17: ...he easiest and quickest way possible Please follow the instructions carefully Step 1 Connect the power adapter to the port labeled DC IN on the rear panel of the VPN Router Step 2 Connect the Ethernet cable to LAN ports Note The VPN Router supports auto MDIX switching hub so both straight through and cross over Ethernet cables can be used Step 3 Connect the phone cable to the VPN Router and the ot...

Страница 18: ...15 Connection with VPN Router ...

Страница 19: ...ter Then please type http 192 168 0 1 in the address bar of the browser Step 2 The default IP address and sub net mask of the management port of VPN Router are 192 168 0 1 and 255 255 255 0 Step 3 If DHCP function is Disable your computer can set the same net mask such as 192 168 0 X which X is from 2 to 254 that are also can connect Step 4 Key in user name root and password root then click on Log...

Страница 20: ...PPPoA PPP User PPP Password Confirm Password PPP Connection Type PPPoA NAT PPPoE PPPoE NAT Primary DNS Secondary DNS DHCP mode Disable Server Relay SHDSL bis Mode STU R STU C WAN ENCAP WAN VPI VCI Default Gateway Network SHDSL Mode TCLayer Pair Mode Annex TCPAM Line Probe Max Base Rate Interop Mode Interfaces LAN IP Netmask WAN Protocol ...

Страница 21: ...imary Secondary DHCP Mode Disable Server Relay DHCP Server Mode Subnet Netmask IP Range Gateway DNS Lease Time DHCP Relay IP Interface NAT Mode Entry 1 16 Enable Source IP Source Netmask Output Interface Advance STP Router Mode Not available Bridge Mode Mode Aging Time VLAN Router Mode Not available Bridge Mode Mode Disable 802 1Q Tag Based VLAN ...

Страница 22: ...Full 100M Half 10M Full 10M Half Static Route Destination Netmask Gateway Interface QoS Mode Traffic Classify Mode Class ID Protocol Src IP Src Netmask Src Port Dst IP Dst Netmask Dst Port 802 1P Class ID IP DSCP DSCP Class ID Class Shaping Mark Mode DSCP TOS Min Rate Max Rate RIP Mode RIP Version LAN Mode Passive WAN1 WAN8 Mode ...

Страница 23: ...ot available DDNS Mode Provider Host Name User Name Password IGMP IGMP Proxy Snooping Security Firewall Router Mode Mode Bridge Mode Not available VPN Router Mode IPSEC Mode Name WAN Perfect Forward Secrecy Local Subnet Local Netmask Remote Public IP Remote Local LAN Subnet Remote Local LAN Netmask Pre shared Key L2TP Mode Authentication Virtual IP L2TP IPSec Mode IPSec Interface IPSec PSK User ...

Страница 24: ...t End Port Destination IP Mask Destination Start End Port MAC Filter Mode Default Policy Entry 1 16 Mode MAC Action Management SNTP Sync With PC SNTP Mode Time Server Time Zone SNMP SNMPv3 Mode V3 User Name V3 Auth Password V3 Priv Password V3 Auth Mode V3 Auth Type V3 Priv Type V3 Access Trap Mode Community Trap Host IP TR069 Mode ACS URL ACS Username ACS Password ...

Страница 25: ...Server Mode Remote Server Address Remote Server Port Telnet Mode Port SSH Mode Port Web Refresh Time Service Port Show Information Hardware MCSV Software MCSV Software Version DSL Chip Name DSL Phy Firmware Version DSL IDC Firmware Version MAC Serial No Present Time System Uptime Sys Log Script Status SHDSL WAN Route Table Interfaces STP not available in router mode Utilities Upgrade Config Tool D...

Страница 26: ...23 Restore Users User 1 4 Name Level Password Confirm Ping IP Address Size Count Update Trace Route Host name or IP Packet Datagram Update Interval ...

Страница 27: ...ou to connect to the Internet which include all the technical settings VCI encapsulation etc and the VPN router also connects to the ISP with your username and password You can basically just connect to your computer Bridge mode on the other hand allows some external device for example your computer or a separate router to do the ISP connection etc In bridge mode all the VPN router does is remembe...

Страница 28: ...anisms for identifying the protocol carried in ATM Adaptation Layer 5 AAL5 frames WAN VPI VIC There is an unique VPI and VCI value for Internet connection supported by ISP The range of VIP is from 0 to 255 and VCI is from 0 to 65535 3 3 3 3 1 1 2 2 R Ro ou ut te er r M Mo od de e Click on Router to assign this VPN router to be a router device Once System Mode is set to Router more setups will be s...

Страница 29: ...a router device 1 WAN IP and WAN Netmask Fill up the IP address and the netmask of WAN 2 Protocol Nine options are available for this setup Disable EoA EoA NAT IPoA IPoA NAT PPPoA PPPoA NAT PPPoE PPPoE NAT 3 WAN ENCAP Choose either LLC or VC MUX for WAN encapsulation 4 WAN VPI VCI Define the values of VPI and VCI ...

Страница 30: ... in DNS section DHCP Mode Choose whether DHCP mode should be disabled or enabled If the DHCP mode should be enabled decide the mode should be Server or Relay PPP This section is only available when the protocol is PPPoA PPPoA NAT PPPoE or PPPoE NAT ...

Страница 31: ...1 1 3 3 S SH HD DS SL L b bi is s m mo od de e There are two SHDSL bis modes STU C and STU R STU C means the terminal of central office CO and STU R means customer premise equipment CPE Click STU R side or STU C side to setup the operation mode When connected with DSLAM the mode should be CPE When LAN to LAN connection one side must be CO and the other side must be CPE ...

Страница 32: ... M Ma as sk k In both Bridge mode and Router mode the IP address and subnet mask of LAN should be provided 3 3 3 3 1 1 5 5 D De ef fa au ul lt t G Ga at te ew wa ay y Default Gateway allows users to fill up the gateway IP address in both Bridge mode and Router mode ...

Страница 33: ...unctions 3 3 4 4 1 1 S SH HD DS SL L 1 Mode You are able to change your VPN router s mode to STU R or STU C in here 2 TC Layer Three options are available for this function ATM EFM or AUTO You are able to define the network type as an ATM connection or an EFM connection Or you are able to set TC layer as AUTO so the VPN router will define by itself Note AUTO will be only available when the VPN rou...

Страница 34: ...n select 2 wire and 4 wire line types 6200 8W and 6200 8W U 8 wire model can select 2 wire 4 wire or 8 wire line types 4 Annex There are four Annex types Annex A Annex B Annex A F and Annex B G Please confirm with your ISP 5 TCPAM Three options are available for TCPAM feature Auto TCPAM 16 and TCPAM 32 Auto means the system will choose TCPAM automatically and this option is only available when the...

Страница 35: ... according to Annex type SHDSL bis VPN Router Annex A Annex B Annex A F Annex B G Range 3 36 3 36 3 89 3 89 8 Interop Mode This feature allows you to enable or disable the interoperability of G SHDSL version for the VPN router by choosing NONE or GSPN 3 3 4 4 2 2 I In nt te er rf fa ac ce es s Three sections in Interface function In the first section the top most part you are able to change the IP...

Страница 36: ...ble during the connection life time This bandwidth is characterized by Peak Cell Rate PCR Based on the PCR of the CBR traffic specific cell slots are assigned for the VC in the schedule table The ATM always sends a signle cell during the CBR connection s assigned cell slot VBR rt Varible Bit Rate real time is intended for real time applications such as compressed voice over IP and video comferenci...

Страница 37: ...c backup function When connecting with SHDSL bis it will enable the 3G 3 5G broadband connection automatically when SHDSL bis Internet connection is not available You can surf Internet anywhere and anytime via this device 3G 3 5G Modem card installation If you have 3G 3 5G modem card and SIM card please follow the following instructions to establish connection 1 Connect power adapter to VPN router...

Страница 38: ... authentication method you want to use Most of telecomm service providers require you to input Dial Number and APN Access Point Name please those items provided by telecomm service provider After finish type those items then click APPLY button Note Different ISP s require Dial Number and APN for connecting to the Internet please check with your ISP as to the type of connection it requires 3 3 4 4 ...

Страница 39: ...s with a connection to the Internet an IP address must be assigned to each machine Without DHCP the IP address must be entered manually at each computer If computers move to another location in another part of the network a new IP address must be entered DHCP lets a network administrator to supervise and distribute IP addresses from a central point and automatically sends a new IP address when a c...

Страница 40: ...efined in the IEEE 802 1D is a link management protocol that provides path redundancy while preventing undesirable loops in the network For an Ethernet network to function properly only one active path can exist between two stations Multiple active paths between stations cause loops in the network If a loop exists in the network topology the potential exists for duplication of messages When loops ...

Страница 41: ...twork resources of another on the same LAN VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain In traditional switched environments all broadcast packets go to each every individual port With VLAN all broadcasts are confined to a specific broadcast domain User can choose three types of VLAN 802 1Q Tag Based VLAN and Port Based VL...

Страница 42: ...39 ...

Страница 43: ...net packet with no VLAN ID is called an untagged packet Typically all packets leave untagged unless tagged by the adapter prior to arriving at the switch port Egress and Ingress Rules Egress rules determine which frames can be transmitted out of a port based on the Egress List of the VLAN associated with it Each VLAN has an Egress List that specifies the ports out of which frames can be forwarded ...

Страница 44: ...Type equal to 8100H this frame carries the tag IEEE 802 1Q 802 1P Priority field defines user priority giving eight 2 3 8 priority levels IEEE 802 1P defines the operation for these 3 user priority bits Refer to following table CFI Canonical Format Indicator is always set to zero for Ethernet switches CFI is used for compatibility reason between Ethernet type network and Token Ring type network If...

Страница 45: ...his traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this VPN Router to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network...

Страница 46: ...ce will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group Link Type Sets the port to accept the frame types Access means the port can only receive or send untagged frame types Trunk means that the prot can only receive or send tagged frame types P Po or rt t B Ba as se ...

Страница 47: ...ssigned to a VLAN the port cannot send to or receive from devices in another VLAN For example The default setting is all ports connected which means all ports can communicate with each other That is there are no virtual LANs The option is the most flexible but the least secure 3 3 5 5 3 3 Q Q i in n Q Q VPN router allows users to setup Q in Q function in 4 modes 1 Disable 2 Mapping 3 By VLAN 4 By ...

Страница 48: ...45 M Ma ap pp pi in ng g Total of 16 rules are allowed for users to setup B By y V VL LA AN N ...

Страница 49: ...46 B By y W WA AN N ...

Страница 50: ...10M Half 3 3 5 5 5 5 S St ta at ti ic c R Ro ou ut te e A static route is one that is manually installed by your network administrator This is a very efficient way to transfer data from one subnet to another despite the fact that this type of route is manually intensive Static route is a path in the router that indicates how it will reach a certain subnet by taking a specific path ...

Страница 51: ...ant that any network administrator have substantial knowledge about static routes Although this type of route may not be as effective with large networks they are quite useful in any size of networks Meanwhile even if you have setup a dynamic route there are cases that still require a static route 3 3 5 5 6 6 Q Qo oS S QoS Quality of Service refers to both a network s ability to deliver data with ...

Страница 52: ...P P VLAN Tag Priority uses the tag field information which has been inserted into an Ethernet frame If a port has an 802 1Q compliant device attached such as this modem these tagged frames can carry VLAN membership information IEEE 802 1Q Tagged Frame for Ethernet ...

Страница 53: ...p their Queue Weight form 1 to 15 I IP P D DS SC CP P Differentiated Services DiffServ is a class of service CoS model that enhances best effort Internet services by differentiating traffic by users service requirements and other criteria Packet are specifically marked allowing network nodes to provide different levels of service as appropriate for video playback voice calls or other delay sensiti...

Страница 54: ... then be allocated according to the DSCP values and the configured policies The following is an illustration about how the bits are used in DSCP field Bit 0 Bit 1 Bit 2 Precedence Usage 1 1 1 7 Stays the same link layer and routing protocol keep alive 1 1 0 6 Stays the same used for IP routing Protocols 1 0 1 5 Express Forwarding EF 1 0 0 4 Class 4 0 1 1 3 Class 3 0 1 0 2 Class 2 0 0 1 1 Class 1 0...

Страница 55: ... Class 3 Class 4 Low Drop 001010 AF11 DSCP 10 010010 AF21 DSCP 18 011010 AF31 DSCP 26 100010 AF41 DSCP 34 Medium Drop 001100 AF12 DSCP 12 010100 AF22 DSCP 20 011100 AF32 DSCP 28 100100 AF42 DSCP 36 High Drop 001110 AF13 DSCP 14 010110 AF23 DSCP 22 011110 AF33 DSCP 30 100110 AF43 DSCP 38 The recommended DSCP values which are based on RFC 4594 are in the following table Service Class Name DSCP Name ...

Страница 56: ...0000 0 Undifferentiated applications Low Priority Data LBE CS1 001000 8 Mirror service remote backups etc Each DSCP value from 0 to 63 is mapped to a Queue value from 1 to 8 from the drop down list box The number 1 represents the highest priority and number 8 represents the lowest priority and according various queuing strategies to tailor performance to requirements You are easy to change the tab...

Страница 57: ...aping retains excess packets in a queue and then schedules the excess for later transmission over increments of time The result of traffic shaping is a smoothed packet output rate 3 3 5 5 7 7 R RI IP P The RIP Routing Information Protocol is a dynamic routing protocol used in local and wide area networks It s a very simple protocol based on distance vector routing algorithms As such it is classifi...

Страница 58: ... users all virtual servers on your LAN have the same IP address The IP address is allocated by your ISP This address should be static rather than dynamic to make it easier for Interface users to connect to your Servers Once configured anyone on the Internet can connect your virtual servers They must use the Internet IP address The IP address allocated to you by your ISP It is more convenient if yo...

Страница 59: ...etimes referred to as a Perimeter Network The purpose of a DMZ is to add an additional layer of security to an organization s LAN Local Area Network an external attacker only has access to equipment in the DMZ rather than any other part of the network If enabled this feature allows one or more computers on your LAN to be exposed to all users on the internet You can set a DMZ PC for each WAN IP add...

Страница 60: ...e name is a feature that allows VPN Router to listen in on the IGMP conversation between hosts to this VPN Router by processing the IGMP packets sent in a multicast network When IGMP snooping is enabled VPN router will analyzes all IGMP packets between hosts connected to the VPN router and multicast routers in the network When the VPN router hears an IGMP report from remote side for a given multic...

Страница 61: ...of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood A UDP flood attack is a denial of service DoS attack using the User Datagram Protocol UDP A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests Ping of Death A ping of death POD attack attempts to crash your sys...

Страница 62: ...ier The return address of the ping has been faked spoofed to appear to come from a machine on another network the victim The victim is then flooded with responses to the ping As many responses are generated for only one attack the attacker is able use many amplifiers on the same victim Fraggle attack A Fraggle attack is a type of denial of service attack where an attacker sends a large amount of U...

Страница 63: ...s and keys used between the two VPN devices endpoints There are two security modes possible with IPsec Transport Mode the payload data part of the packet is encapsulated through encryption but the IP header remains in the clear unchanged Tunnel Mode everything is encapsulated including the original IP header and a new IP header is generated Only the new header in the clear i e not protected This s...

Страница 64: ...is indicates whether or not the policy is currently enabled Use the Enable Disable to toggle the state the selected policy Policy name The name of the policy When creating a policy you should select a suitable name ...

Страница 65: ...Remote Network ID 192 168 1 0 24 192 168 0 0 24 Remote Router IP 69 1 121 3 69 1 121 30 IKE Pre shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunnel mode Security Algorithm ESP MD5 with AES ESP MD5 with AES Both office LAN networks must in different subnet with LAN to LAN application Functions of Pre shared Key VPN Connection type and Security Algorithm must be identically set up on...

Страница 66: ...e tunnel to provide privacy L2TP allows a PPP session to travel over multiple links and networks PPP is used to encapsulate IP packets from the user s PC or mobile device to the ISP and L2TP extends that session across the Internet Example Configuring L2TP LAN to LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet Th...

Страница 67: ...TP Point to Point Tunneling Protocol is a private network of computers that uses the public Internet to connect some nodes Because the Internet is essentially an open network the PPTP is used to ensure that messages transmitted from one VPN node to another are secure With PPTP users can dial in to their corporate network via the Internet There are two types of PPTP VPN supported Remote Access and ...

Страница 68: ... installed in the office connected to a couple of PCs and Servers Example Configuring a PPTP LAN to LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Both office LAN networks MUST in different subnet with LAN to LAN application ...

Страница 69: ...ndpoint The 2 LANs must use different IP address ranges VPN Pass through Here a PC on the LAN behind the VPN router is using VPN software but the VPN router is not acting as CPN endpoint It is only allowing the VPN connection The PC software can use any VPN protocol supported by the remote VPN The remote VPN server must support client PCs which are behind a NAT router and so have an IP address whi...

Страница 70: ... IP address of the remote VPN end point Gateway or client 3 3 6 6 3 3 F Fi il lt te er r I IP P f fi il lt te er r Source IP Address es Destination IP Address es This is the Address Filter used to allow or block traffic to from ...

Страница 71: ...pplication Default is set from range 0 65535 It is recommended that this option be configured by an advanced user Destination Port This is the Port or Port Ranges that defines the application Application Protocol Port Number Start End HTTP TCP 80 80 DNS UDP 53 53 DNS TCP 53 53 FTP TCP 21 21 Telnet TCP 23 23 SMTP TCP 25 25 POP3 TCP 110 110 NEWS NNTP TCP 119 119 Real Audio Real Video UDP 7070 7070 P...

Страница 72: ...s and denies network access to specific devices through the use of black lists and white lists While the restriction of network access through the use of lists is straightforward an individual person is not identified by a MAC address rather a device only so an authorized person will need to have a white list entry for each device that he would use to access the network While giving a wireless net...

Страница 73: ... Network Time Protocol NTP used to synchronize computer clocks in the Internet SNTP can be used when the ultimate performance of the full NTP implementation The function only supported on router mode There are two methods to synchronize time synchronize with PC or SNTP If you choose synchronize with PC the VPN Router will synchronize with PC s internal timer If you choose SNTP the VPN Router will ...

Страница 74: ...etwork Management Protocol SNMP provides for the exchange of messages between a network management client and a network management agent for remote management of network nodes These messages contain requests to get and set variables that exist in network nodes in order to obtain statistics set configuration parameters and monitor network events SNMP communications can occur over the LAN or WAN con...

Страница 75: ...ses equipment and ACS Auto Configuration Servers It includes both a safe auto configuration and the control of other CPE management functions within an integrated framework Using TR 069 the terminals can get in contact with the ACS Auto Configuration Servers and establish the configuration automatically ACS URL URL for the CPE to connect to the ACS using the CPE WAN Management Protocol This parame...

Страница 76: ...nform Interval The duration in seconds of the interval for which the CPE must attempt to connect with the ACS and call the Inform method Connection Request Username Username used to authenticate an ACS making a Connection Request to the CPE Connection Request Password Password used to authenticate an ACS making a Connection Request to the CPE 3 3 7 7 4 4 U UP Pn nP P Enable UPnP Universal Plug and...

Страница 77: ...y a UDP port number to which the syslog server is listening The default value is 514 Make sure this is not blocked from your firewall Press Apply to finish the setup 3 3 7 7 6 6 T Te el ln ne et t There are quite a few Telnet clients available many of which are free For example the Windows operating systems are shipped with a Telnet client included found at c windows telnet exe This Telnet client ...

Страница 78: ...or your login name and login password You specified both your login name and login password when you ordered your VPN Router After the login process is successful you will have gained access to your VPN Router and can now issue commands at the command prompt For SSH you may change the default service port by typing the new port number If you change the default port number then you will have to let...

Страница 79: ...ginal factory version and remains even after upgrading the router in the field This is for internal identification purposes Software Version This is the modem s current firmware version This is sometimes needed by technicians to help troubleshoot problems Chipset Name This is the G SHDSL chipset s name Firmware Version This is the chipset s firmware version Present Time This field display your VPN...

Страница 80: ...77 3 3 8 8 2 2 S Sy ys s L Lo og g 3 3 8 8 3 3 C CP PU U I In nf fo o ...

Страница 81: ...78 3 3 8 8 4 4 S Sc cr ri ip pt t ...

Страница 82: ...79 3 3 9 9 S St ta at tu us s 3 3 9 9 1 1 S SH HD DS SL L For 2 wire models For 4 wire models For 8 wire models ...

Страница 83: ...ows all eight WAN interface 3 3 9 9 3 3 R Ro ou ut te e T Ta ab bl le e Routing tables contain a list of IP address Each IP address identifies a remote router or other network gateway that the local router is configured to recognize For each IP address the routing table additionally stores a network mask and other data that specifies the destination IP address ranges that remote device will accept...

Страница 84: ...tets The field shows the number of received bytes on this port InPactets The field shows the number of received packets on this port OutOctets The field shows the number of transmitted bytes on this port OutPactets The field shows the number of transmitted packets on this port InDrops The field shows the discarded number of received packets on this port OutDrops The field shows the discarded numbe...

Страница 85: ...82 3 3 9 9 6 6 S Sw wi it tc ch h ...

Страница 86: ...irmware upgrade 3 3 1 10 0 2 2 C Co on nf fi ig g T To oo ol l This configuration tool has three functions load Factory Default Restore Configuration and Backup Configuration L Lo oa ad d F Fa ac ct to or ry y D De ef fa au ul lt t Load Factory Default It will load the factory default parameters to the router Note This action will change all of the settings to factory default value On the other ha...

Страница 87: ...r parameters in the PC Select the Backup Configuration and then press Apply Browse the place of backup file name or put the name Then press OK The router will automatically backup the configuration If you don t put the file name the system will use the default config1 log ...

Страница 88: ...ity change the Administrator Name and password for the VPN router If you don t set them all users on your network can be able to access your VPN router using the default Administrator Name and password is root You can authorize other four legal users to access the VPN Router via Web telnet or console There has CLI command line mode for telnet or console mode to setup the VPN Router We will not dis...

Страница 89: ... you simply identify the Web site or other remote server computer by its IP address The result of a ping test includes confirmation that connection was successful along with a series of numbers that represent the communication delay in milliseconds ms Ping reports the percentage of packets acknowledged by the remote host Typically this number will be 100 as in the example above or 0 When an Intern...

Страница 90: ...orwarded from your VPN router to a destination address The length of the network connection is indicated by the number of Internet routers in the trace route path Trace routes can be useful to diagnose slow network connections For example if you can usually reach an Internet site but it is slow today then a trace route to that site should show you one or more hops with either long times or marked ...

Страница 91: ...ocol ISPs who provide DSL services often use the EoA protocol for data transfer with their customers DSL modems EoA can be implemented to provide a bridged connection between a DSL modem and the ISP In a bridged connection data is shared between the ISP s network and their customer s as if the networks were on the same physical LAN Bridged connections do not use the IP protocol EoA can also be con...

Страница 92: ...n customer premises equipment which is the telephone company s term for a modem and similar devices PPPoE and PPPoA can be used to office or building Users share a common Digital Subscriber Line DSL cable modem or wireless connection to the Internet PPPoE and PPPoA combine the Point to Point Protocol PPP commonly used in dialup connections with the Ethernet protocol or ATM protocol which supports ...

Страница 93: ...90 PPPoE ...

Результаты поиска

Содержание 6200-2W

Отзывы:

Похожие инструкции для 6200-2W

Бренды по названию

Популярные бренды

Proscend 6200-2W, Руководство пользователя

Результаты поиска

Содержание 6200-2W

Отзывы:

Похожие инструкции для 6200-2W

Бренды по названию

Популярные бренды