background image

 

11

3.4 IPSEC Configuration 

This sub-page allows configuration of the device's IPSec (IP Security) settings. A sample IPSec 
scenario  is  described  below  to  aid  in  the  configuration  description.  In  this  scenario,  a  SP200X 
router  establishes  a  tunnel  to  other  VPN  router  or  another  SP200X  router.  Both  the  SP200X 
router  and  the  remote  VPN  router  are  configured  to  have  private  LAN  subnets  (Subnet  A 
[192.168.1.x] and Subnet B [192.168.2.x] respectively). IPSec in tunneling mode can be used to 
establish  a  secure  tunnel  between  two  VPN  routers.  The  SP200X  router  will  send  out  traffic 
through a secure tunnel or normal internet depending on the destination address of the traffic. If a 
packet is to be sent through a secure tunnel, the packet will bypass NAT and will be encapsulated 
with  the  router  (gateway)'s  src/dest  address  and  appropriate  encryption  and  authentication 
header/trailers. This way, the packet retains its own subnet information and can be regarded as if 
it were originated within a private network (Virtual Private Network). 
 
After the tunnel establishment, a work station in Subnet A should be able to access Subnet B, and 
vice versa. 

 

Sample network topology: 
 

Subnet A   

 

 IPSec Tunnel  

 

  Subnet B 

Work Station 1---[SP200X] ================ [VPN router/SP200X] ---- Work Station 2 
 192.168.1.101     209.85.69.82                            209.85.69.116     192.168.2.100 
                                                      \                        / 
                                                         \    (        )     / 
                                                            \ (         ) / 
                                                             (  cloud  ) 
                                                                (      ) 
                                                                  (  ) 

 

 

 

 

Содержание SP200XV2

Страница 1: ...SP200XV2 User s Manual Version 3 2 x SignalSys Inc www SignalSys com ...

Страница 2: ...guration 3 5 VLAN Settings 3 6 MAC Spoofing IV SIP Configuration 13 4 1 SIP Settings 4 2 SIP Extensions 4 3 Out of band OOB Signalling Settings 4 4 SIP ToS DiffServ Settings 4 5 SIP VLAN Settings V CODEC Configuration 16 VI System Configuration 17 6 1 Security Settings 6 2 Localization Clock Settings 6 3 SNMP Settings 6 4 Service Access Settings VII Download Configuration 19 VIII Reset Configurati...

Страница 3: ...3 Appendix 21 A Determining the IP Address A 1 General Instructions B Forcing Safe Modes C Dial Plans C 1 Sample Dial Plans ...

Страница 4: ...Safety Precautions carefully before you install the SP200X Read the User Manual before using the SP200X Keep your User Manual in a safe place Pay attention to all remarks with warning marks Check the power voltage in your area Make sure the power plug is not over burdened which may cause equipment damage and fire Keep power cord standard wiring Do not put anything on it Keep the equipment in a coo...

Страница 5: ...et to 192 168 123 1 Enter the subnet mask for the private LAN If you wish to set the broadcast and multicast limits for the bridge router enter these values as percentages of the LAN interface Ethernet bit rate Leaving these values blank will imply values of 100 Press Save LAN Settings to save and apply the LAN interface settings Any new settings will take effect immediately 2 2 DHCP Server Settin...

Страница 6: ...o the entry to be removed To view the current active DHCP client binding table the internal list of devices for which the server has provided an IP address lease press View DHCP Table A popup window will appear displaying the list of bindings Press Update to update the binding information Press Close to close the binding table window To clear the device s internal DHCP client binding table press C...

Страница 7: ...ting Table button A popup window will appear displaying the routing table Press Update to update the route entries Press Close to close the routing table window 2 4 Port Forwarding NAPT Settings This page allows the user to customize the devices port forwarding feature The port forwarding feature does not apply if the device is operating in bridge only mode Port forwarding provides WAN access to t...

Страница 8: ...IP call signaling and RTP packets can be separately applied see sections 3 5 which will override the general values set on this page If no special VoIP call signaling or RTP VLAN settings are applied then call signaling and RTP packets will also use the general VLAN settings entered on this page Press Save VLAN Settings to save and apply the general VLAN settings Any new settings will take effect ...

Страница 9: ...ator to DISCONNECT an active WAN PPPoE session or to initiate CONNECT a PPPoE session if currently disconnected 3 2 WAN Interface Settings This sub page only applies to the SP200X device It allows the user to configure the Ethernet WAN interface First select whether the device is to act as a router or a bridge between the WAN and LAN interfaces Select whether you wish for the WAN interface to be c...

Страница 10: ... for the login authentication process Setting the idle timeout will result in the PPP connection being torn down if the client detects inactivity on the connection over the specified timeout period Leaving this field blank will result in the connection being permanently up i e without timeout If the PPPoE server service provider requires any special Service Name or AC Name to be set you can specif...

Страница 11: ...ll send out traffic through a secure tunnel or normal internet depending on the destination address of the traffic If a packet is to be sent through a secure tunnel the packet will bypass NAT and will be encapsulated with the router gateway s src dest address and appropriate encryption and authentication header trailers This way the packet retains its own subnet information and can be regarded as ...

Страница 12: ...ication which makes the use of ESP only secure enough in most situations You can enable AH and or ESP by providing unique SPI Security Parameter Index numbers in the AH SPI and or ESP SPI fields At least one of these ESP in most cases must be enabled to do IPSec tunneling In this example we will assume only ESP is used with 3DES and MD5 for encryption and authentication Outbound AH SPI blank AH is...

Страница 13: ...e WAN interface and press Save MAC Spoofing Settings to save and apply the new setting SECTION IV SIP Configuration If the device is running the SIP protocol select SIP from the menu on the left This will provide sub pages to configure the SIP endpoint and SIP Server settings selection of any special SIP extensions for advanced SIP features the specification of out of band OOB DTMF signalling the ...

Страница 14: ...by checking the box next to Send Registration Request If you use Outbound SIP Proxy you may fill in the Proxy IP address and Port Otherwise leave them blank If you STUN server you may fill in the STUN server IP address and Port Otherwise leave them blank For the endpoint set the dial plan to be used by all lines refer to Appendix D for details on the dialplan representation and select the transpor...

Страница 15: ...wish for the SIP stack to implement a session timer according to draft sip session timer select the option SIP Session Timer value and enter the session time out value Press Save SIP Extension Settings to save the new values 4 3 Out of band OOB Signaling Settings This sub page allows configuration of the out of band signaling options for SIP Select whether OOB telephone event signaling is to be do...

Страница 16: ...packets used for VoIP calls These VLAN settings will override any general VLAN settings applied to the interface Press Save VoIP VLAN Settings to save the settings DO NOT CHANGE THIS VLAN SETTINGS UNLESS YOU KNOW EXACTLY WHAT YOU WANT TO DO SECTION V CODEC Configuration This page is available for configuring the audio CODEC parameters as well as the Jitter Buffer settings for the CODEC decoders ...

Страница 17: ...ter buffer to a fixed jitter buffer upon fax modem tone detection Adaptive jitter buffers are sometimes detrimental to fax transmission over G711 CODECs if they have to adapt too rapidly or too extensively due to inconsistent and widespread packet delays In these adverse network conditions a fixed jitter buffer provides superior performance when handling incoming fax transmissions over G711 CODECs...

Страница 18: ...l be used if accessible Select the time zone and whether or not adjust for daylight savings Press Save Localization Settings to save the new values These settings will only take effect when the device is rebooted 6 3 SNMP Settings This sub page is used for configuring the device s SNMP server Configure the SNMP Trap Host IP address and community the SNMP read and write community parameters and the...

Страница 19: ... settings SECTION VII Download Configuration This page provides two options for downloading a new firmware application image to the device If you wish to download the new firmware image using TFTP enter the filename of the ROM image and enter the IP address of the TFTP server on which this file resides Press Start TFTP Download to initiate the TFTP download process If the ROM image is stored on th...

Страница 20: ... for resetting the device Select whether you wish to reset the device and start executing the main default application or whether you wish to reset the device and start executing the internal downloader application Press Reset to reset the device SECTION IX General Troubleshooting 9 1 LED LED Power ON OFF indicates power connection LED LAN ON OFF indicates LAN connection LED WAN ON OFF indicates W...

Страница 21: ...l forwarding off pick up the phone and dial 3 APPENDIX A Determining the IP Address This section provides instructions on how to determine the IP address of a unit or how to boot up into a safe mode that allows the IP address to be reconfigured Instructions differ depending on the platform type A 1 General Instructions The following general instructions can be followed to determine the IP address ...

Страница 22: ... L3 are ON REMINDER There is a two second time out after each press of the RESET button after which the downloader network stack will boot into the selected mode 1 Presses FIXED IP 2 Presses 10 1 0 54 If the wrong network mode is started by mistake the process can be easily restarted by holding down the RESET button and power cycling the device again C Dial Plans The SIP code will allow provisioni...

Страница 23: ...ctivated when it is all that is required to produce a match The period of timer T is 4 seconds For example a dial plan of xxxT xxxxx will match immediately if 5 digits are entered it will also match after a 4 second pause when 3 digits are entered C 1 Sample Dial Plans Simple Dial Plan Allows dialing of 7 digit numbers e g 5551234 or an operator on 0 Dial plan is 0T xxxxxxx Non dialed Line Dial Pl...

Отзывы:

Похожие инструкции для SP200XV2