XiNCOM Twin WAN XC-DPG503 Скачать руководство пользователя страница 58 | Manualshive

Страница: 58 / 108

XiNCOM Twin WAN XC-DPG503 Скачать руководство пользователя страница 58

Twin WAN Series – User Guide | v1

Section 2: Global Settings (IKE)

Planning the VPN

Consider these questions and setup issues when planning your VPN:

•

If the remote end is a LAN network, the two-endpoint network must have
different LAN IP address ranges. If the remote endpoint is a single PC running a
VPN client, its destination address must be a single IP address, with subnet mask
of 255.255.255.255

•

Will you be using the Internet Key Exchange (IKE) setup or Manual Keying? For
either method, you must specify each phase of the connection.

•

At least one side must have a fixed IP address. The other side with a dynamic IP
address must always be the initiator of the connection.

•

What encryption level will you use? (DES/3DES - hardware encryption; AES -
software encryption)

IKE Global Setting

The XC-DPG503 and 603 are shipped to the customer with VPN features disabled by
default. To enable this feature, use the Global Setting page and check the Enable box on
WAN 1, WAN 2, or both WAN ports. Upon enabling these settings, you will need to
match the settings of the remote endpoint. All XiNCOM VPN gateways ship with the
same default Global Parameters. If you are connecting to another XiNCOM VPN
endpoint using the default values, you do not have to make any changes to this page.
Once the VPN feature is enabled, VPN Policies and Mesh Groups (DPG603 only) may
be created.

To connect to another VPN gateway or to create a policy so VPN clients can connect to
the gateway, please use the Policy Setup page. Policy Setup allows you to create a single
tunnel to connect to a remote VPN endpoint of any brand which supports the standard
IPsec protocol.

If the VPN Aggregation or VPN Failover is desired, use the Mesh Group setup page . The
Mesh Group allows you to create four different tunnels at once instead of using Policy
Setup. This feature is created to save time and avoid uncorrelated settings between
policies. The setting then may be fine tuned using the Policy Setup page. When the group
is created, you can use the Modify button to edit the settings or you can use the Policy
Setup to edit and fine tune each individual tunnel.

Copyright © 2005 WINS International, LLC dba XiNCOM | All rights reserved.

57

«
...
56
57
58
59
60
...
»

Содержание Twin WAN XC-DPG503

Страница 1: ...User Guide Twin WAN Series TM By WINS International By WINS International LLC ...

Страница 2: ...ction 6 Dynamic DNS 42 Section 7 Multi DMZ UPnP 45 Section 8 NAT 47 Section 9 Advanced Feature 48 Chapter 4 Security 51 Section 1 Block URL 51 Section 2 Access Filter 52 Section 3 Session Limit 54 Section 4 Firewall Exception SysFilter Exception 55 Chapter 5 VPN Configuration 56 Section 1 Overview 56 Section 2 Global Settings IKE 57 Section 3 Policy Setup 62 Section 3 Policy Setup continued 69 Cha...

Страница 3: ...91 Chapter 9 Network Info 95 Section 1 Operation Status Overview 95 Section 2 WAN NAT Status 98 Section 3 Restoring Factory Defaults 100 Appendices 101 Appendix A Specifications 101 Appendix B Windows TCP IP Setup 102 Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 2 ...

Страница 4: ...ess s customers while maintaining uptime and productivity for its employees Robust Security Features The Twin WAN Series also features NAT a Stateful Packet Inspection SPI Firewall DHCP server Access Filters and a built in VPN endpoint VPN models only to secure a business s network services The Quality of Service QoS feature schedules and directs a network s traffic to take advantage of available ...

Страница 5: ...N Gateways are an authoritative DNS to IP gateway that resolves a domain name to its respective IP addresses This new capability allows for inbound failover and load balancing for servers located behind the gateway Using dual WAN ports simultaneously increases available bandwidth for both uploads and download requests You can set load balance type by Packets Bytes rx tx and Sessions Automatic Fail...

Страница 6: ...C on your LAN The Twin WAN Gateway can also be configured remotely via the Internet Password Protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the Twin WAN Gateway s configuration data and settings HTTP Firmware Upgrade and backup The web management feature allows you to use HTTP to upgrade new firmware and backup system configuration fro...

Страница 7: ...d direct your network traffic to take advantage of your available bandwidth This function allows for specified packets with higher priority to pass through such as Internet phone video conference and other real time applications Universal Plug Play UPnP The UPnP feature dynamically opens and close ports required by certain software automatically Copyright 2005 WINS International LLC dba XiNCOM All...

Страница 8: ...nnection on WAN port ON Physical connection to the Broadband modem on WAN port established 10 100M OFF 10 BaseT connection or no connection on WAN port ON Physical connection using 100 BaseT on WAN port established LAN Link ACT OFF No physical connection ON Physical connection or data in out 10 100M OFF 10 BaseT connection on the corresponding LAN port or no connection ON Physical connection using...

Страница 9: ... ports Both 10BaseT and 100BaseT connections can be used simultaneously Note Any port will automatically operate as an Uplink port if required Use a standard RJ 45 Ethernet cable to connect to any port to another hub or switch Reset Button Press the Reset button once for a warm reboot To reset the Twin WAN Gateway to default settings press and hold the reset button for 30 seconds Default Settings ...

Страница 10: ...ateway 3 Configuring the Twin WAN Gateway for Internet Access 4 Configuring all PCs on your LAN to use the Twin WAN Gateway Requirements One or two Broadband modems T1 xDSL Cable and or Satellite with an active account from your ISP s Two standard 10 100BaseT network UTP cables with RJ 45 connectors TCP IP network protocol must be installed on all PCs CAT 5 Ethernet Cables Broadband Modems TCP IP ...

Страница 11: ...rovided with the product using a different one may cause hardware damage 3 Start your PC or restart your PC if it is already running Once restarted the PC will then obtain an IP address from the Twin WAN Gateway 4 Start your Web browser 5 In the Address or Location box enter HTTP 192 168 1 1 6 You will be prompted for the User Name and password as shown in Figure 1 Figure 1 Copyright 2005 WINS Int...

Страница 12: ...the following The Twin WAN Gateway is properly installed The Ethernet cable to the Twin WAN Gateway is properly attached The Twin WAN Gateway is powered ON 8 After the login you will then see the Admin Password screen as shown in Figure 2 Assign a password in both the Password and Verify Password fields and press the Submit button Figure 2 9 From the setup menu select Basic Setup and then LAN DHCP...

Страница 13: ... your LAN on startup The default and recommended value is Enable Windows systems by default act as DHCP clients This setting is called Obtain an IP address automatically If you are already using an existing DHCP Server on the network this setting must be Disabled and the primary DHCP Server must be set to provide the IP Address of the Twin WAN Gateway as the Default Gateway Client Lease Time A set...

Страница 14: ...rking devices to your network DHCP Client List This table shows the IP addresses which have been allocated by the DHCP Server function For each address which has been allocated the following information is shown Name The hostname of the PC In some cases this may note be available MAC Address The physical address network adapter address of the PC IP Address The IP address allocated to the PC Type I...

Страница 15: ...ously Use a standard CAT 5 Ethernet cable to connect any port on the Twin WAN Gateway to a standard port on another hub Any LAN port on the will automatically act as an Uplink port when required 4 Power Up Power on the Cable or DSL modem s and allow the device s to boot up Connect the supplied power adapter to the Twin WAN device 5 Check the LEDs of your Twin WAN Gateway The Power LED should be ON...

Страница 16: ...the following situations refer to Chapter 3 Advanced Setup for any further configuration which may be required such as Using both ports Multiple IP addresses on either port Multiple PPPoE sessions PPTP connection method 3 Setup of the Twin WAN Gateway is now complete PCs on your LAN must now be configured See the following section for details Figure 5 Copyright 2005 WINS International LLC dba XiNC...

Страница 17: ...P uses this method PPPoE software that is usually provided by your ISP is not required to be used when selecting this method If this method is selected you must complete the PPPoE dialup fields Address Info This is for Static IP users only Enter the address information provided by your ISP If your ISP provided multiple IP address you can use the Multi DMZ screen to assign the additional IP address...

Страница 18: ...s required by some ISPs If your ISP provided a Host Name enter it here Otherwise you can use the default value Domain Name This is required by some ISPs If your ISP provided a Domain Name enter it here Otherwise you can use the default value MAC Address Some ISP s record your MAC address also called Physical Address or Network Adapter Address Copyright 2005 WINS International LLC dba XiNCOM All ri...

Страница 19: ... address from the Twin WAN Gateway If using fixed IP addresses on your LAN or you wish to check your TCP IP settings refer to Appendix B Windows TCP IP Setup Internet Access To configure your PCs to use the Twin WAN Gateway for Internet access follow this procedure For Windows 9x 2000 1 Select Start Menu Settings Control Panel Internet Options 2 Select the Connection tab and click the Setup button...

Страница 20: ...tart the AOL for Windows communication software Ensure that it is Version 2 5 3 0 or later This procedure will not work with earlier versions 2 Click the Setup button 3 Select Create Location and change the location name from New Locality to Twin WAN Gateway 4 Click Edit Location Select TCP IP for the Network field Leave the Phone Number blank 5 Click Save then OK Configuration is now complete 6 B...

Страница 21: ...ur configuration Set your Default Gateway to the IP Address of the Twin WAN Gateway Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to your version of Linux and X Windows shell 1 Start your X Windows client 2 Select Control Panel Network 3 Select the Interface entry for your Network card Normally this will be called eth0 4...

Страница 22: ...r s load balancing features It allows you to determine the proportion of WAN traffic sent through each port This can only be used when using two broadband connections Advanced PPPoE optional This setup screen is required if you use multiple sessions on one or both WAN ports It can also be used to manually connect or disconnect a PPPoE session Advanced PPTP Use this setup screen as required when us...

Страница 23: ... O When enabled the Twin WAN Gateway monitors inbound and outbound traffic on both WAN ports and to verify there is connectivity If the connections are idle ICMP or HTTP health check methods will be utilized Alive Indicator This is the IP address used to check if the WAN connection is operational When using HTTP put in a valid IP address of a web server When this field is blank the IP address of y...

Страница 24: ...e number of times an Echo request will be sent if there is no response to the first request The default value is 3 times Transparent Bridge Option Bridge Mode When set to Enable this WAN port does not use NAT Load Balance function when LAN WAN IP have the real IP addresses on the same network segment Traffic Management Strict Binding When a WAN port connection becomes disconnected all traffic from...

Страница 25: ...a lot of small packets such as web browsing and Usenet This helps you maintain the best latency Sessions Established The Twin WAN Gateway tries to maintain an even number of sessions on each WAN port by looking at the current amount of sessions currently established This is a very general setting only to be used if you have similar types of connections Cable and Cable DSL and DSL to promote good I...

Страница 26: ...ed by Sessions IP Addresses Traffic is measured by IP Addresses Loading Share on WAN 1 Enter the percentage of traffic to be sent over WAN 1 The WAN port with the greater bandwidth should be given a higher percentage of traffic over the other WAN port Click the Update button to save your changes NAT Statistics This section displays the current traffic data of WAN 1 and WAN 2 You can use this infor...

Страница 27: ...the Restart Counters button to restart these counters when required Buttons Update Save the settings on this screen Refresh Update the data on screen Restart Counters Restart the counters used in the Interface Statistics section Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 26 ...

Страница 28: ... Account User Name Enter the PPPoE user name assigned by your ISP Password Enter the PPPoE password assigned by your ISP Verify Password Re enter the PPPoE password assigned by your ISP IP Address If you have a fixed IP address enter it here Otherwise this field should be left at 0 0 0 0 Host Name This field is used by a Host to uniquely associate an access concentrator to a particular Host reques...

Страница 29: ...in to the PPTP server Verify Password Re enter the PPTP password assigned by your ISP IP Address Enter the IP address of the PPTP Server This is provided by your ISP Static IP Address If provided input your fixed IP address in this field If your ISP does not assign you a static IP address leave this field to its default settings of 0 0 0 0 Action Use the Connect and Disconnect buttons to establish...

Страница 30: ... This requires that each PC be identified by using the Host IP Setup screen When you wish to have different Block URL settings for different PCs This requires that each PC be identified by using the Host IP Setup screen You do not have to use the Host IP feature to apply the same Block URL settings to all PCs When you wish to reserve a particular LAN IP address for a particular PC on your LAN This...

Страница 31: ...lect Enable to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this Obtain an IP address automatically while having an IP address which never changes Reserved IP If Reserve in DHCP is enabled enter the IP address you want to reserve Host Network Binding Bind WAN port Session Select Enable if you wish to associate this PC with a parti...

Страница 32: ... user Delete Click this to delete the selected entry Update Use this to update the selected entry after making the desired changes Reset This will reverse any changes you have made since loading the data from the Twin WAN Gateway Host Group List This table shows the current bindings Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 31 ...

Страница 33: ...to provide the Twin WAN Gateway s LAN IP address as the Default Gateway 3 Your DHCP Server must provide correct DNS addresses to the PCs Dynamic Routing Dynamic Routing Console RIP v2 RIP is a dynamic routing protocol which is used to direct traffic over the network Enabling this feature will automatically build static routes that define how the network traffic flows Select the appropriate port LA...

Страница 34: ...te LAN segment in this field For standard class C LANs the network address is the first 3 fields of the Destination IP Address The 4th last field can be left at 0 Netmask Input the Network Mask for the remote LAN segment in this field For class C networks the default mask is 255 255 255 0 Gateway Input the IP Address of the Gateway or Router which the Twin WAN Gateway must use to communicate with ...

Страница 35: ...al LAN must be forwarded to the Twin WAN Gateway so that they can be forwarded to the Internet This is done by configuring other Routers to use the Twin WAN Gateway as the Default Route or Default Gateway as illustrated by the example below Configuration settings for the LAN shown with 2 routers and 3 LAN segments the Twin WAN Gateway requires 2 entries as follows see following page Copyright 2005...

Страница 36: ...ress 192 168 3 0 Network Mask 255 255 255 0 Standard Class C Gateway IP Address 192 168 1 100 Interface LAN Metric 3 For Router A s Default Route Destination IP Address 0 0 0 0 Network Mask 0 0 0 0 Gateway IP Address 192 168 1 1 Metric 2 For Router A s Default Route Destination IP Address 0 0 0 0 Network Mask 0 0 0 0 Gateway IP Address 192 168 1 1 Interface LAN Metric 3 Copyright 2005 WINS Interna...

Страница 37: ...our LAN not on the Internet Attempts to connect to devices on your LAN are blocked by the firewall in the Twin WAN Gateway The Virtual Server feature solves these problems and allows Internet users to connect to your servers as illustrated in the following illustration Figure 11 In this illustration both Internet users are connecting to the same IP Address but using different protocols Copyright 2...

Страница 38: ... later in this chapter to allow users to connect to your Virtual Servers using a URL instead of an IP Address e g HTTP my_domain_name dyndns org FTP my_domain_name dyndns org Virtual Server Settings Enable Use this to Enable or Disable each Virtual server as required Server Type Select the desired Server type If the type of Server you wish to use is not listed use the Custom Virtual Server screen ...

Страница 39: ...ration Server Name Enter a suitable name for this server State Use this to Enable or Disable the server Server IP Enter the IP address of the PC on you LAN which is running the required Server software Each PC should have a fixed IP address or have a reserved IP address See the Host IP section earlier in this Chapter for details on reserving an IP address Each PC must be running the appropriate Se...

Страница 40: ...ers to be bound to WAN1 WAN2 or both ports together Buttons Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry Cancel Cancel any changes you have made since the last save operation Custom Virtual Server List This table shows details of all defined Custom Virtual Servers Copyright 2005 WINS International LLC dba XiN...

Страница 41: ...tions Settings Select Special Application Name This lists any special applications which are currently defined Enter your data in the Special Application Configuration section and click the Add button To edit an existing entry select it from this list and click the Select button The data for the selected application will then be displayed in the Special Application Configuration section Make any r...

Страница 42: ...ons Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry Cancel Cancel any changes you have made since the last save operation Special Application List This list shows details of all Special Applications which are currently defined Using a Special Application on you PC Once the Special Applications console is configu...

Страница 43: ...dress your IP address may change whenever you connect to your ISP In order to utilize this feature you must register for the Dynamic DNS service The Twin WAN Gateway supports three 3 types of service providers Standard client available at http www dyndns org Other sites may offer the same service but can not be guaranteed to work TZO at http www tzo com 3322 is available in China at http www 3322 ...

Страница 44: ...tings Dynamic DNS Service Use this to Enable Disable the Dynamic DNS feature and select the required service provider Disable Dynamic DNS is not used TZO Select this to use the TZO service www tzo com You must configure the TZO section of this screen Standard Client Select this to use the standard service from www dyndns org or other provider You must configure the Standard Client section of this ...

Страница 45: ...d given by the service provider Verity Password Re enter the password above Server Enter the name or IP address of the service provider s server Host Name Enter the domain name allocated to you by the service provider Additional Standard Client or 3322 Settings These options are available if using the standard client Enable Wildcard If selected traffic sent to sub domains of your Domain name will ...

Страница 46: ...ember this setting This name has no effect on the operation For Static IP Public IP Address Enter the WAN port Internet IP address you wish to associate to a PC This IP address must have been allocated to you by your ISP Private IP Address LAN Enter the IP address of the PC you wish to associate with this WAN port IP address This IP address should be fixed or reserved See the Host IP section for d...

Страница 47: ...can set the traffic direction to inbound outbound or both bi directional Universal Plug Play UPnP The UPnP function can easily setup and configure an entire network enable discovery and control network devices and services When UPnP is enabled an icon will show up on network neighborhood Microsoft Windows OS using the model name of your Twin WAN Gateway XC DPG502 XC DPG503 etc Every time you add a...

Страница 48: ...ds 2 addresses 1 for the LAN port and 1 for the WAN port NAT is disabled only when you wish to use the Twin WAN Gateway as a Static Router TCP Timeout Enter the desired value to use on both WAN ports The default is 300 UDP Timeout Enter the desired value to use on both WAN ports The default is 120 TCP Window Limit Enter the desired value to use on both WAN ports The default is 0 no limit TCP MSS L...

Страница 49: ...te Upgrade This feature permits you to use the supplied Windows program to remotely upgrade the Firmware When not enabled upgrades must be performed by a PC on the LAN Remote Web based Setup This feature permits the Twin WAN Gateway s Web based interface to be accessable via the Internet When not enabled access is only available to PCs on the LAN The default port value is 8080 Allowed IP Range Rem...

Страница 50: ...n WAN Gateway will respond to ICMP ping requests received from the WAN port When the Block Selected Packet Types is enabled the selected packet types are blocked DNS Loopback Some servers on a LAN and their domain names have already registered on a public DNS To avoid DNS loopback problem enter the following fields Domain Name Enter the domain name specified by you for local host server Private IP...

Страница 51: ...om Destination IP IP address of destination which packets are sent to Subnet Mask With subnet mask other than 255 255 255 255 you can make a IP sub network as your destination Protocol Select the protocol used by the traffic you wish to configure Port Range Enter the beginning and end of the port range used by the traffic you wish to configure If only a single port is used enter the port number in...

Страница 52: ... on this screen will block all Web sites hosted on that IP address Block URL Settings Access Group This option allows you to have different restriction rules for different groups groups are defined in Host IP All PCs users are defined under the Default Group Settings inputted under the Default Group will apply global restrictions to all users on the LAN To apply different restriction settings to a...

Страница 53: ...lter Console Access Filter Settings Setup Access Group Select an Access Group to fine tune access parameters for each defined group Different groups can have specific access rights to the network when using network based applications Use the Default Group to apply global restrictions to all users on your LAN Groups can be created in the Host IP console To apply different restrictions with separate...

Страница 54: ...ck The current group will not be able to use any services that are checked User Defined Ports to Block This section of the Access Filter console is optional Use this to define your own custom filters For each customized filter the following information is required Name Enter a name for this customized filter TCP UDP Packets Select either TCP or UDP depending on which protocol is used by the servic...

Страница 55: ...sions exceeds the maximum limit during the sampling time all new sessions created will be dropped by the gateway Default 65535 session sec Maximum of New Sessions for Host If the number of new sessions for the host exceed the maximum sampling time any new sessions of the host will be dropped Default session second Maximum of Dropped New Sessions for Host If the number of dropped new sessions for t...

Страница 56: ...irewall exception Interface You can select LAN WAN1 WAN2 or ALL interfaces to be process by the system protocol stack Protocol There are six protocols UDP TCP ICMP GRE ESP AH to choose from This allows packets to be directly processed by the system protocol stack Foreign Port Range Select foreign port number range directly process by system protocol stack Click the check box to enable Device Port ...

Страница 57: ...G603 are VPN capable Dual WAN Gateways with industry standard IPsec encryption It provides extremely secure LAN to LAN connectivity over the Internet with the use of two concurrent VPN tunnels that will load balance traffic requests while providing full redundancy with auto failover These VPN Gateway supports VPN by encryption encapsulation and authentication using the following methods DES 3DES A...

Страница 58: ...hese settings you will need to match the settings of the remote endpoint All XiNCOM VPN gateways ship with the same default Global Parameters If you are connecting to another XiNCOM VPN endpoint using the default values you do not have to make any changes to this page Once the VPN feature is enabled VPN Policies and Mesh Groups DPG603 only may be created To connect to another VPN gateway or to cre...

Страница 59: ... 2 This is the Global configuration for all policies created It is recommended for novice users to use the default configuration If these settings do not match the remote side Phase 1 will not connect Enable This field is used to enable the VPN function For standard VPN you may enable one of the WAN ports or both Both boxes must be enabled to utilize the advanced functions such as VPN Aggregation ...

Страница 60: ...riod Retry Counter This field indicates how many times the process will be restarted if the process of Phase 1 is unsuccessful Once the retry counter is expired an error message will be displayed in the VPN log Maxtime to complete phase 1 This field indicates the idle time after the negotiation process is ended and a new negotiation process begins Maxtime to complete phase 1 This field indicates t...

Страница 61: ...ngs major Error This log level will display messages that result in a failed operation such as tunnel unable to establish or failed packet transmissions The most likely cause of these messages is improper configuration of the tunnel in the Policy Setup major Warning This log level displays potential issues that may result in an Error or a Critical Error The most likely cause of messages tagged as ...

Страница 62: ...r VPN settings it is recommended that you set the log level to Information first to see the general area of where the tunnel is failing and then run the same test with Log Level set to Debug Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 61 ...

Страница 63: ...vailable in the Mesh Use the Policy Setup under the following conditions If you do not wish to utilize the VPN Aggregation or VPN Failover You will be connecting this device to different brand endpoint or a software client Figure 18 a IPSec Traffic Binding Console This section allows you to specify a name for a VPN tunnel and define its properties such as which WAN port should be used and what the...

Страница 64: ...e to bind this to either WAN 1 or WAN 2 because the destination gateway might reject the VPN tunnel PPPoE Session If you are using a multi session PPPoE connection you can select which session you want the VPN Gateway to connect If you are using a WAN IP Address Local Identity Type make sure that a proper session is selected or else your tunnel might not successfully connect Local Identity Type Th...

Страница 65: ...endpoints together it is recommended that you make the whole subnets available to access the VPN tunnel This is accomplished by setting the Remote and the Local Type to Subnet When you specify the IP address it must end in with a zero on the end as shown in the example above Traffic Selector Settings Service Protocol Type You can choose either TCP UDP ICMP GRE protocol as your connection protocol ...

Страница 66: ...ion makes the data unreadable if intercepted There are three encryption methods available DES 3DES and AES The default is null Null fastest method but it offers no security DES faster than 3DES but less secure 3DES most secure method but also lowest throughput AES more secure than either DES or 3DES The higher the bit rate the stronger the encryption but the trade off is lower throughput Authentic...

Страница 67: ...ified interface Manual Key by the nature of its design works with NAT it is more complex to set up since it requires for you to set outgoing and incoming SPI as well as Authentication and encryption Keys Both the local and the remote gateways must have the same keys in order to authenticate o Encryption Key This field specifies a key to encrypt and decrypt IP traffic o Authentication Key This fiel...

Страница 68: ...e channel Aggressive Mode is another way of accomplishing a phase one exchange It is faster and simpler than main mode but does not provide identity protection for the negotiating nodes Perfect Forward Secrecy PFS This is a more secure method of Virtual Private Networking If the one key is compromised the previous and future keys will not be compromised Preshared Key This is a pass code and must b...

Страница 69: ...y field NOTE This button will work only if the Remote Security Gateway is a valid IP address and the VPN client gateway allows incoming VPN tunnels Flush Tunnel This button resets the state of the VPN tunnel to IDLE in case the remote and the destination endpoints are in a different tunnel state Set Options This button takes to another configuration page where various tunnel attributes may be enab...

Страница 70: ...figured for the tunnel as well as the status of the VPN tunnel Use this to aid you in the configuration of the tunnel options Figure 18 e Dead Peer Detection Console Dead Peer Detection Feature is a countermeasure designed to prevent wasted bandwidth and CPU cycles in the event that the remote side VPN tunnel is terminated Instead of sending data and waiting for a response the link is actively mon...

Страница 71: ...mes This is the amount of times the XiNCOM VPN Gateway will attempt to send the packet before the Check After Idle time is expired Action These options instruct the router on what action to take if a dead tunnel is discovered It can ignore the dead tunnel disconnect the dead tunnel or attempt to keep it alive Logging This check box simply enables the Logging function for DPD Dead Peer Detection If...

Страница 72: ...ding of each packet ESP is a key protocol in the IPsec Internet Security architecture which is designed to provide a mix of security services in IPv4 and IPv6 Refer to the RFC 2406 documentation for more information Allow full ECN When enabled this option will allow full Explicit Congestion Notification ECN ECN is a standard proposed by the IETF that minimizes congestion on a network and preventin...

Страница 73: ...efined policies provides real time applications to get better response or performance Figure 19 QoS Console Quality of Service Settings QoS Features Enable QoS This enables the QoS function Queuing Method The Twin WAN Gateway supports the widely used Priority Queuing method This method immediately services user defined packets with a higher queue priority Copyright 2005 WINS International LLC dba ...

Страница 74: ... process the IP Type of Service field Overwrite Policy Priority Choosing Yes will set the priority of the TOS field in IP packet to overwrite the priority defined in policy configuration Policy Configuration When you use QoS you must define some policies to select which packets to give a higher priority to pass through Figure 20 Policy Configuration Console Copyright 2005 WINS International LLC db...

Страница 75: ...estination Address Define the destination address of packets here The Twin WAN Gateway supports two destination address types IP address or MAC address Selecting IP address permits you to define IP address range The gateway allows up to four define MAC addresses Protocol Type The field defines traffic packet type IP TCP and UDP Source Port Define the source port of the packets in this field Destin...

Страница 76: ...rator the ability to easily create and manage extra domain names This provides a web site with expanded bandwidth and redundancy via auto failover in case a single Internet connection fails Load Balancing by DNS The DNS Configuration is a major part of the XC DPG602 603 By acting as an authoritative name server it is able to serve the incoming requests on UDP port 53 DNS port and provide the IP ad...

Страница 77: ...e broadband connection is required for the Authoritative DNS function It is necessary to register your WAN1 WAN2 IP addresses with your Domain Name Provider for a static DNS NOTE Once you have configured the DNS configuration you may configure your connection validation and load balance options in the Advanced Port menu in Load Balancing and Port Options Copyright 2005 WINS International LLC dba X...

Страница 78: ...oad statistics Setup 2 A reply is sent to the web browser The Gateway directs the browser session to the WAN port with the least traffic Step 3 The web browser is then connected to the appointed IP address through that available WAN port When inbound requests to the XC DPG602 603 increases traffic is load balanced between WAN 1 and WAN 2 to maintain optimum bandwidth for your network Copyright 200...

Страница 79: ...lied to the request This holds the Gateway s user preferences and setting values including load share and load balance type 6 The Load Balancing Algorithm determines that WAN 2 has the least amount of traffic sessions and therefore instructs the DNS Module to use WAN 2 7 A reply from the Gateway is then sent back through WAN 1 to the source of the DNS request 8 The web browser receives the Gateway...

Страница 80: ... Server Configuration The XC DPG602 and 603 have 2 DNS servers built in one for each WAN port The device can support 1 SOA record 2 MX records and 10 A records per DNS server Before configuring any domain name through the XiNCOM gateway all domain names are required to be registered through a Domain Name Registrar or Reseller If you plan to use two or more domain names you must designated a host d...

Страница 81: ...rganization or reseller Example www xyz com Primary Name Server This parameter sets the primary name server for your domain Example NS1 yourdomain com Admin Mail Box This field sets the administrator s mail box for the DNS Serial Number This setting is used by the secondary name server The serial number determines if a zone transfer is required from the primary name server Copyright 2005 WINS Inte...

Страница 82: ...on limit for the name server to stop serving its associated zone in the event of recurring failed refresh intervals Default value is 24 hours Minimum TTL The minimum time to live TTL This field sets the minimum time of any record that is exported from this zone Default value is 3 minutes NS Record Primary Secondary Name Server This holds the settings for the domain This setting is usually obtained...

Страница 83: ...ence 1 2 This sets the route preference The lower number will have the higher priority Location This sets the location for either the public or private IP IP Address The user can set the IP address of the public or private mail server Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 82 ...

Страница 84: ...me URL in this field that you wish to map Select DNS Server This option lets you select which DNS server you want the entry to associate with Private IP Address This field indicates the local IP address of the content server that you wish to bind to the domain name All traffic requested from the domain name will be coming from the server Please make sure the servers firewall has all the proper por...

Страница 85: ...es for any WAN port if your ISP supports the use of using multiple static IP addresses This field is blank by default for the selected domain name in this field Canonical Name 1 2 The official name of the server used in CNAME records Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 84 ...

Страница 86: ...ord Re enter the password in the Verify Password field and then save it When you connect to the Twin WAN Gateway with your Browser you will be prompted for the password when you connect as shown below Figure 23 Administrator Login Enter admin for the User Name Enter the password for the Twin WAN Gateway as set on the Admin Password screen from Figure 22 Copyright 2005 WINS International LLC dba Xi...

Страница 87: ... an warning email when WAN port was disconnected Email Alert Configuration Email Sender Address Input an email address that sends a warning email to a recipient The warning email will inform the recipient if there is any problem on either or both WAN ports Email SMTP Server Address This sets the email server to where the warning email will be sent to For example mail domain com Email SMTP Server U...

Страница 88: ...dministrator email address For example admin mail domain com Excessive Ping Notification This feature is useful to prevent ICMP attacks from WAN or LAN It will drop the packets if the ping times are exceeding the threshold value A notification email will be sent to the administrator Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 87 ...

Страница 89: ...nsole SNMP Settings System Information Enable The name of the individual responsible for this device Device Name Enter a name for the Twin WAN Gateway Physical Location Indicate the location of the Twin WAN Gateway Community Set these field settings as required from your SNMP software Trap Targets Enter the IP address of any targets PCs running SNMP software to which you want traps to be sent All ...

Страница 90: ...teway to send system log messages to other PCs Keep Sent Messages By default sent syslog messages are deleted When Keep Sent Messages is enabled the Twin WAN Gateway will keep sent syslog messages Syslog Server IP Address Up to three 3 syslog servers can be used Enable You can enable or disable each server temporarily Port If your syslog server does not use the default port 514 you can assign a di...

Страница 91: ...oper gateway configuration Warning This log level displays potential issues that may result in an Error or a Critical Error The most likely cause of messages tagged as Warning is improper configuration in the Twin WAN Gateway You may also get Warning messages when you approach the hardware limit of this device Notice This log level displays more indepth issues than the Information log level but th...

Страница 92: ...those actions along with the proper procedure for upgrading your Twin WAN Gateway to the latest firmware release Updating the Firmware To update the firmware on your Twin WAN Gateway you must first download the firmware from the XiNCOM Support page www xincom com support You will need an unzipping utility such as WinZip www winzip com or WinRAR www rarlab com to extract the contents of the file In...

Страница 93: ...TFTP utility you can learn how to update using the HTTP utility in the Admin Control section To save your Twin WAN Gateway Configuration to a file 1 Open the TFTP utility by double clicking on the TFTP executable file tftp exe 2 Enter the Gateways IP address Default is 192 168 1 1 3 Enter a file name that you would like to save the file as Example config file bin 4 Press the Upload button and the ...

Страница 94: ...hat you would like to save the file as Example config file bin 4 Click the Download button It could take up to 1 to 3 minutes to upload the firmware The Gateway will reboot thereafter Example of uploading a firmware into the Twin WAN Gateway Note If you are currently using Firmware Release 23 or earlier you will first need to update to Version 27 Upon the successful upload of Version 27 you may th...

Страница 95: ... a previously saved configuration HTTP Upgrade Firmware The Upgrade Firmware Screen within the Twin WAN Gateway s setup console allows you to upgrade firmware or backup system configuration by using HTTP upgrade You can backup your system configuration by press save button of Save System Configuration It will save the system configuration for you Notice You have to refresh the browser after you sa...

Страница 96: ...e Renew Button This is only available when using a Dynamic IP address DHCP Clicking this will perform a Renew transaction with the ISP s DHCP server This will extend the period for which the current WAN IP address is allocated to you IP Address This displays the IP address of the Twin WAN Gateway when seen from the Internet This IP Address is allocated by the ISP Internet Service Provider Subnet M...

Страница 97: ...ateway NAT This displays the status of the NAT feature either Enable or Disable Load Balance This displays the status of the Load Balance feature either Enable or Disable Virtual Server This displays the status of the Virtual Server feature either Enabled or Disabled Special Applications This displays the status of the Special Applications feature either Enabled or Disabled DMZ This displays the s...

Страница 98: ...percentage of CPU Memory Usage This displays the current usage percentage of Memory Heap Queue Console Buttons Refresh This button will update the data on screen Restart Restart reboot the Twin WAN Gateway Restore Factory Defaults This will delete all existing settings and restore the factory default settings Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 97 ...

Страница 99: ...plays the current traffic loading between both WAN ports Current Loading This displays the number of Sessions Bytes and Packets currently being processed on each port Current Bandwidth The current Download and Upload speeds on each WAN port Check NAT Detail will display the NAT Status screen described below Interface Statistics This section displays cumulative statistics Use the Restart Counter bu...

Страница 100: ...AT Timeouts This displays the current timeout values for TCP and UDP connections TCP Prosperity This displays the MSS Maximum Segment Size and Maximum Windows size for TCP packets NAT Traffic This section displays statistics for both outgoing LAN to Internet and Incoming Internet to Local traffic NAT Connections This displays the current number of active connections For further details click the V...

Страница 101: ...lowing actions will occur ALL of your settings will be erased The default IP address password and ALL other settings will be restored to the factory default values The DCHP server function will be enabled These changes may yield your current connection to the Twin WAN Gateway to be invalid and you will have to re connect to the gateway using its default IP address 192 168 1 1 Copyright 2005 WINS I...

Страница 102: ...1 Status 1 Power External Power Adapter 5 V 1 5A DC FCC Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation CE Marking Warning This is a Class A product In a domestic environment ...

Страница 103: ...lly provide a suitable IP Address and related information to each PC when the PC boots For all non Server versions of Windows the default TCP IP setting is to act as a DHCP client If you wish to check your TCP IP settings the procedure is described in the following sections If your LAN has a Router the LAN Administrator must re configure the Router itself Refer to Chapter 3 Advanced LAN Setup for ...

Страница 104: ...and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Figure A Network Configuration Windows 2000 3 Select the TCP IP protocol for your network card Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 103 ...

Страница 105: ...e Twin WAN Gateway Using a fixed IP Address Specify an IP Address If your PC is already configured check with your network administrator before making the following changes Enter the IP address of the Twin WAN Gateway in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the Twin WAN Gateway If the DNS Server fields are empty select Use ...

Страница 106: ... Network Connection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following Figure C Network Configuration Windows XP 3 Select the TCP IP protocol for your network card Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 105 ...

Страница 107: ...eries User Guide v1 4 Click on the Properties button You should then see a screen like the following Figure D TCP IP Properties Windows XP Copyright 2005 WINS International LLC dba XiNCOM All rights reserved 106 ...

Страница 108: ...ress If your PC is already configured check with your network administrator before making the following changes Enter the IP address of the Twin WAN Gateway in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the Twin WAN Gateway If the DNS Server fields are empty select Use the following DNS server addresses Enter the DNS address or a...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды