Manuals / Billion Electric Company / Computer Equipment / Network Card

Billion Electric Company 30 user manual DPD Setting DPD, Dead Peer Detection

Models: 30

1 209

Download 209 pages 59.73 Kb

Page 122

DPD Setting: DPD, Dead Peer Detection.

negotiation time. Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over the Internet.

Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).

IKE Life Time: Allows you to specify the timer interval for renegotiation of the IKE security association. The value is in seconds, eg. 28800 seconds = 8 hours.

Key Life Time: Allows you to specify the timer interval for renegotiation of another key. The value is in seconds eg. 3600 seconds = 1 hour.

Netbios Broadcast: Allows BiGuard to send local Netbios Broadcast packet through the IPSec Tunnel, please select Enable or Disable.

DPD Setting: DPD, Dead Peer Detection.

DPD Function: Select Enable or Disable DPD function.

Detection Interval: please input the interval time to send out DPD packet.

Idle Timeout: Please input the consecutive no response time to disconnect this tunnel.

Click the Apply button to save your changes.

After you have created the IPSec connection, the account information will be displayed.

Name: This is the user-defined name of the connection.

Enable: This function activates or deactivates the IPSec connection.

122

Image 122

Billion Electric Company 30 user manual DPD Setting DPD, Dead Peer Detection

Contents

iBusiness Security Gateway SMB User’s Manual Version Release 7.01 FW1.06pBiGuard Disclaimer Updated March 28 Copyright InformationBiGuard 30 User’s Manual TrademarksSafety Warnings Chapter 2 Router Applications Table of Contents Chapter 1 Introduction1.3 Package Contents 1.1 Overview 1.2 Product Highlights3.4 Configuring PCs for TCP/IP Networking Chapter 4 Router Configuration3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.5 Factory Default Settings4.4.2.1 ISP Settings 4.4 Configuration4.3 Quick Start 4.4.2.2 Bandwidth Settings 4.4.2.3 WAN IP Alias5.1 Basic Functionality Chapter 5 Troubleshooting4.5 Save Configuration To Flash 4.6 Logout 5.2 LAN Interface5.6 Restoring Factory Defaults Appendix A Product Specifications Appendix B Customer Support5.4 ISP Connection 5.5 Problems with Date and Time E.1 What is a VPN?E.2.1 IPSec Security Components E.2 What is IPSec?E.2.1.1 Authentication Header AH E.2.2 IPSec ModesH.7 VPN Configuration Appendix H Router Setup ExamplesWhat is Quality of Service? H.12 PPTP Remote Access by Windows XP1.2 Product Highlights Chapter 1 Introduction1.1 Overview 1.3 Package Contents BiGuard 30 iBusiness Security Gateway SMB1.3.2 Rear Panel Power StatusWAN1 WAN2 RESET WAN2 WAN1 LAN 1.3.4 Cabling Chapter 2 Router Applications 2.1 Overview2.2 Bandwidth Management with QoS 2.2.1 QoS Technology2.2.2 QoS Policies for Different Applications VoIP Normal PCs Restricted PClow network latencies to function properly. If bandwidth is being used by other applications such as an FTP server, users using VoIP will experience network lag and/or service interruptions during use. To avoid this scenario, this network has assigned VoIP with a guaranteed bandwidth and higher priority to ensure smooth communications. The FTP server, on the other hand, has been given a maximum bandwidth cap to make sure that regular service to both VoIP and normal Internet applications is uninterrupted policies for different PCs on the network. Policy based traffic shaping lets you better manage your bandwidth, providing reliable Internet and network service to your organization 2.2.6 Management by IP or MAC address 2.2.7 DiffServ DSCP Marking2.3.1 Outbound Fail Over 2.2.8 DSCP Matching2.3 Outbound Traffic 192.168.2.2 1st ConnectionISP 2nd connection 192.168.2.32.4 Inbound Traffic 2.4.1 Inbound Fail Over2.4.2 Inbound Load Balancing Before Fail OverAfter Fail Over HTTP Remote Access from Internet2.5 DNS Inbound ISP ISP 2.5.1 DNS Inbound Fail OverAfter Fail Over Before Fail OverDNS Request Heavy load on WANHeavy load on WAN DNS Reply2.6 Virtual Private Networking In the example above, the client is making a DNS request. The request is sent to the DNS server of BiGuard 30 through WAN2 1. WAN2 will route this request to the embedded DNS server of BiGuard 30 2. BiGuard 30 will analyze the bandwidth of both WAN1 and WAN2 and decide which WAN IP to reply to the request 3. After the decision is made, BiGuard 30 will route the DNS reply to the user through WAN2 4. The user will receive the DNS reply with the IP address of WAN1 5. The browser will initiate an HTTP request to the WAN1 IP address 6. The HTTP request will be send to BiGuard 30’s URL Host Map 7. The Host Map will then redirect the HTTP request to the HTTP server 8. The HTTP server will reply 9. The URL Host Map will route the packet through WAN1 to the user 10. Finally, the client will receive an HTTP reply packet2.6.1 General VPN Setup BiGuard Client2.6.2 VPN Planning - Fail Over Before Fail OverAfter Fail Over Before Fail Over BiGuardChapter 3 Getting Started 3.1 Overview3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview3.4.2.1 Configuring 1. Select Start Settings Network Connections 3.4.2 Windows XP3. Select Internet Protocol TCP/IP and click Properties 5. Click OK to finish the configuration 1. Click Start Programs Accessories Command Prompt 3.4.2.2 Verifying SettingsTo verify your settings using a command prompt 2. In the Command Prompt window, type ipconfig and then press ENTERAn IP address between 192.168.1.1 and A subnet mask of To verify your settings using the Windows XP GUI1. Click Start Settings Network Connections 3. Click the Support tab Have an IP address between 192.168.1.1 and Have a subnet mask of If you are using BiGuard 30’s default settings, your PC should3.4.3.1 Configuring 1. Select Start Settings Control Panel Page 4. In the Local Area Connection window, click Properties 5. Select Internet Protocol TCP/IP and click PropertiesPage 1. Click Start Programs Accessories Command Prompt 7. Click OK to finish the configuration3.4.3.2 Verifying Settings An IP address between 192.168.1.1 and A subnet mask of 2. In the Command Prompt window, type ipconfig and then press ENTERIf you are using BiGuard 30’s default settings, your PC should have 3.4.4.1 Installing Components 3.4.4 Windows 98 / MeYou must have the following installed a. Click Add b. Select Adapter, then Add If you need to install a new Ethernet adapter, follow these stepsAn Ethernet adapter TCP/IP protocol Client for Microsoft Networks If you need TCP/IP a. Click Add b. Select Protocol, then click Add c. Select Microsoft. Æ TCP/IP, then OK If you need Client for Microsoft Networks a. Click Add3. Restart your PC to apply your changes 3.4.4.2 Configuring 1. Select Start Settings Control Panelb. Select Client, then click Add Page Page 6. Click OK to apply the configuration 1. Select Start Run 2. Type winipcfg, and then click OK 3.4.4.3 Verifying SettingsTo check the TCP/IP configuration, use the winipcfg.exe utility 3. From the drop-down box, select your Ethernet adapterWeb Interface Username admin Password admin LAN Device IP Settings 3.5 Factory Default SettingsA default gateway of An IP address between 192.168.1.1 and A subnet mask ofLAN Port IP address Subnet Mask3.6 Information From Your ISP WAN PortDHCP Static IP PPPoE PPTP Big Pond 2. Double-click the Network icon 1. Select Start Settings Control Panel3.6.2.1 Windows 4. Select Internet Protocol TCP/IP and click Properties Page server address automatically radio button 7. Click OK to save your changes3.7 Web Configuration Interface BiGuard 30 includes a Web Configuration Interface for easy administration via virtually any browser on your network. To access this interface, open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click Go. A user name and password window prompt will appear. Enter your user name and password the default user name and password are admin and admin to access the Web Configuration Interface4.1 Overview Chapter 4 Router Configuration4.2 Status 4.2.1 ARP Table4.2.2 Routing Table Sessions 4.2.5 IPSec Status 4.2.6 PPTP Status 4.2.7 Traffic Statistics4.2.8 System Log 4.2.9 IPSec Log4.3 Quick Start 4.3.1 DHCP4.3.2 Static IP 4.3.3 PPPoE4.3.4 PPTP 4.3.5 Big Pond4.4 Configuration Address Mapping 4.4.1.1 Ethernet Subnet Mask Enter the subnet mask 255.255.255.0 by defaultRIP RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP 4.4.1.2 DHCP Server 4.4.1.3 LAN Address Mapping WAN IP AliasPlease click Create to create a LAN Address Mapping rule IP Alias 4.4.2.1 ISP Settings 4.4.2.1.1 DHCP 4.4.2.1.2 Static IP 4.4.2.1.3 PPPoE 4.4.2.1.4 PPTP Settings 4.4.2.1.5 Big Pond Settings 4.4.2.2 Bandwidth Settings 4.4.2.3 WAN IP Alias 4.4.3.1 General Settings 4.4.3 Dual WAN4.4.3.2 Outbound Load Balance 1. By session mechanism 2. By IP address hash mechanism Choose one by clicking the corresponding radio button4.4.3.3 Inbound Load Balance Refresh Interval The interval refreshes are done. Denoted in seconds Admin. Mail Box The administrator’s email account.e.gadmin@abc.comSerial Number It is the version number that keeps in the SOA record Retry Interval The interval retries are done. Denoted in secondsHost URL The URL to be mapped To add a host mapping URL to the list, click CreateDomain Name The domain name of the local host Private IP Address The IP address of the local host4.4.3.4 Protocol Binding Destination IP Range Interface Choose which WAN port to use WAN1, WAN2Source IP Range All Source IP Click it to specify all source IPs All Destination IP Click it to specify all source IPs4.4.4.1 Time Zone 4.4.4.2 Remote Access 4.4.4.3 Firmware Upgrade Allow Remote Access ByOnly the PC Please specify the IP Address that is allowed to access 4.4.4.4 Backup / Restore 4.4.4.6 Password 4.4.4.5 RestartClick Reset to reset to the default administration password admin 4.4.4.7 System Log Server4.4.4.8 E-mail Alert 4.4.5.1 Packet Filter When the entry is upper, the priority is higher 4.4.5.2 URL Filter Source IP Select Any, Subnet, IP Range or Single AddressDestination IP Select Any, Subnet, IP Range or Single Address URL Filtering You can choose to Enable or Disable this feature Domains Filtering Click the top checkbox to enable this feature. You can also choose to disable all web traffic except for trusted sites by clicking the bottom checkbox. To edit the list of filtered domains, click Details 4.4.5.3 LAN MAC Filter 4.4.5.4 Block WAN Request 4.4.5.5 Intrusion Detection 4.4.6.1.1 IPSec Wizard You can find two items under the VPN section IPSec and PPTP4.4.6.1 IPSec Connection Name A user-defined name for the connection Back Back to the Previous page Next Go to the next page Back Back to the Previous page Next Go to the next page Next Go to the next page Back Back to the Previous page Next Go to the next page Done Click Done to apply the ruleConfiguring a New VPN Connection 4.4.6.1.2 IPSec PolicyConnection Name A user-defined name for the connection interface if Auto is selected Any Local Address Will enable any local address on the network DPD Setting DPD, Dead Peer Detection 4.4.6.2 PPTP Peer Encryption Mode Only Stateless or Allow Stateless and StatefulClick Create to create a new PPTP VPN connection account 4.4.7 QoS WAN1 Outbound Creating a New QoS Rule Bandwidth Type For IP Address4.4.8 Virtual Server For MAC Address4.4.8.1 DMZ 4.4.8.2 Port Forwarding Table 4.4.9 Advanced 4.4.9.1 Static Route 4.4.9.2 Dynamic DNS Wildcard Select this check box to enable the DYNDNS Wildcard 4.4.9.3 Device Management Web Server SettingsSNMP Access Control Device Name4.4.9.4 IGMP SNMP V1 andSNMP 4.4.9.5 VLAN Bridge 4.5 Save Configuration To Flash 4.6 Logout5.1.1 Router Won’t Turn On Chapter 5 Troubleshooting5.1 Basic Functionality 5.1.2 LEDs Never Turn Off5.2 LAN Interface 5.1.4 Forgot My Password5.2.1 Can’t Access BiGuard 30 from the LAN 5.2.2 Can’t Ping Any PC on the LANCheck the corresponding LAN LEDs on your PC’s Ethernet device are on 4. Click OK under Internet Options to close the dialogue If you only want to allow pop-up windows with your BiGuard Disabling All Pop-upsEnabling Pop-up Blockers with Exceptions 5.2.3.1 Pop-up Windows4. Ensure that Scripting of Java applets is set to Enabled 5.2.3.3 Java Permissions4. Click OK to close the dialogue 5.4 ISP Connection5.3 WAN Interface If an IP address cannot be obtained If an IP address can be obtained, but your PC cannot load any web pages from the Internet 5.5 Problems with Date and Time5.6 Restoring Factory Defaults Virtual Private Network Appendix A Product SpecificationsAvailability and Resilience Network Protocols and Features Content FilteringQuality of Service Control FirewallPhysical Interface Physical SpecificationsPower Requirement Operating EnvironmentAppendix B Customer Support Contact BillionAppendix C FCC Interference Statement This device may not cause harmful interferenceD.1.1.1 Net mask Appendix D Network, Routing, and Firewall BasicsD.1 Network Basics 10.0.0.0 172.16.0.0 192.168.0.0 D.1.1.2 Subnet AddressingD.1.1.3 Private IP Addresses from these ranges Routers can vary in performance and scale, the types of physical WAN connection they support, and the number of routing protocols supported. BiGuard 30 offers a convenient and powerful way for small-to-medium businesses to connect their networks D.2 Router BasicsD.3.1.1 Stateful Packet Inspection D.3.1.2 Denial of Service DoS AttackD.3 Firewall Basics With a LAN connected to the Internet through a router, there is a chance for hackers to access or disrupt your network. A simple NAT router provides a basic level of protection by shielding your network from the outside Internet. Still, there are ways for more dedicated hackers to either obtain information about your network or disrupt your network’s Internet access. Your BiGuard 30 provides an extra level of protection from such attacks with its built-in firewall Appendix E Virtual Private Networking E.1 What is a VPN?E.2 What is IPSec? VPNs are traditionally used three waysE.2.1.1 Authentication Header AH There are three major functions of IPSecE.2.1.2 Encapsulating Security Payload ESP ESP divides its fields into three components…E.2.1.3 Security Associations SA SA is identified by 3 parametersTC Dat E.2.3 Tunnel Mode AHAH/E AH/EESP Authentication Quick Mode With PFS Main ModeAggressive Mode Quick Mode Without PFSencryption algorithm, hash algorithm, and authentication method F.1 IPSec Log Event CategoriesF.2 IPSec Log Event Table encryption algorithm, hash algorithm, and authentication methodSend Aggressive mode first Sending the third message of main mode. Done for authenticationReceived the third message of main mode. Done for authentication Received Aggressive mode firstRejected IKE Messages IKE Negotiated Status MessagesISAKMP SA Established IPsec SA Established Main/Aggressive mode peer ID is identifier stringReceived Delete SA payload Deleting ISAKMP State integer G.3 How Does QoS Work? G.2 What is Quality of Service?G.1 Overview Appendix G Bandwidth Management with QoSG.4 Who Needs QoS? G.4.1 Home UsersPriority ApplicationData Ratio % ApplicationH.1 Outbound Fail Over Appendix H Router Setup ExamplesPage H.2 Outbound Load Balancing Step 2 Configure your WAN2 ISP settings and click Apply Step 6 Click Save Config to save all changes to flash memory H.3 Inbound Fail Over General Settings. Select the Fail Over radio buttonStep 2 Configure Fail Over options if necessary Step 4 From the same menu, set the WAN2 DDNS settings Step 5 Click Save Config to save all changes to flash memoryAfter Fail Over H.4 DNS Inbound Fail OverBefore Fail Over 1st connectionEnable radio button and configure DNS Server 1 by clicking Edit Step 3 Input DNS Server 1 settings and click ApplyHeavy load on WAN H.5 DNS Inbound Load BalancingHeavy load on WAN DNS RequestStep 3 Go to Configuration Dual WAN Inbound Load Balance Host URL Balance radio buttonStep 5 Click Save Config to save all changes to flash memory Mapping and configure your FTP mappingStep 4 Next configure your HTTP mapping inbound and outbound bandwidth H.6 Dynamic DNS Inbound Load BalancingRemote Access from Internet HTTPStep 2 Go to Configuration Dual WAN General Settings and enable Load Balance mode. You may then decide whether to enable Service Detection or not WAN1 Page H.7 VPN Configuration H.7.1 LAN to LANLocal Branch OfficeHead Office RemoteHead Office H.7.2 Host to LANSingle client After Fail Over H.8 IP Sec Fail Over Gateway to GatewayBefore Fail Over ProposalPage Page Branch A H.9 VPN ConcentratorBiGuard BiGuardand configure the and configure the Balancing radio button H.10 Protocol BindingStep 5 Click Save Config to save all changes to flash memory Step 2 Go to Configuration Dual WAN Protocol Binding and configure settings for WAN1 Internet H.11 Intrusion DetectionH.12 PPTP Remote Access by Windows XP InternetStep3 Click Apply, you can see the account is successfully created ApplyStep2 Click Create to create a PPTP Account Step4 Click Save Config to save all changes to flash memory Step5 In Windows XP, go Start Settings Network ConnectionsStep6 In Network Tasks, Click Create a new connection, and press Next Step7 Select Connect to the network at my workplace and press NextStep8 Select Virtual Private Network connection and press Next Step9 Input the user-defined name for this connection and press NextStep10 Input PPTP Server Address and press Next Step11 Please press FinishStep12 Double click the connection, and input Username and Password that defined in BiGuard PPTP Account Settings Internet H.13 PPTP Remote Access by BiGuardInternet Branch OfficeStep3 Click Apply, you can see the account is successfully created Step4 Click Save Config to save all changes to flash memoryStep2 Click Create to create a PPTP Account Step6 Click Apply, and Save CONFIG