Manuals / Billion Electric Company / Computer Equipment / Network Router

Billion Electric Company 7402 user manual IPSec Enable for enhancing your LT2P VPN security

Models: 7402

1 123

Download 123 pages 44.82 Kb

Page 87

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on. Click Apply after changing settings.

IPSec: Enable for enhancing your LT2P VPN security.

Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA-1) or NONE. SHA-1 is more resistant to brute-force attacks than MD5, however it is slower.

MD5: A one-way hashing algorithm that produces a 128−bit hash.

SHA-1:A one-way hashing algorithm that produces a 160−bit hash.

Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NONE. NONE means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase latency.

DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method.

AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method.

Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public- key cryptography to change encryption keys during the second phase of VPN negotiation. This function will provide better security, but extends the VPN negotiation time. Diffie- Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.

Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).

81

Chapter 4: Configuration

Image 87

Billion Electric Company 7402 user manual IPSec Enable for enhancing your LT2P VPN security

Contents

User’s Manual Version Release 1.54cWireless ADSL VPN Firewall Router with 3DES Accelerator BIPAC-7402 / 7402WPage Table of Contents CHAPTER 2 INSTALLING THE ROUTERCHAPTER 3 BASIC INSTALLATION CHAPTER 1 INTRODUCTIONQ UICK S TART Table of ContentsP ROBLEMS WITH THE LAN I NTERFACE S AVE C ONFIGURATION TO F LASHP ROBLEMS STARTING UP THE ROUTER P ROBLEMS WITH THE WAN I NTERFACEPage Quick Installation Wizard FeaturesWireless Ethernet 802.11b 7402W Only Fast Ethernet SwitchDomain Name System DNS relay Dynamic Host Configuration Protocol DHCP client and serverNetwork Address Translation NAT FirewallWeb based GUI Firmware UpgradeableStatic and RIP1/2 Routing Simple Network Management Protocol SNMPFigure 1.1 Application Diagram of BIPAC-7402 / 7402W ADSL Router Application7402 7402WChapter 2 Installing the Router Important note for using the BIPAC-7402W ADSL RouterPackage Contents ADSL LAN Port 1X The Front LEDsMeaning PPP / MAILPort Power Switch PWR RESET LAN 1Xpassword The Rear PortsCabling Connecting your router Chapter 3 Basic Installation4. Select Internet Protocol TCP/IP and click Properties. See Figure Configuring PCs in WindowsFor Windows XP 2. Double-click Local Area Connection. See Figure4. Select Internet Protocol TCP/IP and click Properties. See Figure For Windows2. Double-click Local Area “LAN” Connection. See Figure 3.7 TCP / IP Figure 3.8 IP Address & DNS ConfigurationFor Windows 98 / ME Then select the DNS Configuration tab. See FigureSelect the Disable DNS radio button and click OK to finish the configuration2. Select TCP/IP Protocol and click Properties. See For Windows NT4.0ISP setting in WAN site Factory Default SettingsUsername and Password LAN Device IP SettingsPPPoE PPPoA RFC1483 Bridged RFC1483 Routed IPoA Information from your ISPFigure 3.14 User namd & Password Prompt Widonw Configuring with your Web BrowserChapter 4 Configuration Save Config to FLASHQuick Start ARP Table StatusRouting Table Routing TableRIP Routing Table Permanent Table DHCP TableLeased Table Expired TablePPTP Status IPSec Status Email Status L2TP StatusEvent Log Error LoggingUPnP Portmap NAT SessionsQuick Start Click Start to begin scanning for encapsulation types offered by your ISP. If the scan is successful you will then be presented with a list of supported options LAN, WAN, System, Firewall, VPN, QoS, Virtual Server and Advanced ConfigurationLAN Local Area Network EthernetESSID Broadcast Wireless 7402W OnlyWPA Pre-Shared Key Wireless Security 7402W OnlyPage Port Setting DHCP Server Chapter 4 Configuration Click Apply to enable this functionWAN Wide Area Network RFC 1483 Routed Connections PPPoE Connections Connection Advanced Options PPPoEGive DNSto Relay Controls whether the PPP Internet Protocol Control Protocol IPCP can request the DNS server IP address for a remote PPP peer. Once IPCP has discovered the DNS server IP address, it automatically gives the address to the local DNS relay so that a connection can be established All Ip Pppoe RFC 1483 Bridged ConnectionsPPPoA Routed Connections Connection Advanced Options PPPoAChapter 4 Configuration IPoA Routed Connections Page ADSL Time Zone SystemRemote Access Firmware Upgrade Backup / Restore Restart Router User Management Firewall and Access Control URL Filter To block PCs on your local network from unwanted websites Chapter 4 ConfigurationGeneral Settings Chapter 4 Configuration Packet FilterPort Filters Table 1 Pre-defined Port FilterChapter 4 Configuration Address Filters Click Port Filters Configuring Packet FilterInput HTTP port number Select “Allow” Click Delete4. Click Add TCP Filter Click Add TCP FilterHTTP inbound & outbound application Block Duration Intrusion DetectionType of Block Duration Table 2 Hacker attack types recognized by the IDSIntrusion Name Detect Parameter BlacklistMAC Address Filter URL Filter Restrict URL Features Firewall Log Chapter 4 ConfigurationLog information can be seen in the Status - Event Log after enabling PPTP VPN Virtual Private NetworksRemote Access PPTP Connection Click Apply after changing settings LAN to LAN PPTP Connection Click Apply after changing settings IPSec Click Create to configure a new IPSec VPN connectionChapter 4 Configuration Proposal Configure a new VPN ConnectionLocal RemoteMD5 A one-way hashing algorithm that produces a 128−bit hash Advanced Option Local IDRemote ID Chapter 4 Configuration L2TPRemote Access L2TP Connection IPSec Enable for enhancing your LT2P VPN security LAN to LAN L2TP Connection IPSec Enable for enhancing your LT2P VPN security Dial-in Configuring PPTP VPN in the Office Example Configuring a Remote Access PPTP VPN Dial-in ConnectionDescription FunctionDial-out Configuring the PPTP VPN in the Office Example Configuring a Remote Access PPTP VPN Dial-out ConnectionDescription FunctionExample Configuring a LAN-to-LAN PPTP VPN Connection Configuring PPTP VPN in the Head Office FunctionDescription Configuring PPTP VPN in the Branch Office FunctionDescription Tunnel mode ESPMD5 with AES Example Configuring a IPSec LAN-to-LAN VPN ConnectionTable 3 Network Configuration and Security Plan 192.168.0.0/24 69.1.121.30 192.168.1.0/24 69.1.121.3 12345678IP address of the head office router in WAN side Configuring IPSec VPN in the Head OfficeFunction DescriptionIP address of the head office router in WAN side Configuring IPSec VPN in the Branch OfficeFunction DescriptionExample Configuring a Remote Access L2TP VPN Dial-in Connection Dial-inChapter 4 Configuration Configuring L2TP VPN in the Office FunctionDescription Example Configuring a Remote Access L2TP VPN Dial-out Connection Dial-outChapter 4 Configuration Configuring the L2TP VPN in the Office FunctionDescription Chapter 4 Configuration Example Configuring your Router to Dial-in to the ServerChapter 4 Configuration Example Configuring LAN-to-LAN L2TP VPN ConnectionConfiguring L2TP VPN in the Head Office FunctionDescription Configuring L2TP VPN in the Branch Office FunctionDescription QoS Quality of Service High PrioritizationIP Throttling Protocol Virtual Server “Port Forwarding”Table 4 Well-know and registered Ports Port NumberNEWS Network News Transfer Protocol In addition to specifying the port number to be used, you will also need to specify the protocol used. The protocol used is determined by the particular application. Most applications will use TCP or UDP, however you can specify other protocols using the drop-down Protocol menu. Setting the protocol to “all” will cause all incoming connection attempts using all protocols on all port numbers to be forwarded to the specified IP address Static Routing AdvancedDynamic DNS Check Emails Embedded Web Server Device ManagementUniversal Plug and Play UPnP SNMP V1 andSNMP From RFC 1493 Bridge MIB SNMP Version SNMPv2c and SNMPv3From RFC 1213 MIB-II From RFC1650 EtherLike-MIBFrom RFC1573 IfMIB From RFC 1472 PPP/Security MIBFrom RFC 1473 PPP/IP MIB From RFC 1474 PPP/Bridge MIBChapter 4 Configuration Save Configuration to FlashLogout Problem Chapter 5 TroubleshootingProblems starting up the router Problems with the WAN InterfaceFrequent loss of ADSL linesync disconnections Problems with the LAN InterfaceProblem Corrective ActionAPPENDIX A Product Support and Contact Information Contact Billion AUSTRALIAWORLDWIDE