Manuals / Epson / Computer Equipment / Network Router

Epson 3300 manual VPN and Remote Access Setup

Models: 3300

1 158

Download 158 pages 27.76 Kb

Page 97

3.6 VPN and Remote Access Setup

This page allows you to setup the configuration of VPN and Remote Access to create a virtual private network for security in the Internet.

A Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks like the Intranet. A VPN enables you to send data between two hosts across a shared or public network in a manner that emulates the properties of a point-to-point private link.

There are two types of VPN connections: remote dial-in access and LAN-to-LAN connection. The “Remote dial-In Access” facility allows a remote access node, a NAT router or a single computer to dial into a VPN router through the Internet to access the network resources of the remote network. The “LAN-to-LAN Access” facility connects two independent LANs for mutual sharing of network resources. For example, the head office network can access the branch office network, and vice versa.

The VPN technology implemented in the Vigor3300 Series of broadband security routers supports Internet-industry standards to provide customers with interoperable VPN solutions, such as X.509 and DHCP over Internet Protocol Security (IPSec). This VPN feature is only supported for Vigor 3300, Vigor3300V routers. IPSec is the security architecture for IP networks. IPSec provides security services at the IP layer by enabling a system to select required security protocols. It determines the algorithms to use for the services, and puts in place any cryptographic keys required to provide the requested services. IPSec can be used to protect one or more "paths" between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

The Vigor3300 Series supports ESP Tunnel mode with IKE for key management. Internet Key Exchange (IKE) Protocol, a key protocol in the IPSec architecture, is a hybrid protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated

Vigor3300 Series User’s Guide

93

Image 97

Epson 3300 manual VPN and Remote Access Setup

Contents

Vigor 3300 Series Declarations Copyright InformationTable of Contents Appendix a Application for 802.1 Vlan 137 Trouble Shooting 127Preface LED Indicators and Connectors for Vigor3300V LED Indicators and ConnectionFactory Reset Interface Description WAN LED Indicators and Connectors for Vigor3300WAN/DMZ WAN1 ~ WAN3 LED Indicators and Connectors for Vigor3300B+ Auxiliary Type Connected to Remarks Cables Color Connecter SpecificationHardware Installation RS232 Connector Detailed Explanation for the ConnectorStandard 10/100 Base-T Ethernet Interface Connector Chassis ConnectionsDesktop Type Installation Changing Password Configuring Basic SettingsVigor3300 Series User’s Guide Adjusting WAN Connection Mode Quick SetupPhysical Mode Static Mode Start IP StatusEnd IP Dhcp Mode PPPoE Default value is PAPUse for clients in LAN Primary DNS Type the IP address for primary DNSPrimary DNS Pptp IP Address Status System setupStatus, and WAN Status LAN Status Basic StatusRX Packets High Available StatusTX Packets WAN Status Time Syslog Server IP SyslogSyslog Server Port Access Control Push Backup Button File name is v3300.cfg Configuration SetupFirmware Upgrade from a Console Port Firmware Upgrade SetupTftp -i 192.168.1.1 PUT Vigor3300 image file name Vigor3300 Series User’s Guide Reboot Destination Diagnostic ToolsFlag s InterfaceTime Left Assigned IPVigor3300 Series User’s Guide WAN and Internet Access Setup Network SetupBackup Load BalanceDefault Route IP ModeWeight Backup-MasterStatic IP Setup Host Name ResetDomain Name Detect TypeRequest supported in the router Dhcp Client SetupService Name PPPoE with a DSL Modem SetupUser Name Detect IntervalPptp Local Address Pptp with a DSL Modem SetupPptp Subnet Mask Pptp Remote AddressFor LAN IP/DHCP 2 LANWAN Interface For Dhcp Relay AgentLAN Interface For IP RoutingProtocol Load Balance PolicyDest Port Start Dest Port EndDelete/Delete All High AvailabilitySource IP/Subnet Mask Dest IP/Subnet MaskVigor3300 Series User’s Guide High Availability Static DhcpGroup Number RoleAdvanced Setup Edit the Static Route Static Route SetupLAN , and WAN1~WAN4 Delete the Static RouteDestination IP Port Redirection NAT SetupComment Private Port Range Public Port RangeUse IP Alias IP AliasAddress Mapping DMZ Host Display the WAN interface chosen for this entry Configured in Network WAN interface Radius SetupCommon Ports List Alias addressesServer IP Address Enable/DisableDestination Port Shared SecretPort Block Ddns SetupIndex Port NumberInterface should be any WAN port on V3300 series Login Password Login NameBackup MX Server ProviderEdit Call Schedule Call Schedule SetupUp means to activate the Network Interface Delete Call ScheduleSelect some weekdays to apply Mirroring Port WAN Port Mirroring SetupMirrored Ports LAN Vlan Setup LAN Port Mirroring SetupP1 P4 For Port Base VlanVlan 0 Name For 802.1Q VlanMember Frame Tag Operation SnmpPort Valn ID Snmp Community Max AccessCommunity Host/maskVigor3300 Series User’s Guide Trap Server Snmp TrapsTrap Community Trap server portVigor3300 Series User’s Guide General Setup Firewall SetupIP Filter Group Table Delete Source Port Destination Mask End PortDirection FragmentsFurther match or Pass if no further match of Block or Pass 2 DoSEnable Icmp Flood Value is DisableDoS Defense DefenseURL Filter SurfControl, Restrict Web Feature and Filter Schedule URL Access ControlSurfControl Restrict Web Feature Filter Schedule Always Block Quality of Service SetupBlock only at Vigor3300 Series User’s Guide Disable/Enable Incoming/Outgoing Class SetupIncoming/Outgoing Class Filter Class NamePriority Service Type StatusClass DiffServ CodePoint Status PortBasic Only the DiffServ CodePoint Type field can be Advanced Only the DiffServ CodePoint field can beVPN and Remote Access Setup IPSec ConfigurationPolicy Table Delete AllProfile Status For Default ConfigurationSecurity Protocol For Advanced ConfigurationLocal Certificate Security GatewayVigor3300 Series User’s Guide Timeout DelayTrust CA LogDate/Time Generate User CertificateDownload ImportDomain Name Certificated by domain name Certification Name Name of the certification entry ID TypeIP Certificated by IP address Email Certificated by email address102 Status User Authentication Pptp AuthenticationPptp Encryption User Password Authentication192.168.1.224/28 GroupType username, password and choose proper group for this Protocol VoIP SetupFor SIP Configuration For Mgcp Configuration For Phone Number Port SettingsHotline Port 1 FXSFXO Codec VAD Enable or Disable VAD Voice ActivityFor Group Dtmf ModeCall Forwarding Call forwarding no answer after Range 1~10 ringsSpeed Dial Prefix Advanced Speed DialStrip Length AppendStarting Port MiscellaneousRedundancy Number Dialing CompletionTone Settings Caller ID Type Region7 QoS EnableLink Fragmentation InterleavingNAT Traversal Semi-auto, need to config NAT If you click this functionManually Input NAT IP AddressSet Incoming Call BarringDeny List Allow ListCall History Remote RTP Port Remote RTP AddressRTP Statistic Codec Type125 126 Checking If the Hardware Status Is OK or Not Trouble ShootingFor Windows 129 For MacOs For MacOs Terminal Pinging the Router from Your ComputerFor PPPoE Mode Checking If the ISP Settings Are OK or NotFor Static Mode For Dhcp Mode For Pptp Mode Backing to Factory Default Setting If NecessarySoftware Reset Contacting Your Dealer Hardware ResetBlock LAN-to-LAN Communication Appendix a Application for 802.1 VlanHow to Check/Edit Vlan ID on Your PC? 139 140 141 142 143 144 Applications ProcedureFour VLANs for Different Departments in a Company 146 Two VLANs for Different Departments in a Company 148 Example for the Companies in the Same Building 150 Example for a Company and Guest 152 Example for Trunk Usage 154