Manuals / Brands / Computer Equipment / Network Router / Planet Technology / Computer Equipment / Network Router

Planet Technology ADE-4300A/B, ADW-4300A/B Policies, Policies, IKE parameters, IPsec parameters, VPN Configuration, VPN Endpoint address, Local & Remote LAN definition

1 132

Download 132 pages, 2.16 Mb

ADE-4300/ADW-4300 User Guide

Because the IKE and IPsec connections are separate, they have different SAs (secu- rity associations).

Policies

VPN configuration settings are stored in Policies.

Note that different vendors use different terms. Generally, the terms "VPN Policy", "IPSec Policy", and "IPSec Proposal" have the same meaning. However, some vendors separate IKE Policies (Phase 1 parameters) from IPSec Policies (Phase 2 parameters).

For the ADE-4300/ADW-4300; each VPN policy contains both Phase 1 and Phase 2 parameters (if IKE is used). Each policy defines:

∙The address of the remote VPN endpoint

∙The traffic which is allowed to use the VPN connection.

∙The parameters (settings) for the IPsec SA (Security Association)

∙If IKE is used, the parameters (settings) for the IKE SA (Security Association)

Generally, you will need at least one (1) VPN Policy for each remote site for which you wish to establish VPN connections.

It is possible, and sometimes necessary, to have multiple Policies for the same remote site. However, you should only Enable one (1) policy at a time.

VPN Configuration

The general rule is that each endpoint must have matching Policies, as follows:

VPN Endpoint addressLocal & Remote LAN definitionIKE parameters IPsec parameters

Each VPN endpoint must be configured to initiate or accept connections to the remote VPN client or Gateway.

Usually, this requires having a fixed Internet IP address. How- ever, it is possible for a VPN Gateway to accept incoming connections from a remote client where the client's IP address is not known in advance.

This determines which outgoing traffic will cause a VPN connection to be established, and which incoming traffic will be accepted. Each endpoint must be configured to pass and accept the desired traffic from the remote endpoint.

If connecting 2 LANs, this requires that:

∙Each endpoint must be aware of the IP addresses used on the other endpoint.

∙The 2 LANs MUST use different IP address ranges.

If using IKE (recommended), the IKE parameters must match (except for the SA lifetime, which can be different).

The IPsec parameters at each endpoint must match.

118

Contents

Page Copyright Federal Communication Commission Interference Statement FCC Caution: Federal Communication Commission (FCC) Radiation Exposure Statement R&TTE Compliance Statement Safety Revision Model: ADE-4300A/B, ADW-4300A/B Rev: 1.0 (Jan. 2005) Page Page Management Connections Wireless Access (ADW-4300only) Wireless LAN Configuration Introduction ∙ADSL 2/2+ Modem ∙Shared Broadband Internet Access for all LAN users Wireless Access Point VPN Gateway IPoA, PPPoE, PPPoA, Direct Connection Support Auto-detection of Internet Connection Method Fixed or Dynamic IP Address Application Level Gateways (ALGs) Standards Compliant Supports both 802.11b and 802.11g Wireless Stations Speeds to 54Mbps WEP support WPA-PSK Protection against DoS attacks Page Front-mountedLEDs of ADE-4300 Figure 2-1:Front Panel of ADE-4300 Front-mountedLEDs of ADW-4300 PWR LED STATUS LED Rear Panel Figure 4-1:Rear Panel of ADE-4300 RESET Button (Reset to De- faults) POWER port 10/100BaseT LAN connections Installation 2. Connect LAN Cables 3. Connect ADSL Cable 4. Power Up 5. Check the LEDs Setup Your Browser must support JavaScript Preparation Using your Web Browser HTTP://192.168.0.1 If you can't connect ping Common Connection Types Type Details ISP Data required Figure 7: Home Screen Main Menu Log Out Restart Navigation & Data Input Figure 8: LAN Screen Data - LAN Screen TCP/IP Subnet Mask ∙ The Start IP Address and Finish IP Address fields set the DHCP server client Using the ADE-4300/ADW-4300'sDHCP Server LAN Using another DHCP Server Wireless Figure 9: Wireless Screen Data - Wireless Screen Identification Region Options Mode 802.11G-plus (TI) 802.11g & 802.11b Allow access by … All Wireless Stations ∙ Trusted Wireless stations only - Only wireless stations you Set Stations Disabled WEP WPA-PSK WEP Wireless Security Figure 10: WEP Passphrase WPA-PSKWireless Security Figure 11: WPA-PSK Data - WPA-PSKScreen System Figure 12: Trusted Wireless Stations Data - Trusted Wireless Stations Trusted Wireless Stations Other Wireless Edit Add (Update) Clear Figure 13: Password Screen Old Password New password Verify pass word Figure 15: Mode Screen Router Modem Notes: PC Configuration Checking TCP/IP Settings - Windows 9x/ME: Figure 16: Network Configuration Figure 17: IP Address (Win 95) Using DHCP Using this is recommended Figure 18: Gateway Tab (Win 95/98) Figure 19: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows NT4.0 Figure 20: Windows NT4.0 - TCP/IP Figure 21: Windows NT4.0 - IP Address Obtain an IP address from a DHCP Server Specify an IP Address Figure 22 - Windows NT4.0 - Add Gateway Figure 23: Windows NT4.0 - DNS Checking TCP/IP Settings - Windows 2000: Figure 24: Network Configuration (Win 2000) Figure 25: TCP/IP Properties (Win 2000) Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Figure 26: Network Configuration (Windows XP) Figure 27: TCP/IP Properties (Windows XP) Internet Access For Windows 9x/ME/2000 unchecked For Windows XP Accessing AOL Ensure you are logged in as "root" before attempting any changes Fixed IP Address To act as a DHCP Client (recommended) Infrastructure SSID (ESSID) Wireless Note! The SSID is case sensitive Wireless Figure 29 Wireless Networks (Windows XP) If Wireless Security is Disabled Figure 30 Insecure Wireless Network (Windows XP) To connect: If using WEP Data Encryption Figure 31: WEP (Windows XP) To connect: Disable Figure 32: Advanced - Wireless Networks Figure 33: Wireless Network Properties - WEP Configure this screen as follows: default key value default key index Figure 34: Preferred Networks If using WPA-PSKData Encryption Figure 35: Wireless Networks (Windows XP) Figure 36: Advanced - Wireless Networks Figure 37: Wireless Network Properties- WPA-PSK TKIP Figure 38: Preferred Networks If the SSID is not listed Figure 39: Wireless Networks (Windows XP) Figure 40: Unlisted Wireless Network Figure 41: Add Wireless Network Figure 42: Preferred Networks Operation and Status Figure 43: Status Screen Data - Status Screen Device Name Firmware Version ADSL Internet (VC1) Connection Method Connection Status Active Idle Attached Devices VPN Status Chapter 6 - Advanced Features Refresh Screen Figure 44: PPPoE Status Screen Data - PPPoE/PPPoA Screen Connection Time PPPoE Link Status Negotiation Figure 45: Connection Details - Fixed/Dynamic IP Address Data - Dynamic IP address Internet Default Gateway DNS Server Figure 464: Connection Details - Fixed/Dynamic IP Address Data - Fixed IP address Screen Advanced Features Figure 475: Access Control Screen Data - Access Control Screen Internet Access Access control Block all Internet access Figure 48: Trusted PCs Data - Trusted PCs Other PCs Save Figure 47: Internet Screen DMZ Special Applications Special Applications Figure 48: Special Applications Screen Data - Special Applications Screen Checkbox Incoming Ports Using a Special Application URL Filter Block By Schedule Block Always Allow Trusted PCs to Visit Blocked Sites Figure 49: URL Filter Screen Data - URL Filter Screen Current Filter Strings Current Filter Strings DDNS Services work as follows: Dynamic DNS Screen Figure 50: DDNS Screen Data - Dynamic DNS Screen DDNS Service DDNS Data Host Name User Name Password Domain Name Firewall Rules Block Allow Firewall Rules Screen Figure 51 Firewall Screen Log Outgoing Rules LAN Users WAN Servers Incoming Rules (Inbound Services) Figure 52: Inbound Services Screen Data - Incoming Rules Screen Inbound Services Service Always Never Match Not Match Outgoing Rules (Outbound Services) Single PC Figure 54: Add Services Screen Data - Firewall Services Services Existing Ser vices Add/Edit Service Services Figure 55 : Add/Edit Service Data - Add/Edit Service Start Port Options Figure 56: Options Screen Data - Options Screen Respond to Ping Figure 57: Schedule Screen Data - Schedule Screen Day Session Start Time Use this NTP Current Time Figure 58: Virtual Servers IP Address seen by Internet Users Virtual Servers Screen Figure 59: Virtual Servers Screen Data - Virtual Servers Screen Servers Properties PC (Server) Page Appendix C - About VPNs VPN Policies Manual Auto VPN Policies Screen VPN Advanced Figure 60: VPN Policies Screen Data - VPN Policies Screen VPN Auto Policy Screen VPN Policies Figure 61: VPN-AutoPolicy Screen Data - VPN-AutoPolicy Screen General Policy Name Remote VPN NetBIOS Enable IKE Direction Exchange Mode Diffie-Hellman (DH) Group IPSec PFS (Per- fect Forward Secrecy) VPN- Manual Policy Screen Figure 62: VPN-ManualPolicy Screen Data - VPN-ManualPolicy Screen NETBIOS Enable ESP Configuration SPI Page VPN Status Screen Figure 63: VPN-StatusScreen Data - VPN Status Screen Tunnel Table Remote Endpoint Figure 64: SNMP Screen Data - SNMP Screen SNMP Service Enable SNMP support Advanced Administration PC Database Screen PC Database Figure 65: PC Database Data - PC Database Screen Known PCs Refresh Generate Re port PC Database - Advanced Figure 66: PC Database (Admin) Data - Advanced PC Database PC Properties Automatic Automatic discovery MAC address is Add as New Entry Update Se Config File Figure 67: Config File Screen Data - Config File Screen Backup Config Restore Config E-mail Figure 68: Logging Screen Data - Logging Screen Logs Log Data Include (Check boxes) ∙ Attempted access to blocked sites - If checked ∙ Connections to the Web-basedinterface of this Router operation Figure 69: E-mailScreen Data - E-mailScreen E-MailNotification Turn E-mail Notification on E-mailAlerts Send E-mail alerts immedi ately E-mailLogs Network Diagnostics Figure 70: Network Diagnostics Screen Data - Network Diagnostics Screen Ping this Ping Button Figure 71: Remote Administration Screen Data - Remote Administration Screen Remote Administration Enable Remote Management To connect from a remote PC via the Internet HTTP://123.123.123.123:8080 Overview Routing Screen Using this Screen Static Routing Table Figure 72: Routing Screen Data - Routing Screen RIP RIP Direction RIP Version Destination IP Address Gateway IP Address Metric Other Routers on the Local LAN Static Routing - Example Entry 2 (Segment 2) For Router A's Default Route For Router B's Default Route Figure 74: Router Upgrade Screen To perform the Firmware Upgrade: Modem Mode Figure 75: Home Screen - Modem Mode (ADW-4300 only) Status Figure 76: Mode Screen Data - Mode Screen Device Bridge Mode Figure 77: Status Screen - Bridge Mode Data - Status Screen (Bridge Mode) Associated Devices Associated Devices Troubleshooting Problem 2: Solution 2: Problem 1: My PC can't locate the Wireless Access Point Problem 2: Wireless connection speed is very slow Page About Wireless LANs(ADW-4300only) B Key WEP Authentication WPA PSK (Pre-sharedKey) WEP: WPA-PSK: Ad-hoc networks About VPNs Policies Policies VPN Configuration VPN Endpoint address Local & Remote LAN definition IKE parameters VPN Pass-through Figure 78: VPN Pass-through Client PC to VPN Gateway Figure 79: Client PC to VPN Server Connecting 2 LANs via VPN Figure 80: Connecting 2 VPN Gateways Figure 81: Connecting 2 ADE-4300/ADW-4300s Note Configuration Settings - Gateway A Figure 82: Gateway A Configuration Configuration Settings - Gateway B Figure 83: Gateway B Configuration Settings Setting LAN A Gateway Page Specifications Page FCC Statement FCC Radiation Exposure Statement CE Approval CE Standards CE Marking Warning