Planet Technology ADE-4300A/B, ADW-4300A/B 129

Appendix C - VPNs

Remote VPN	Fixed IP Address	Fixed IP Address	Other endpoint's WAN
Endpoint	205.17.11.43	202.11.13.211	(Internet) IP address.

NetBIOS	Enable	Enable	Disable if not required.

Local LAN	192.168.0.0	192.168.1.0	Local Address subnet.
IP address	255.255.255.0	255.255.255.0	Use a more restrictive
Mask			definition if possible.
Remote LAN	192.168.1.0	192.168.0.0	Remote Address
IP address	255.255.255.0	255.255.255.0	subnet.
Mask			Use a more restrictive
			definition if possible.

IKE

Direction	Initiator & re-	Initiator & re-	Does not have to
	sponder	sponder	match. Either endpoint
			can block 1 direction.
Exchange mode	Main Mode	Main Mode	Must match

DH Group	Group 2 (1024 bit)	Group 2 (1024 bit)	Must match

Local Identity	IP address	IP address	IP address is the most
			common ID method
Remote Identity	WAN IP address	WAN IP address	IP address is the most
			common ID method
SA Parameters

Encryption	3DES	3DES	Must match.

Authentication	MD5	MD5	Must match

Pre-shared Key	xxxxxxxxx	xxxxxxxxxx	Must match;
			use any string.
SA Life time	28800	28800	Does not have to
			match. Shorter period
			will be used.

PFS	Disabled	Disabled	Must match

Note:

Some VPN Gateways or programs let you specify the following settings separately for IKE and IPSec. For this device, the same settings are used for both IKE and IPSec.

∙Authentication

∙Encryption

∙SA Lifetime

Also, IPSec allows for "AH Authentication", using MD5 or SHA-1. For this device, "AH Authentication" is always DISABLED.

123

Contents

Page Copyright Federal Communication Commission Interference Statement FCC Caution: Federal Communication Commission (FCC) Radiation Exposure Statement R&TTE Compliance Statement Safety Revision Model: ADE-4300A/B, ADW-4300A/B Rev: 1.0 (Jan. 2005) Page Page Management Connections Wireless Access (ADW-4300only) Wireless LAN Configuration Introduction ∙ADSL 2/2+ Modem ∙Shared Broadband Internet Access for all LAN users Wireless Access Point VPN Gateway IPoA, PPPoE, PPPoA, Direct Connection Support Auto-detection of Internet Connection Method Fixed or Dynamic IP Address Application Level Gateways (ALGs) Standards Compliant Supports both 802.11b and 802.11g Wireless Stations Speeds to 54Mbps WEP support WPA-PSK Protection against DoS attacks Page Front-mountedLEDs of ADE-4300 Figure 2-1:Front Panel of ADE-4300 Front-mountedLEDs of ADW-4300 PWR LED STATUS LED Rear Panel Figure 4-1:Rear Panel of ADE-4300 RESET Button (Reset to De- faults) POWER port 10/100BaseT LAN connections Installation 2. Connect LAN Cables 3. Connect ADSL Cable 4. Power Up 5. Check the LEDs Setup Your Browser must support JavaScript Preparation Using your Web Browser HTTP://192.168.0.1 If you can't connect ping Common Connection Types Type Details ISP Data required Figure 7: Home Screen Main Menu Log Out Restart Navigation & Data Input Figure 8: LAN Screen Data - LAN Screen TCP/IP Subnet Mask ∙ The Start IP Address and Finish IP Address fields set the DHCP server client Using the ADE-4300/ADW-4300'sDHCP Server LAN Using another DHCP Server Wireless Figure 9: Wireless Screen Data - Wireless Screen Identification Region Options Mode 802.11G-plus (TI) 802.11g & 802.11b Allow access by … All Wireless Stations ∙ Trusted Wireless stations only - Only wireless stations you Set Stations Disabled WEP WPA-PSK WEP Wireless Security Figure 10: WEP Passphrase WPA-PSKWireless Security Figure 11: WPA-PSK Data - WPA-PSKScreen System Figure 12: Trusted Wireless Stations Data - Trusted Wireless Stations Trusted Wireless Stations Other Wireless Edit Add (Update) Clear Figure 13: Password Screen Old Password New password Verify pass word Figure 15: Mode Screen Router Modem Notes: PC Configuration Checking TCP/IP Settings - Windows 9x/ME: Figure 16: Network Configuration Figure 17: IP Address (Win 95) Using DHCP Using this is recommended Figure 18: Gateway Tab (Win 95/98) Figure 19: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows NT4.0 Figure 20: Windows NT4.0 - TCP/IP Figure 21: Windows NT4.0 - IP Address Obtain an IP address from a DHCP Server Specify an IP Address Figure 22 - Windows NT4.0 - Add Gateway Figure 23: Windows NT4.0 - DNS Checking TCP/IP Settings - Windows 2000: Figure 24: Network Configuration (Win 2000) Figure 25: TCP/IP Properties (Win 2000) Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Figure 26: Network Configuration (Windows XP) Figure 27: TCP/IP Properties (Windows XP) Internet Access For Windows 9x/ME/2000 unchecked For Windows XP Accessing AOL Ensure you are logged in as "root" before attempting any changes Fixed IP Address To act as a DHCP Client (recommended) Infrastructure SSID (ESSID) Wireless Note! The SSID is case sensitive Wireless Figure 29 Wireless Networks (Windows XP) If Wireless Security is Disabled Figure 30 Insecure Wireless Network (Windows XP) To connect: If using WEP Data Encryption Figure 31: WEP (Windows XP) To connect: Disable Figure 32: Advanced - Wireless Networks Figure 33: Wireless Network Properties - WEP Configure this screen as follows: default key value default key index Figure 34: Preferred Networks If using WPA-PSKData Encryption Figure 35: Wireless Networks (Windows XP) Figure 36: Advanced - Wireless Networks Figure 37: Wireless Network Properties- WPA-PSK TKIP Figure 38: Preferred Networks If the SSID is not listed Figure 39: Wireless Networks (Windows XP) Figure 40: Unlisted Wireless Network Figure 41: Add Wireless Network Figure 42: Preferred Networks Operation and Status Figure 43: Status Screen Data - Status Screen Device Name Firmware Version ADSL Internet (VC1) Connection Method Connection Status Active Idle Attached Devices VPN Status Chapter 6 - Advanced Features Refresh Screen Figure 44: PPPoE Status Screen Data - PPPoE/PPPoA Screen Connection Time PPPoE Link Status Negotiation Figure 45: Connection Details - Fixed/Dynamic IP Address Data - Dynamic IP address Internet Default Gateway DNS Server Figure 464: Connection Details - Fixed/Dynamic IP Address Data - Fixed IP address Screen Advanced Features Figure 475: Access Control Screen Data - Access Control Screen Internet Access Access control Block all Internet access Figure 48: Trusted PCs Data - Trusted PCs Other PCs Save Figure 47: Internet Screen DMZ Special Applications Special Applications Figure 48: Special Applications Screen Data - Special Applications Screen Checkbox Incoming Ports Using a Special Application URL Filter Block By Schedule Block Always Allow Trusted PCs to Visit Blocked Sites Figure 49: URL Filter Screen Data - URL Filter Screen Current Filter Strings Current Filter Strings DDNS Services work as follows: Dynamic DNS Screen Figure 50: DDNS Screen Data - Dynamic DNS Screen DDNS Service DDNS Data Host Name User Name Password Domain Name Firewall Rules Block Allow Firewall Rules Screen Figure 51 Firewall Screen Log Outgoing Rules LAN Users WAN Servers Incoming Rules (Inbound Services) Figure 52: Inbound Services Screen Data - Incoming Rules Screen Inbound Services Service Always Never Match Not Match Outgoing Rules (Outbound Services) Single PC Figure 54: Add Services Screen Data - Firewall Services Services Existing Ser vices Add/Edit Service Services Figure 55 : Add/Edit Service Data - Add/Edit Service Start Port Options Figure 56: Options Screen Data - Options Screen Respond to Ping Figure 57: Schedule Screen Data - Schedule Screen Day Session Start Time Use this NTP Current Time Figure 58: Virtual Servers IP Address seen by Internet Users Virtual Servers Screen Figure 59: Virtual Servers Screen Data - Virtual Servers Screen Servers Properties PC (Server) Page Appendix C - About VPNs VPN Policies Manual Auto VPN Policies Screen VPN Advanced Figure 60: VPN Policies Screen Data - VPN Policies Screen VPN Auto Policy Screen VPN Policies Figure 61: VPN-AutoPolicy Screen Data - VPN-AutoPolicy Screen General Policy Name Remote VPN NetBIOS Enable IKE Direction Exchange Mode Diffie-Hellman (DH) Group IPSec PFS (Per- fect Forward Secrecy) VPN- Manual Policy Screen Figure 62: VPN-ManualPolicy Screen Data - VPN-ManualPolicy Screen NETBIOS Enable ESP Configuration SPI Page VPN Status Screen Figure 63: VPN-StatusScreen Data - VPN Status Screen Tunnel Table Remote Endpoint Figure 64: SNMP Screen Data - SNMP Screen SNMP Service Enable SNMP support Advanced Administration PC Database Screen PC Database Figure 65: PC Database Data - PC Database Screen Known PCs Refresh Generate Re port PC Database - Advanced Figure 66: PC Database (Admin) Data - Advanced PC Database PC Properties Automatic Automatic discovery MAC address is Add as New Entry Update Se Config File Figure 67: Config File Screen Data - Config File Screen Backup Config Restore Config E-mail Figure 68: Logging Screen Data - Logging Screen Logs Log Data Include (Check boxes) ∙ Attempted access to blocked sites - If checked ∙ Connections to the Web-basedinterface of this Router operation Figure 69: E-mailScreen Data - E-mailScreen E-MailNotification Turn E-mail Notification on E-mailAlerts Send E-mail alerts immedi ately E-mailLogs Network Diagnostics Figure 70: Network Diagnostics Screen Data - Network Diagnostics Screen Ping this Ping Button Figure 71: Remote Administration Screen Data - Remote Administration Screen Remote Administration Enable Remote Management To connect from a remote PC via the Internet HTTP://123.123.123.123:8080 Overview Routing Screen Using this Screen Static Routing Table Figure 72: Routing Screen Data - Routing Screen RIP RIP Direction RIP Version Destination IP Address Gateway IP Address Metric Other Routers on the Local LAN Static Routing - Example Entry 2 (Segment 2) For Router A's Default Route For Router B's Default Route Figure 74: Router Upgrade Screen To perform the Firmware Upgrade: Modem Mode Figure 75: Home Screen - Modem Mode (ADW-4300 only) Status Figure 76: Mode Screen Data - Mode Screen Device Bridge Mode Figure 77: Status Screen - Bridge Mode Data - Status Screen (Bridge Mode) Associated Devices Associated Devices Troubleshooting Problem 2: Solution 2: Problem 1: My PC can't locate the Wireless Access Point Problem 2: Wireless connection speed is very slow Page About Wireless LANs(ADW-4300only) B Key WEP Authentication WPA PSK (Pre-sharedKey) WEP: WPA-PSK: Ad-hoc networks About VPNs Policies Policies VPN Configuration VPN Endpoint address Local & Remote LAN definition IKE parameters VPN Pass-through Figure 78: VPN Pass-through Client PC to VPN Gateway Figure 79: Client PC to VPN Server Connecting 2 LANs via VPN Figure 80: Connecting 2 VPN Gateways Figure 81: Connecting 2 ADE-4300/ADW-4300s Note Configuration Settings - Gateway A Figure 82: Gateway A Configuration Configuration Settings - Gateway B Figure 83: Gateway B Configuration Settings Setting LAN A Gateway Page Specifications Page FCC Statement FCC Radiation Exposure Statement CE Approval CE Standards CE Marking Warning