Manuals / Brands / Computer Equipment / Network Router / Planet Technology / Computer Equipment / Network Router

Planet Technology ADW-4302A v2, ADW-4302B v2 Policies, VPN Configuration, ters, address, Policies, VPN Endpoint, IPSec parame, Local & Remote, LAN definition, IKE parameters

1 142

Download 142 pages, 3.04 Mb

ADW-4302v2 User Guide

Because the IKE and IPSec connections are separate, they have different SAs (secu- rity associations).

Policies

VPN configuration settings are stored in Policies.

Note that different vendors use different terms. Generally, the terms "VPN Policy", "IPSec Policy", and "IPSec Proposal" have the same meaning. However, some vendors separate IKE Policies (Phase 1 parameters) from IPSec Policies (Phase 2 parameters).

For the ADW-4302v2; each VPN policy contains both Phase 1 and Phase 2 parameters (if IKE is used). Each policy defines:

•The address of the remote VPN endpoint

•The traffic which is allowed to use the VPN connection.

•The parameters (settings) for the IPSec SA (Security Association)

•If IKE is used, the parameters (settings) for the IKE SA (Security Association)

Generally, you will need at least one (1) VPN Policy for each remote site for which you wish to establish VPN connections.

It is possible, and sometimes necessary, to have multiple Policies for the same remote site. However, you should only Enable one (1) policy at a time.

VPN Configuration

The general rule is that each endpoint must have matching Policies, as follows:

VPN Endpoint	Each VPN endpoint must be configured to initiate or accept
address	connections to the remote VPN client or Gateway.
	Usually, this requires having a fixed Internet IP address. How-
	ever, it is possible for a VPN Gateway to accept incoming
	connections from a remote client where the client's IP address
	is not known in advance.
Local & Remote	This determines which outgoing traffic will cause a VPN connec-
LAN definition	tion to be established, and which incoming traffic will be
	accepted. Each endpoint must be configured to pass and ac-
	cept the desired traffic from the remote endpoint.

If connecting 2 LANs, this requires that:

•Each endpoint must be aware of the IP addresses used on the other endpoint.

•The 2 LANs MUST use different IP address ranges.

IKE parameters If using IKE (recommended), the IKE parameters must match (except for the SA lifetime, which can be different).

IPSec parame- The IPSec parameters at each endpoint must match. ters

128

Contents

Page Copyright Federal Communication Commission Interference Statement FCC Caution: Federal Communication Commission (FCC) Radiation Exposure Statement R&TTE Compliance Statement WEEE Safety Revision Page Page Wireless Access Common VPN Situations ADSL 2/2+ VPN Firewall Router Regulatory Approvals Introduction Internet Access Features Advanced Internet Functions Wireless Features LAN Features Configuration & Management Security Features Front-mountedLEDs of ADW-4302v2 Rear Panel Installation 3. Connect ADSL Cable 4. Power Up 5. Check the LEDs Setup Page Preparation If you can't connect Setup Wizard Common Connection Types Home Screen Figure 5: Home Screen Main Menu Log Out Restart DHCP DHCP server client Using the ADW-4302v2'sDHCP Server LAN Using another DHCP Server Wireless Screen Wireless Figure 7: Wireless Screen Data - Wireless Screen Identification SSID Options Mode 802.11G-plus (TI) Allow access by … All Wireless Stations • Trusted Wireless stations only - Only wireless stations Set Stations WEP Wireless Security WPA-PSKWireless Security Trusted Wireless Stations Figure 10: Trusted Wireless Stations Data - Trusted Wireless Stations Trusted Wireless Stations Edit Add (Update) Clear Password Screen Figure 11: Password Screen Old Password New password Verify pass Figure 13: Mode Screen Router Modem Notes: PC Configuration TCP/IP Settings - Overview Checking TCP/IP Settings - Windows 9x/ME: Figure 16: Gateway Tab (Win 95/98) Figure 17: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows NT4.0 Figure 19: Windows NT4.0 - IP Address Obtain an IP address from a DHCP Server Specify an IP Address Figure 20 - Windows NT4.0 - Add Gateway Figure 21: Windows NT4.0 - DNS Checking TCP/IP Settings - Windows 2000: Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Figure 25: TCP/IP Properties (Windows XP) Internet Access Macintosh Clients Linux Clients Ensure you are logged in as "root" before attempting any changes Fixed IP Address To act as a DHCP Client (recommended) Wireless Station Configuration Infrastructure SSID (ESSID) Wireless Note! The SSID is case sensitive If Wireless Security is Disabled If using WEP Data Encryption Figure 30: Advanced - Wireless Networks Figure 31: Wireless Network Properties - WEP Configure this screen as follows: default key value default key index Figure 32: Preferred Networks If using WPA-PSKData Encryption Figure 35: Wireless Network Properties- WPA-PSK TKIP If the SSID is not listed Figure 38: Unlisted Wireless Network Figure 39: Add Wireless Network Figure 40: Preferred Networks Operation and Status Figure 41: Status Screen Data - Status Screen Modem Status DownStream Connection Speed VC 1 Status VC 2 Status VC 3 Status VC 4 Status Internet (VC1) Firmware Version ADSL Details Connection Details Attached Devices Refresh Screen Connection Status - PPPoE & PPPoA Figure 42: PPPoE Status Screen Data - PPPoE/PPPoA Screen Connection Time PPPoE Link Status Connection Details - Dynamic IP Address Figure 43: Connection Details - Fixed/Dynamic IP Address Data - Dynamic IP address Default Gateway DNS Server Page Connection Details - Fixed IP Address Figure 44: Connection Details - Fixed/Dynamic IP Address Data - Fixed IP address Screen Advanced Features Access Control Screen Trusted PCs Figure 46: Trusted PCs Data - Trusted PCs Other PCs Save Internet DMZ Special Applications Figure 50: Special Applications Screen Data - Special Applications Screen Checkbox Incoming Ports URL Filter Figure 51: URL Filter Screen Data - URL Filter Screen Current Filter Strings Current Filter Strings Dynamic DNS Screen DDNS Data Host Name User Name Password Domain Name Firewall Rules Screen WAN Users Log Outgoing Rules LAN Users WAN Servers Incoming Rules (Inbound Services) Outgoing Rules (Outbound Services) Single PC Firewall Services Figure 56: Add Services Screen Data - Firewall Services Services Existing Ser Add/Edit Service Options Options Figure 58: Options Screen Data - Options Screen Respond to Ping Schedule Figure 59: Schedule Screen Data - Schedule Screen Day Session Use this NTP Current Time IP Address seen by Internet Users Virtual Servers Screen Figure 61: Virtual Servers Screen Data - Virtual Servers Screen Servers Properties PC (Server) Connecting to the Virtual Servers VPN Policies VPN Policies Screen VPN Auto Policy Screen Data - VPN-AutoPolicy Screen General Policy Name Remote VPN NetBIOS Enable IKE Direction Exchange Mode Diffie-Hellman (DH) Group IPSec PFS (Per fect Forward Secrecy) VPN- Manual Policy Screen NETBIOS Enable ESP Configuration SPI Page VPN Status Screen Microsoft VPN Screen Data – Microsoft VPN Screen PPTP Server Auto-disconnect Idle Time-out Remote Users VPN Server Status Screen Windows Client Setup Windows 98/ME Figure 68: Windows ME VPN Adapter Figure 69: Windows ME VPN Remote Host Figure 70: Windows ME VPN Dialing Properties To establish a connection: Windows Figure 71: Windows 2000 Network Connection Figure 72: Windows 2000 Public Network Figure 73: Windows 2000 VPN Host Figure 74: Windows 2000 Connection Availability Figure 75: Windows 2000 Finish Wizard Changing the connection settings Windows XP Figure 76: Windows XP Network Connection Type Figure 77: Windows XP Network Connection Figure 78: Windows XP Connection Name Figure 79: Windows XP Public Network Figure 80: Windows XP VPN Server Figure 81: Windows XP Connection Availability SNMP Screen Advanced Administration PC Database Screen Data - PC Database Screen Known PCs Refresh Generate Report PC Database - Advanced Automatic DCHP Client - Reserved IP Address Fixed IP Address Automatic discovery MAC address is Config File Config File Figure 85: Config File Screen Data - Config File Screen Backup Config Restore Config Logging E-mail Figure 86: Logging Screen Data - Logging Screen Logs Include (Check boxes) • Attempted access to blocked sites - If checked • Connections to the Web-basedinterface of this Router operation E-mail Figure 87: E-mailScreen Data - E-mailScreen E-MailNotification Turn E-mail E-mailAlerts Send E-mail alerts immedi ately E-mailLogs Diagnostics Network Diagnostics Figure 88: Network Diagnostics Screen Data - Network Diagnostics Screen Ping this Remote Administration Figure 89: Remote Administration Screen Data - Remote Administration Screen Remote Administration Enable Remote Management Current Port Number To connect from a remote PC via the Internet Overview Routing Screen Configuring Other Routers on your LAN Static Routing - Example Entry 2 (Segment 2) For Router A's Default Route For Router B's Default Route Upgrade Firmware Figure 92: Router Upgrade Screen To perform the Firmware Upgrade: Modem Mode Figure 93: Home Screen - Modem Mode Figure 94: Mode Screen Data - Mode Screen Device Bridge Mode Operation Figure 95: Status Screen - Bridge Mode Data - Status Screen (Bridge Mode) Associated Devices Associated Devices Troubleshooting Problem 2: Some applications do not run properly when using the ADW Solution 2: Wireless Access Problem 1: My PC can't locate the Wireless Access Point Problem 2: Wireless connection speed is very slow Page About Wireless LANs Roaming Channels WEP Key WEP Authentication Wireless LAN Configuration WEP: WPA-PSK: Ad-hoc networks About VPNs IPSec IKE Policies VPN Configuration VPN Pass-through Client PC to VPN Gateway Connecting 2 LANs via VPN Configuration Settings - Gateway A Figure 100: Gateway A Configuration Configuration Settings - Gateway B Figure 101: Gateway B Configuration Settings Setting LAN A Gateway Page Specifications Wireless Interface FCC Statement CE Approval