Allnet ALL-VPN10 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Allnet ALL-VPN10, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Allnet ALL-VPN10 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Allnet ALL-VPN10. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Allnet ALL-VPN10 should contain:
- informations concerning technical data of Allnet ALL-VPN10
- name of the manufacturer and a year of construction of the Allnet ALL-VPN10 item
- rules of operation, control and maintenance of the Allnet ALL-VPN10 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Allnet ALL-VPN10 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Allnet ALL-VPN10, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Allnet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Allnet ALL-VPN10.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Allnet ALL-VPN10 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    ALL -VPN10 VPN/Firewall WLAN -N W AN Router User´s Manual[...]

  • Page 2

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d II Conten t I. Introd uction ........................................................................................................................... 5 II. Multi- W AN VPN Ro uter Inst allation ......................................................[...]

  • Page 3

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d III 9.1.2 QoS ................................................................................................................................ ...................... 74 9.2 Session contr ol .............................................................[...]

  • Page 4

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d IV 13.3 T raffic St atistic ............................................................................................................................................... 168 13.4 IP / Port St atistic .................................................[...]

  • Page 5

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 5 I. Introduction IPSec VPN QoS Router (ref erred as VPN Router hereby) is a business level security route r th at ef ficiently integr ate s ne w gener ation multiple W AN -port device s. It meets the needs of mediu m enterprises, int ernet c afés , [...]

  • Page 6

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 6 It helps to fr ee enterprises from incre asing hack er intrusion. W ith an e xclusive indepen dent oper ation platf or m, users are able to set u p and use a firewall without prof essional netw ork kno wle dge. VPN Router set ting up an d management[...]

  • Page 7

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 7 II. Multi- WAN VPN Router Installation In this chapter we are going to introduce h ar dware in s tallation. Thro ugh the unders tanding of multi-W AN setting proces s, users can easily setup and manage the network,making VPN R outer functioning an d[...]

  • Page 8

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 8 # Setting Conten t Purpose 1 Hardwar e installation Configure the network to meet user ’ s d emand. Install the device hardware based on user p hy sical requiremen ts. 2 Login Login the device with W eb Browser . Login the device web- based UI. 3 [...]

  • Page 9

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 9 9 VPN V irtual Priva te Network Configure VPN tunnels Configure diff erent type s of V PN to meet diff erent application envir onment. 10 Logout Close configur ation window . Logout VPN Router web- based UI. W e will follow the process flow to c omp[...]

  • Page 10

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 10 III. Hardware Installation In this chapter we are going to introduce hardw are interf ace as well as physic al in st allation . 3.1 LED Signal LED Signal Description LED Color Description Pow er Green Green LED on: P o wer ON DIAG Amber Amber LED o[...]

  • Page 11

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 11 Specifications Model Name ALL-VPN 10 CPU MTK 6856-700MHz Flash/DRAM 16M/ 128M W AN Port 1~2 (10/ 1 00) L AN Port 3~4 (10/ 1 00) USB P ort 2 W ireless Ante nn a 5dBi *2 Opera ting Frequency 2.4GHz Frequency Band 2400 -2483.5MHz Opera ting Chan nels [...]

  • Page 12

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 12 3.2 VPN R outer Network Connecti on W AN connection : A W AN port can be connecte d with xD SL Mo dem, F i ber Mod em, Switching Hub, or through an external route r to connect to the Internet. LAN Connection: The L AN p ort can be connect ed to a[...]

  • Page 13

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 13 IV. Login This chapter is mainly introducing W eb - based UI afte r conneting the device. F irs t, check up the device ’s IP addre ss by connecting to DOS through the L AN PC und er the device. Go to Start → Run, enter cmd t o commend DOS, and [...]

  • Page 14

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 14 Then, open webpage brows er , IE for example, and ke y in 1 92.168.1.1 in the website column. The login window will appear as below: The device ’s def ault usernam e and passwor d are both “admin” . Users can change the login password in the [...]

  • Page 15

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 15 V. V. Device Spec Verification, Status Display and Login Password and Time Setting This chap ter introduces the device specification and status after login as well as ch ange password and sy stem time settings f or security . 5.1 Home P age In the [...]

  • Page 16

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 16 5.1.2 Phy sical Port Status The status of all sy stem ports, including each connected and enabled port, will be shown on th is Home page (see above table). Click the respe ctive s tatus button and a separ ate window will appeare to sho w det ai led[...]

  • Page 17

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 17 5.1.3 Sys tem Informa tion LAN IP /Subnet Mask : Identifies the curren t device IP ad dre ss. The default is 192.168.1.1. W orking Mode : Indicate s the current working mode. Can be NA T Gatew ay or Router mode. The default is “NA T Gate way [...]

  • Page 18

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 18 Remote Man agement: Indicat es if remote managem ent is activate d (on or off). Click th e hyperlink to ente r an d manage the configura tion. Th e def ault configuration is “O ff ” . Access Rule : Indica tes the nu mber of access rule applie[...]

  • Page 19

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 19 5.2 Change and Set Login Pas sword and T ime 5.2.1 Pa ssword Setting When you login t he device setting window every time, you mu st en ter the password. The default v alue f or the device username and pas sword are both “admin” . For security [...]

  • Page 20

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 20 5.2.2 T i me The device can adjust ti me setting. Users can know the exact time of even t occurrences that ar e r ecorded in the Sys tem Lo g, and the time of c losing or openin g a ccess for I nternet res ources. Y ou can either select th e embedd[...]

  • Page 21

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 21 A fter the changes are completed, click “ Apply ” to save the configur ation . Click “Cance l" to le ave without making any change. This action will b e ef fective bef ore ” Apply ” to sav e the configuration.[...]

  • Page 22

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 22 VI. Network This Netw ork p age contains the ba sic settings. For most users, c o mpleting this g enera l setting is enou gh f or connecting w ith the Internet. How ever , some u sers need advanced information from their ISP . Please ref er to the [...]

  • Page 23

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 23 most en vironments, some ISPs in some countries may r equire it. 6.1.2 L AN Setting This is configur ation information for the device curren t L AN IP addre ss. The default configur a tion is 192.168.1.1 and the default Subnet Mask is 255.255.255.0[...]

  • Page 24

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 24 segment configur ation; the Internet will then b e directly accessible. In other words, if there are alr eady diff erent IP segment groups in the Intr anet, th e Inte rnet is still accessi ble without making any changes t o internal PCs. Users c an[...]

  • Page 25

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 25 Use the following DNS Server Addresse s : Select a user-def ined DNS server IP addre ss. DNS Server : Input the DNS IP addre ss set by ISP . A t least one IP group should be input. The maximum acceptable groups is two IP groups. Enable Line-Dro[...]

  • Page 26

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 26 Static IP If an ISP is sues a st atic IP (such as one IP or eight IP addresse s, etc.), pl ea se select t his connection mode an d f ollow the st eps below to inpu t the IP numbers issued by an ISP into the re levant box es. W AN IP address Input t[...]

  • Page 27

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 27 Enable Line-Dropped Scheduling The W AN disconnection schedule wi ll be activat ed by checking th is option. In some area s, there is a time limitation for W AN connection service . For e xample: the op tical fiber service will be disconnected from[...]

  • Page 28

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 28 User Name Input the u ser name issue d b y IS P. P assword Input the passwor d issued by ISP . Connect on Deman d This function enables the auto -dialing function to be used in a PPPoE dial connection. When the client port at tempts to c onn ect wi[...]

  • Page 29

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 29 Enable Line-Dropped Scheduling The W AN disconnection schedule wi ll be activat ed by checking this option . In some areas, ther e is a time li mita tion for W AN connection ser vice. For ex ample: the optical fiber servi ce will b e disconnecte d [...]

  • Page 30

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 30 W AN IP Address This option is to configure a s tatic IP address . The IP addre ss to be configured could be one issued by ISP . (The IP addre ss is usually provided by the ISP when the PC is installe d. Contact ISP for relev ant information). Subn[...]

  • Page 31

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 31 Connect on Deman d This function enables the auto -dialing function to be used f o r a PPTP dial connection. When the client port at tempts to c onn ect with the Internet, the device will automatically connect with the default ISP auto dial connect[...]

  • Page 32

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 32 If there are t wo W ANs configured, users sti ll can select T r a nsparen t Brid ge mode for W A N connection mo de, and load balancing will b e achieved as usual. W AN IP Address Input one of the static IP addr esses issued by ISP . Subnet Mask In[...]

  • Page 33

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 33 Enable Line-Dropped Scheduling The W AN disconnection schedule wi ll be activat ed by checking th is option. In some areas , th ere is a time limitation f or W AN connectio n service. For ex ample: the optical fib er service will b e disconnected f[...]

  • Page 34

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 34 6.2 Multi- W AN Setting When you hav e multiple W AN gatew ays, you can use T raffic Management and Prot ocol Bind ing function to fulfill W AN road balancing, so that we can have highest network band width ef ficiency .[...]

  • Page 35

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 35 6.2.1 Load Balance Mode Auto Load Balance Mode When Auto Load Balance mode is selected, th e device wi ll u se sessions or IP a nd the W AN ban dwidth automatic ally allo cate connec tions to achieve loa d bala ncing for external connection s. The [...]

  • Page 36

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 36 Please ref er to the explanations in 6.2.3 Co nfiguring Pro tocol Binding f or setting up Prot ocol Binding and f or examples of colloca ting router modes with Protocol Binding. Specify W AN Binding Mode This mode enables users to assign specific i[...]

  • Page 37

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 37 Set W AN Grouping: If more than one W AN is connected with Netcom, t o ap ply a simi lar d ivision of traf fic p olicy to these W ANs, a combination f or th e W AN s must be made. Click “Set W AN Grouping ” ; an inter active window as shown in [...]

  • Page 38

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 38 will b e d isplay ed accordingly . A policy document is an editable text document. It may contain a destina tion IP users designat ed. Af ter th e path for document importation has been s electe d, click “ Impor t ” , and then at th e bott om o[...]

  • Page 39

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 39 (or W AN group) under China N etc om stra tegy . 6.2.2 Network Service Detection This is a detection sys tem for network external servi ces. If this optio n is selected, informa tion such “ Retry ” or “ Retry T imeou t ” wil l be displ ay e[...]

  • Page 40

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 40 W AN2 is not to support these destinations, users should select th is option. When the W AN1 connection i s disconnected, pack ets f or 10.0.0.1~10.254.254.254 cannot be tr ansmitted through W AN 2, a nd there is no need to rem o ve the con nection[...]

  • Page 41

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 41 In the load balance mode for Assigned R outin g, the first WAN port (W AN1) will be saved for the traf fic of the IP addre sses or the application service ports that are no t assigned to other W ANs (W A N2). Theref ore, in this mode, we r ecommend[...]

  • Page 42

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 42 connections. In other words, the firs t W AN (W AN1) cannot be configure d with th e Pr otocol Bindi ng ru le. This is to avoid a condition where all W AN s are assigne d to specif ic Intranet IP or Service P orts and d es tination IP , no more W A[...]

  • Page 43

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 43 Class B Network Segment of 210.11.x.x will b e res tricted to a specific W AN . If only specific Service Ports need to be designa ted, while a sp ecific IP destination assignment is not require d, inpu t “0” in to the IP b o xes . Interf ace: S[...]

  • Page 44

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 44 Show Priority : Click the “Show T able” button. A dialogue b o x as shown in t he f ollowing figure will be disp la yed. Us ers can choose to sort the list by priorities or by interf ace. Click “Re fresh” and the page will be refres hed; [...]

  • Page 45

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 45 Apply: Click the “ Apply ” button to sav e the modification. Cancel: Click the “Cancel” button to cancel the modification. This o nly works bef ore “ Apply” is clicke d. Exit: T o q uit this configur ation win dow . Auto Load Balancing [...]

  • Page 46

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 46 Example 2 : How do I set up Auto Load Balance Mode to k eep Intranet IP 192.168.1.150 ~ 200 from going through W AN2 when the d es tination port is Port 80? As in the figure below , select “HTTP [TCP / 80~80]” from the pull - down option lis [...]

  • Page 47

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 47 all Int ernet IP address es). Select W AN1 from the pull- down option lis t “Interf ace” , and then cli ck “Enable” . F inally , click “ Add New” and the rule will be adde d to th e mode. The d evice will t ransmit packe ts that are not[...]

  • Page 48

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 48 Configuring “ Assigned R outing Mode” for load Balance : IP Group: This function allows u sers to a ssign pack ets from specific Intranet IP addre sses or to specific des tination Service Ports and to specific destination IP addresse s throug[...]

  • Page 49

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 49 Example 2 : Ho w do I configure Protocol Bindin g to k eep traffic from all Intranet IP addresse s from going through W AN2 when the destinations are IP 211.1.1.1 ~ 211.254.254.254 as well as the whol e Class A group o f 60.1.1.1 ~ 60.254.254.254[...]

  • Page 50

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 50[...]

  • Page 51

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 51 VII. Intranet Con figuration This chapter introduce s how to configure ports and understand how to configur e intranet IP addre sses. 7.1 P ort Management Su mmary : There are Net work Connection T ype, Interf ac e, Link Status (Up/Down), Port Ac[...]

  • Page 52

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 52 7.2 IP / DHCP W ith an embe dded DHCP serv er , it supports automatic IP a ssignation f or L AN computers. (This function is similar to the DHCP service in NT servers.) It benefits u ser s by freeing them from th e inconv enience of rec ording and [...]

  • Page 53

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 53 Dynamic IP : Client lease T ime : Check the option to activate the DHCP server automatic IP lease function. If the fu nction is activated, all PCs will be able to acquire IP automatically . Otherwise, users should configure s tatic virtual IP f[...]

  • Page 54

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 54 7.3 DHCP Sta tus This is an indication list of the current s tatus and setup record of the DH CP server . The indi ca tions are for the administr ator ’ s refe rence when a network modific ation i s neede d. DHCP Server : This is the current DH[...]

  • Page 55

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 55 IP Addre ss : The IP addre ss acqu ire d by t he curre nt computer . MAC Addr ess : The actual MAC network location of the current computer . Client Lease T ime : The lease time of the IP rele ased by DH CP . Delete : Remove a record of an [...]

  • Page 56

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 56 7.4 IP & MAC Bindin g Adminis trators can apply IP & MAC Binding function to make sure that users can not add extr a PC s f or Internet access or change privat e IP add re sses.[...]

  • Page 57

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 57 There ar e t wo me tho ds for set ting u p th is function : (1) 、 Block MAC address not on the list This method only a llows MAC addresse s on t he list to receive IP addre sses from DHCP and have Int ernet access. When this method is applied, [...]

  • Page 58

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 58 ( 2) 、 IP & MAC Binding Static IP : There ar e t wo wa ys to input static IP: 1. If users wan t to set up a MAC address to acquire IP from DHCP , but the IP need not be a specific assigned IP , in put 0.0.0.0 in the box es. The box es canno[...]

  • Page 59

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 59 Add : Add new binding. Block M AC address on th e list with wrong IP addre ss : When this option is act ivat ed, MA C addre sses which are not included in the list will not be able to connect with the I nte rnet. Show New IP user : This funct[...]

  • Page 60

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 60 VIII. Wireless Network Wireless function is enabled b y default. The WLAN L ED will be on after syst em booting. Client device can find SSID as _AP_1. Please refer to followi ng illustrations to chan ge configuration.[...]

  • Page 61

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 61 8.1 Basic Configura tion Enable W ir eless Netwrk Check the box to enable wireless function. Network Mode The def ault value is “11bgn Mixe d Mode” . “11bgn Mixe d M ode” , “11b Only ” , “11g only ” and “11n O nly ” also can be [...]

  • Page 62

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 62 This function will greatly improve the data tr ansfer r ate betw een W MM -enabled wirele ss devices. WMM AP Parame ter Setting T x Power The def ault value is 100 %. T o narrow down covering r ange, users can input a smaller value. Channel Bandwid[...]

  • Page 63

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 63 8.2 Security Setting[...]

  • Page 64

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 64 8.2.1 Select SSID No. The number of this SSID. Status Indicate if thi s SSID is enabled. SSID The name of wireless network. SSID is also called ESSID , which is for recognizing and es tablishing a wireless netw ork. BSSID Indicate s the MAC of this[...]

  • Page 65

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 65 If “WEP auto” is checke d, clie nt users can choos e any security mode. Def ault Key Select one of following 4 sets to be security k ey . 64 -bit (10 hex digits) Input 10 hex digits (0~9, a~f , A ~F) as WEP ke y . 128 -bit (26 hex digits) Input[...]

  • Page 66

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 66 WP A Algorithms There ar e TKIP , AES and Auto can be chosen. At tention! Only AES can achieve 802.11n r ate. ReK ey Interval WP A/WP A2-PSK will rek ey in a fixed int erval. The interval can be configure d. PMK Cache Period When a wireless client [...]

  • Page 67

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 67 RADIUS Port Input RADIUS ser vice port. Shared Secr et Input initial shared k ey . Session T imeout Input a maximum idle ti me. If the link id les ov er time, t he connection will be terminated. 8.2.3 WPS Conf ig Users c an enable WPS functio n whe[...]

  • Page 68

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 68 T wo devices should be set in the same subn et as figure abov e. Configura tions of two devices should be the same. Basic Setting ※ Under WDS mode, ch annel ban dwidth should be “20” . Security Mode WDS should be enabled on b oth device s. MA[...]

  • Page 69

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 69 ※ If WEP mode is enabled, s ystem will arrange 4 sets of k ey for those MACs. Mak e sure the order is correct. (2) Or check “Scanning ” to select existing AP and then click “Submit ” .[...]

  • Page 70

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 70 8.2.5 Acce ss F i lte r For additional security of wireless acces s, the Access Control f aci lity allows you to re strict the network access right by contr olling th e wir eless L AN MAC address of clien t. Only t he valid MAC addre ss that has be[...]

  • Page 71

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 71 8.3 Station Lis t Station Lis t provides the knowledge of c onnecting wireless clients . MAC Addr ess The MAC addre ss of client device. DHCP IP The IP addre ss allocate d from s ystem. Host Name The host name of client device. SSID SSID of client [...]

  • Page 72

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 72 IX. QoS (Quality of Service) QoS is an abbrevia tion for Quality of Service. The main fun ction is to res trict bandwidth u sage f or so me services and IP addres ses to save band width or pr ovide priorit y to specific applica tions or services, a[...]

  • Page 73

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 73 9.1 Bandwidth Management[...]

  • Page 74

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 74 9.1.1 The Maximum Bandwidth p rov ided by ISP In the boxe s f or W AN1 and W AN2 bandwidth, input the upstre am and downs tream ban dwidth which users ap plied for from bandwidth supplier . The b andwidth Qo S will make calculations according to th[...]

  • Page 75

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 75 Interf ace : Select on which W AN the Qo S rule should be execut ed. It can be a single s election or multiple selections. Service Port : Select what bandwidth control is to be configur ed in the Qo S rule. If the bandwidth f or all s ervices o[...]

  • Page 76

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 76 Direction : Upstr eam: Means the upload b andwidth for Intr anet IP . Downstre am: Means the dow nload bandwidth for Intr anet IP . Server in L AN, Upstre am : If a Server for ext ernal connection has been built in the device, this option is to c[...]

  • Page 77

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 77 Move up & Move down : QoS rules will be ex ecu te d from the bottom of the lis t to the top of the list. In other wor ds, th e lower down the list, the higher the priority of exe cution . Users c an arrang e the sequ ence according to their p[...]

  • Page 78

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 78[...]

  • Page 79

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 79 Example 2. How to set up the maximum download speed of each W AN to 512Kbit/Sec for each L AN user? One b y one IP to set up? No nee d to set up one by one. Below is the e xample. Click bo th W AN1 and WAN2; th en choose “No Check Port[T CP&U[...]

  • Page 80

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 80 9.2 Se ssion control Session managem ent controls the ac ceptable m aximum simultaneous sessions of Intranet PCs. Thi s function is very use ful for managing connection quantity when P2P software such a s BT , Thunder , or emule is used in the Intr[...]

  • Page 81

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 81 When single IP excee d __ : If this function is selected, when the user ’ s port session re a ch the limit, this user will not b e able to mak e a new session for fiv e minutes. Ev en if the previous session has been closed, new sessions cannot[...]

  • Page 82

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 82 Source IP : Input the IP ad dress range or IP group. Enabled : Activ ate the rule. Add to lis t : Add this rule to the list. Delete selete d item : Remove the rules selecte d from the Ser vice List. Apply : Click “ Apply ” to save th [...]

  • Page 83

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 83 9.3 Smart QoS The smart QoS function enables th e adminis t r ators to constrain th e bandwidth occupied automatically without any configuring. Enabled QoS : Choose to apply QoS function . When the usage of any W AN’ s ban dwidth is over than__[...]

  • Page 84

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 84 Scheduling : If “ Alwa ys” is selected, the rule will be execute d around the clock. If “From…” is selected, the rule will be exe cuted according to the configure d time rang e. For example, if the time contr ol i s from Monda y to Frid[...]

  • Page 85

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 85 X. Fire wall This chapter introduce s firewall gener al policy , access rule, and conten t fi lter set tings to e nsure n etwork security . 10.1 G eneral Policy The firewall is enable d by default. If the firew all is set as d isabled, fe atures su[...]

  • Page 86

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 86 Remot e Management : T o ente r th e device web- based UI by connecting to the remote Inte rnet, this f eature must b e activat ed. In the fie ld of remote browser IP , a valid external IP addre ss (W AN IP) for the device should be filled in an [...]

  • Page 87

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 87 10.2 A ccess Rule Users ma y turn on /o ff the set ting t o permit or f orbid any p ack et to access internet. Users ma y select to set diff erent network access rules: from internal to external or from external to internal. Users m ay set diff ere[...]

  • Page 88

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 88 Delete : Remove the item. Add New Rule : Cre ate a new network access rule Re store to Default Rule : Re store all settings t o the d ef ault v alues and delete all the self-defined settings. 10.2.1 Add New Acce ss Rule Action : Allow: Perm[...]

  • Page 89

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 89 addre ss within a session. Des t. IP : Select the destination IP r ange (such as Any , Single, Range, o r pre set I P group name) If Single or Range is selecte d; p lease en ter a singl e IP addre ss or an IP addre ss within a session. Scheduling[...]

  • Page 90

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 90 Example 2. : How to f orbid in tranet IP r ange from 192.168.1.200 to 230 to access service port 80? Action : Forbid Service Port : TCP 80 Source Inte rface : L AN (Meaning to serv ice port 80 which blocks the traf fic from intranet to int [...]

  • Page 91

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 91 10.3 Con tent F ilter The device supports two webpage restriction modes: one is to block certain forbidden domains, and the other is to give access to certain web pages. Only one of these two modes can be selecte d. Block Forbidden Domain F ill in [...]

  • Page 92

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 92 Add : Enter the we bsites to be controlle d such as www .playboy .com Add to lis t : Click ” Add to list ” to cre ate a new website to be contr olled. Delete selecte d item : Click to select one or more controlle d websites and click this[...]

  • Page 93

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 93 Accept Allow ed Domains In some companies o r schools, employees and st udents are only allowe d to access som e specific websites. This is the purpose of the func tion. Enabled : Activ ate the f un ction . The default setting is “Disabled. ”[...]

  • Page 94

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 94 Exception IP Here IP /IP ranges ar e exempt ed from “ Accept Allowe d Doma in” through this method. Exception IP addre ss Input u nre stricte d IP/IP Rang e Add to lis t : Click this button to add new unre stricte d IP s Delete selecte d item[...]

  • Page 95

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 95 XI. L7 Management 11.1 L7 F i lter (1) Rule list:[...]

  • Page 96

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 96 (2) Add new rule: click[...]

  • Page 97

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 97 Below are the st eps for rule setting with an exmple in the enterprise: Step 1: Name the rule The name of the rule will b e shown on t he list, so a dministrat or could name th e rule by users or usages. Step 2: Choose the application ※ F igures [...]

  • Page 98

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 98 Step 4: Set ex ceptaional users (IP or QQ num ber)  A dministr ator can set IP address or QQ numbers (if QQ is blocke d) in the exceptional user setting.  Ple ase note that the ex ception al user setting will be applied to all the rules in th[...]

  • Page 99

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 99 11.2 L7 VIP Priority Chan nel (1) Rule List: (2) Add New Rule: Click[...]

  • Page 100

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 100 Step1: Basic Set ting The name of the rule will b e shown on the list, so adminis trator c ould name th e rule by users or usages. Select one W AN as VIP . For example, only the traff ic of president room on W AN1 and WAN2 is VIP , traf fic on oth[...]

  • Page 101

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 101 Step2: Set Applica t ion or IP as VIP  Set applic ation as VIP . For instance, [Webpag e] is select ed. When the sys tem rec ogni zes the IP is u sing webpage s ervice, the sys tem will gi ve VIP priority .  Set sour ce IP /Group as VIP . Fo[...]

  • Page 102

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 102 T ake a community for an ex ample: The community will ensure VIP authority when internal user s b row se webpage, the administra tor shou ld check [VIP Application] and [webpage] at It em column. ※ F igures are us ed f or ref erence. Please visi[...]

  • Page 103

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 103 Step 4: Click to sav e the r ules.[...]

  • Page 104

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 104 11.3 L7 QoS (1) Rule List :[...]

  • Page 105

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 105 The Maximum Bandwidth p rov ided by ISP : This table is relative t o general QoS function. F illing WAN Ups tream/Downstream bandwidth with realis ti c broadband network bandwidth which u ser applying by ISP , QoS Bandwidth control is accor ding[...]

  • Page 106

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 106 (2) Add New Rule : Click Step 1: Name the rule The name of the rule wi ll be shown o n the list, so adminis trator c ould n ame the rule by users or usages. Step 2: Choose the applic ation[...]

  • Page 107

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 107 ※ F igures are us ed f or ref erence. Please visit the official website f or the actual application support list. A fter choosing [Category], the [Item] column wil l show the crosponding list. Hints: Directly click on the applications to put the[...]

  • Page 108

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 108 Step 3: QoS Configuration Interf ace Select on which W AN the Qo S rule should be execut ed. It can be a single s election or multiple selections. Source IP /Group This is to select which user is to b e contr olled. If only a single IP is to be re[...]

  • Page 109

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 109 Step 4: Make sure the time se tting is correct to make the rule in eff ective only dur ing the set time. All time is set as the default. The time frame c ould b e modified in the following settings. Step 5: Click to sav e the r ule set ting.[...]

  • Page 110

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 10 11.4 Application Define When you set up the L7 Man ag ement rules, not on ly you can select the application t hat is define d b y , but also you can add your own L7 applications by the URL, destination IP addre ss or the port nu mber . Y ou can s[...]

  • Page 111

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 111 Application Define-Add New Rule Step 1 : Name the Application Step 2 : Define the application by th e URL, destination or the port number . The definable par ameter as below : Des t. IP If only a single IP is to be res tr icte d, inp ut this[...]

  • Page 112

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 12 The Administra tor can check t he whole applied app lica tion s from the Application Status function, including the ID of the policies. ※ F igures are us ed f or ref erence. Please visit the official we bsite f o r the actual application supp o[...]

  • Page 113

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 13 XII. VPN (Virtual Private Ne twork) 10.1. VPN[...]

  • Page 114

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 14 10.1.1 . Add a New VPN T un nel The device supports Gatewa y to Gatewa y tunn el or Client to Gatew ay tunnel. The VPN tu nnel c onnections are don e by 2 VPN device s via the Internet. When a new tunnel is added, the setting pag e for Gatew ay t[...]

  • Page 115

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 15 10.1.1.1. Gatewa y to Gate wa y Setting The f ollowin g instructions will guide users t o set a VPN t unnel between two devices. T unnel No. : Set the embedded VPN f eature, please select the T unnel nu mber . T unnel Name : Displays the cu r[...]

  • Page 116

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 16 IP + E-mail Addr . (USER FQDN) Authentication Dynamic IP + Domain Nam e (FQDN) Authentication Dynamic IP + E-mai l Addr . (USER FQDN) Authentication. Dy namic IP address + E mai l address name (1) IP only: If users decide to use IP on ly , enteri[...]

  • Page 117

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 17 re spond to this VPN tunnel connection; if user s s elect this option to link t o VPN, please ent er th e domain name. (5) Dynamic IP + E -mai l Addr . (USER FQDN) Authentication. If users use dynamic IP addre ss to c onnect to the device, users [...]

  • Page 118

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 18 Remot e Group Setup : This remote gatew ay authentication type (Rem ote Secu rity Gatew ay T ype) must be identical to the remot ely-connected loc al s ecurity gat ewa y au thentication type (Local Security Gatew ay T ype). Remot e Security Gat[...]

  • Page 119

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 1 19 name to be verifie d. FQDN re fers to th e combination of host n ame and domain name. Users may enter any name that corresponds to the domain name of F QDN. This IP address and domain name mus t be identical t o those of the remot e VPN security [...]

  • Page 120

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 120 name. (5) Dynamic IP + E -mai l Addr . (USER FQDN) Authentication. If user s use d ynamic IP address to connect with the device, user s may select this type to link to VPN. When the remote VPN gatew ay requires connection to f acilitate VPN connec[...]

  • Page 121

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 121 IPSec Setup If there is any encryption mechanism, the encryption mechan ism of these two VPN tu nnels must be identical in order to creat e connection. And the transmission data must be encrypte d with IPSec ke y , which is known as th e encryptio[...]

  • Page 122

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 122  Pha se 1 / Phase 2 Encryption: This optio n allows u ser s to s et th is VPN tunnel to use any encryptio n mode. Note that this paramet er must be identical to that of the remote encrypt ion p arameter: DES ( 64 -bit encryption mode), 3D ES ( [...]

  • Page 123

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 123 ● Aggr essive Mo de: This mode is mostly adop te d by remot e devices. The IP connection is designed to enhance the security control if dynamic IP is used for connection. ● U se IP He ader Compression Prot ocol: If this option is selected, in [...]

  • Page 124

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 124 Heart Beat is still failure ov er t he retry def ault. The VPN Heart Beat detection and DPD fe atures are b oth used to provide a stabil e VPN solution f o r customer s. The diffe rence between them is th at we can use the Heart B ea t detection i[...]

  • Page 125

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 125 10.1.1.2. Client to Gatewa y Setting The following describes how an a dministra tor bu ilds a VPN tun nel between devices. U sers can set this VPN tunnel to be used by one cli ent at the client end. If it is used by a group of clients, th e indivi[...]

  • Page 126

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 126 Local Group Setup This local g atew ay au thentication type (Loc al Security G atewa y T ype) mus t be identical with that of the remot e type (Remote Security Gatewa y T ype). Local Security Gatewa y T ype : This local g atewa y auth entication[...]

  • Page 127

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 127 settings. (4) Dynamic IP + Domain Na me(FQDN) Authentication: If users use dynamic IP address to connect to the device, us ers may select this option to link to VPN. If the remote VPN g atewa y requires c onnection to the d evice f or VPN connecti[...]

  • Page 128

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 128 addre ss of 192.168.1.0 can establish c onn ection. 2. Subnet This option allows local computers in t his subnet to be connecte d to the VPN tunnel. Re ference: When this VPN tunnel is connected, only computers with th e session of 192.168.1.0 and[...]

  • Page 129

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 129 Remot e Group Setup : This remote gatew ay authentication type (Rem ote Secu rity Gatew ay T ype) must be identical to the remot ely-connected loc al s ecurity gat ewa y au thentication type (Local Security Gatewa y Type). Remot e Security Gat e[...]

  • Page 130

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 130 (3) IP + E-mail Addr . (USER FQDN) Authentication . If user s select IP address an d E-mail, ent er the IP addres s and E-mail addre ss t o gain access t o this tunnel and the W AN IP a dd re ss will be automatic ally filled into this space. Users[...]

  • Page 131

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 131 IPSec Setup If there is any encryption mechanism, th e encryption mechanism of th ese two VPN tunnels must be identical in order to cre ate con nection. And the transmission data must be encrypted with IPSec ke y , which is known as the encryption[...]

  • Page 132

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 132  Pha se 1 / Phase 2 DH Group: This option allows u ser s to select Diffie-Hellman groups: Group 1 / Group 2 / Group 5.  Pha se 1 / Phase 2 Encryption: This optio n allows u ser s to s et th is VPN tunnel to use any encryptio n mode. Note tha[...]

  • Page 133

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 133 The advance d settings include Main Mod e and Aggressive mode. For the Main mode, the def ault setting is se t to VPN operation mode. The connection is the same to most of the VPN devices. ● Aggr essive Mo de: This mode is m ostly adopted by rem[...]

  • Page 134

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 134 es tablished. Retry The d ef ault retry times are 5. The sy stem will t erminate the VPN tunnel if th e Heart Beat is still failure ov er t he retry def ault. The VPN Heart Beat detection and DPD fe atures are b oth used to provide a stabil e VPN [...]

  • Page 135

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 135 Enabled PPTP Server : When this option is selected, the point- to -point tunnel protocol PPTP server can be enabled. PPTP IP Addre ss Ran ge : Please ent er PPTP IP address rang e so as to provide the remote user s with an entrance IP int o th[...]

  • Page 136

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 136 Pa ssword : Confirm Passw ord : Enter the pas sword and confirm again by ente ring the n ew passw ord. Add to lis t : Add a new account and passwor d. Delete selecte d item : Delete Selecte d Item. Connection List All PPTP Status:Display s[...]

  • Page 137

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 137 10.2. QVM VPN Function Setu p The QVM-series device provides three major convenient functions: 1. Smart Link IPSec VPN: Eas y VPN setup r eplaces the conventional complic ated VPN setup process by entering Server IP , User Name , and Pa ssword . 2[...]

  • Page 138

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 138 Acc ount ID : Must be identical to that of the ser ver account ID . Pa ssword : Confirm Passw ord : Must be identical to that of the ser ver pas sword. Please ent er the password and confirm again. QVM VPN ( IP Addre ss or Dyn amic Domain [...]

  • Page 139

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 139 XIII. Advanced Function 11.1 DMZ Host/ Port Range Forwarding 11 .1.1 DMZ Ho st When the NA T mode i s activate d, sometime s users ma y nee d to use app lica tions that do not support virtual IP addresses such as network games. W e recommend that [...]

  • Page 140

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 140 with Port 80 (the service po rt of WW W is P ort 80) to access the internal server directly . In the configur ation page, if a web ser ver address such as 1 92.168.1.50 and the Port 80 ha s been set up in the configur ation, this web page will be [...]

  • Page 141

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 141 is not in the list, we r ecomm end that users use “Service Port Management ” to add or remov e ports, as follows : Service Name : Input the n ame of the se r vice port users want to activ ate on the list, such as E-donk ey , etc. Protoc ol[...]

  • Page 142

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 142 11.2 UPnP UPnP (Universal Plug and Play) is a protocol set by Microsoft. If the virtual host supp orts UPnP sys tem (such as W indows XP), users could also a ctiva te the PC UPnP functi on to work with the device. Service Port: Select the UPnP ser[...]

  • Page 143

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 143 11 .3 Routing In this chapter we introduce th e Dy namic Routing Information Protocol and Static Routing Informa tion Protoc ol. When there are more than one router and IP subnets, th e r outin g mode f or the device should be configur ed as st at[...]

  • Page 144

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 144 Des t. IP : Subnet Mask : Input the remote network IP loca tions and subnet that is to be route d. For ex ample, the IP /subnet is 192.168.2.0/ 255.255.255.0. Gate way : The def ault gatewa y location of the network node which is to be route[...]

  • Page 145

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 145 11 .4 One to One N A T As b oth the device and A TU-R need on ly o ne act ual IP , if ISP is sued more than one act ual IP (such as eight ADSL st atic IP addres ses or more), users can map the remaining re al IP addre sses to the intranet PC virtu[...]

  • Page 146

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 146 Enabled One to One NA T : T o a ctiva te or close the On e- to -One NA T function. (Check to activa te the function). Priva te IP Ran ge Begin : Input the Private IP addr ess for the Intr anet One - to -On e NA T function. Public IP Range Begi[...]

  • Page 147

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 147 described F irew all. 10.5 DDNS- Dynamic Do main Name Ser vice DDNS supports the dynamic web addr ess transf er for NOIP DDN S 、 DynDNS. This is for VPN connections to a website that is built with dy namic IP addre sses, and f or dynamic IP remo[...]

  • Page 148

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 148 * The UI might vary from model to model, depending on differ ent product lines. Interf ace This is an indication of the W AN port th e user has selecte d. DDNS Check either of the box es before D ynDNS and NOIPD DNS to select one of the f our DDN [...]

  • Page 149

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 149 11 .6 MAC Clone Some ISP will reque st f or a fixed MAC address (network card p hysical address) for distributing IP ad dre ss, which is mostly suitable for cable mode users. Users can input the network card phy sical address (MAC ad dre ss: 00 - [...]

  • Page 150

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 150 11.7 USB Storag e By using FTP Client software o r SAMBA, users ar e able to access the fil es s tored in the USB Stor age device (F A T32 /N TFS) aft er be ing inserted to the USB port on the router . The USB LED notification will l ight up after[...]

  • Page 151

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 151  User name : User nam e of the account f or both FTP an d SAMBA Services.  Pa ssword : Passwor d of the account f or both FTP and SAMBA Services. Must con tain at least 5 charact ers.  Acce ss Policy :  re ad only : User can on[...]

  • Page 152

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 152 (3) A dv anced Set tings  Simultaneous FTP Connection : T o tal number of client c onnections th e FTP Server can accept at the same time.  FTP Service Charset : FTP Ser ver Charact er set, the selections are UFT8, GB2312 and BIG5.[...]

  • Page 153

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 153 11 -7-2 SAMB A SAMBA Service functionality is enab led by def ault, o nly the setup of an user account is required to use the se r vice. (1) User Acc ount Setup  User name : User nam e of the account f or both FTP an d SAMBA Services.  Pa [...]

  • Page 154

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 154  re ad only : Users c an on ly re ad from the stor age device.  re ad-write : Users can add, rea d, o r delete the files s tore d i n the device. (3) A dv anced Set tings  Host Name : The name for the router .  W ork Group : Th[...]

  • Page 155

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 155 XIV. System T ool This chapter introduce s the m anagement tool f or controlling the device and tes ting n etwork connection. For security conside r ation, we s trongly sugges t to change the password. Pa ssword and T ime setting is in Chapter 5.2[...]

  • Page 156

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 156 Ping This item informs users of the status quo of the ou t bound session and allow s th e user to kn ow the existe nce of computer s online. On this tes t screen, please enter the ho st IP th at users want to test such as 192.168 .5.20. Press &quo[...]

  • Page 157

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 157 12 .2 F irmware Upgra de Users ma y directly upgrade the device firmwar e on t he F irmware Upg r ade page. Please confirm all inform ation abo ut the softw a re ve rsion in advance. Select and b row se the software file, click "Firmware Upgr[...]

  • Page 158

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 158 12 .3 Configuration Backup Import Configuration F ile : This fea ture allo ws users to integra te all b ackup conten t of par ameter settings into the device. Bef ore u pgr ade, confirm all information abo ut the sof t war e v ersion. Select and[...]

  • Page 159

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 159 12 .4 SNMP Simple Network Management Protoc ol (SNMP ) re fer s to network management commu nications protocol and it is also an important network management item. Through this SNMP communications protocol, pr ograms with network mana gement (i.e.[...]

  • Page 160

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 160 Enabled : Activ ate SNMP fea ture. The default is activate d. Sys tem Name : Set the name of the device su ch as . Sys tem Contact : Set the name of the person who manages the de vice (i.e. John). Sys tem Location : Define the location of [...]

  • Page 161

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 161 12 .5 Syst em Recover Users c an restart the device with Sys tem Recove r button. Sys tem Rec o ver As the figure below , if clicking “Re start Router ” button, the dialo g block will pop out, confirming if users would like to rest art the d e[...]

  • Page 162

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 162 Return to F actory Def ault Setting If clicking “Return to F actory Def ault Setting, the dialog block will pop out, if the device will return to factory def ault.[...]

  • Page 163

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 163 XV. Log From th e log management and look up, w e can see th e relevant operation sta tus, whi ch is convenient f or us to f acil itat e the setup and opera tion. 13.1 Syst em Log Its s ystem log off ers three options: s ystem log, E-mai l alert, [...]

  • Page 164

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 164 Sys tem Log Enable : If this option is selected, the Sys tem Log fea ture wi ll be enabled. Sysl og S erver : The device provides external syst em log ser vers with log collection f eature. Sys tem log is an ind ustrial s tandard communication[...]

  • Page 165

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 165 General Log The device provides the f ollo wing warning message. Click to activate the fe ature. System error message, block ed regula tions, regulation of passage permission, sys tem configura tion chan ge and regis tration verifica tion . Sys te[...]

  • Page 166

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 166 13 .2 Syst em Statistic The device has the real-time surv ei llance ma nagement feature th at provide s s ystem current operation inform ation such as port location, device name, current W AN link sta tus, IP addre ss, MAC addre ss, subnet mask, d[...]

  • Page 167

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 167[...]

  • Page 168

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 168 13 .3 T raffic Sta tistic Six messages will be displaye d on t he T raffi c Statistic page to provide better traf fic management and control. 13 .4 IP / Port Sta tistic The device allows administrator s to inquire a specific IP (or fr om a specifi[...]

  • Page 169

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 169 Specific IP Status : Enter the IP addre ss that users want to inquire, and then the entir e des tination IP connected to remote devices as well as the number of ports will be displayed. Specific Port Sta tus : Enter the service port number in [...]

  • Page 170

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 170 XVI. Log o ut On the top right corner of the web- base d UI, there is a L ogout butt on. Click on it to log out of the web - base d UI. T o enter next time, open the Web browser and enter the IP address, user name an d passw ord to log in.[...]

  • Page 171

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 171 Appendix I : Technical Support Information O fficial Websit e http: // www .allnet.de Support : E- mail : support@al lnet.de[...]

  • Page 172

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 172 Appendix II Federal Communication Commission Interference Statement This device complies with Part 15 of the FCC Rules. Ope r ation is sub ject to the f ollowing t wo conditions: (1) This device may not cause harmful interf erence, and (2) this de[...]

  • Page 173

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 173 This device complies with the essential r equirements of the R&TTE Directi ve 1999/ 5 /EC. The following te st methods have been ap plied in order to prov e presumption of c onformity with the essential requiremen ts of the R& TTE Directiv[...]

  • Page 174

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 174 ALLNET GPL Code S tatement This ALL NET product includes software cod e developed b y third parties, including software code subject to the GNU General Public License ("GPL") or GNU Lesser General Public License (" LGPL"). As a[...]

  • Page 175

    ALL-VPN10 VPN/F irewall WLAN -N W AN Router © ALLNET GmbH Mün chen 2013 - All rights res er ve d 175 CE -Declaration of Conformity For the following eq uipment: Germering, 11 th of O ctober , 2013 VPN/Fire w all WLA N-N W AN Rou ter A L L-VPN10 The safet y ad vice in the documentation accom panying the products shall be obeyed. The conform ity t [...]