LevelOne FBR-1404TX manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of LevelOne FBR-1404TX, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of LevelOne FBR-1404TX one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of LevelOne FBR-1404TX. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of LevelOne FBR-1404TX should contain:
- informations concerning technical data of LevelOne FBR-1404TX
- name of the manufacturer and a year of construction of the LevelOne FBR-1404TX item
- rules of operation, control and maintenance of the LevelOne FBR-1404TX item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of LevelOne FBR-1404TX alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of LevelOne FBR-1404TX, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the LevelOne service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of LevelOne FBR-1404TX.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the LevelOne FBR-1404TX item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    LevelOne FBR-1404TX Broadband VPN Gateway w/ 4-port Switch User’s Manual Version:1.1[...]

  • Page 2

    Table of Contents CHAPTER 1 INTRODUCTION ............................................................................................. 1 LevelOne Broadband VPN Gateway Features ............................................................... 1 Package Contents ..........................................................................................[...]

  • Page 3

    Certificates ................................................................................................................... .... 80 CRLs ........................................................................................................................... ...... 84 VPN Status ...............................................................[...]

  • Page 4

    Chapter 1 Introduction This Chapter provides an overview of the LevelOne Broadband VPN Gate- way's features and capabilities. Congratulations on the purchase of y our new LevelOne Broadband VPN Gateway. The Leve- lOne Broadband VPN Gateway is a m ulti-func tion device providing t he following services: • Shared Broadband Internet Access for [...]

  • Page 5

    LevelOne Broadband VPN Gateway User Guide Advanced Internet Functions • Communication Applications. Support for Internet com municat ion applications, such as interactive Gam es, Telephony, and Conferencing appl ications, which are often di fficult to use when behind a Firewall, is i ncluded. • Special Internet Applications. Applications which [...]

  • Page 6

    Introduction • Protection against DoS attacks. DoS (Denial of Service) attacks can flood y our Internet connection with invalid packets a nd connection requests, usi ng so much band- width and so many resources that Internet access becom es unavailable. The LevelOne Broadband VPN Gateway incorporates protect ion against DoS attacks. • Rule-base[...]

  • Page 7

    LevelOne Broadband VPN Gateway User Guide Physical Details Front-mounted LEDs Figure 2: Front Panel Power (Green) On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. LAN For each port, there are 2 LEDs • Link/Act (Green) • On - Corresponding LAN (hub) port is acti[...]

  • Page 8

    Introduction Rear Panel Figure 3: Rear Panel Reset Button This button has two (2) functi ons: • Reboot . When pressed and released, the LevelOne Broadband VPN Gateway will reboot (restart). • Clear All Data . This button can also be used to clear ALL data and restore ALL settings to the factory defaul t values. To Clear All Data and resto re th[...]

  • Page 9

    Chapter 2 Installation This Chapter covers the physical installation of the LevelOne Broadband VPN Gateway. Requirements • Network cables. Use standard 10/100BaseT network (UTP) cables wit h RJ45 connectors. • TCP/IP protocol m ust be installed on all PCs. • For Internet Access, an Internet Access account with an ISP, and either of a DSL or C[...]

  • Page 10

    Installation required. Just connect any LAN port to a norm al port on the ot her hub, using a standard LAN cable. 3. Connect WAN Cable Connect the DSL or Cable m odem to t he WAN port on the LevelOne Broadband VPN Gateway. Use the cable suppli ed with your DSL/Cabl e modem . If no cable was supplied, use a standard cable. 4. Power Up • Power on t[...]

  • Page 11

    Chapter 3 Setup This Chapter provides Setup deta ils of the LevelOne Broadband VPN Gate- way. Overview This chapter describes the setup procedure for: • Internet Access • LAN configuration PCs on your local LAN m ay also require configurati on. For details, see Chapter 4 - PC Con- figuration . Other configuration m ay also be required, de pendi[...]

  • Page 12

    Setup Configure or use any of the followi ng: • Config File backup/restore • PC Database • Remo te Ad min • Routing (RIP and stat ic Routing) • Upgrade Firmware • UPnP Chapter 9: Other Features and Settings Where use of a certain feature requires that PCs or other LAN devices be configured, this is also explained in the relevant chapter[...]

  • Page 13

    LevelOne Broadband VPN Gateway User Guide Using your Web Browser To establish a connection from your PC to t he LevelOne Broadband VPN Gateway: 1. After installing t he LevelOne Broadband VPN Gateway in your LAN, st art your PC. If your PC is already runni ng, restart it. 2. Start your WEB browser. 3. In the Address box, enter "HTTP://" a[...]

  • Page 14

    Setup Setup Wizard The first time you connect to the LevelOne Bro adband VPN Gateway, the Setup Wizard will run automatically. (The Setup Wizard will also ru n if the LevelOne Broadband VPN Gate- way's default sett ing are restored.) 1. Step through the Wizard until finished. • You need to know the type of Internet connection service used by[...]

  • Page 15

    LevelOne Broadband VPN Gateway User Guide PPPoE You connect to the ISP only when required. The IP address is usually allocated auto m ati- cally. User name and password. PPTP Mainly used in Europe. You connect to the ISP only when required. The IP address is usually allocated auto m ati- cally, but may be Static (Fixed). • PPTP Server IP Address.[...]

  • Page 16

    Setup Home Screen After finishing or exitin g the Setup Wizard, you will see the Home screen. When you connect in future, you will see this sc reen when you connect. An example screen is shown below. Figure 6: Home Screen Navigation & Data Input • Use the menu bar on the top of t he screen, and the "Back" button on your Browser, for[...]

  • Page 17

    LevelOne Broadband VPN Gateway User Guide LAN Screen Use the LAN link on the main m enu to reach the LAN screen. An example screen is shown below. Figure 7: LAN Screen Data - LAN Screen TCP/IP IP Address IP address for the LevelOne Broa dband VPN Gateway, as seen from the local LAN. Use the default valu e unless the address is already in use or you[...]

  • Page 18

    Setup DHCP What DHCP Does A DHCP (Dynami c Host Configuration Prot ocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request. • The client request is ma de when the client device start s up (boots). • The DHCP Server provides the Gateway and DNS addresses to the clien t, as well as allocating an IP Address. • The [...]

  • Page 19

    LevelOne Broadband VPN Gateway User Guide Password Screen The Admin Login screen all ows you to assign a user nam e and password to the LevelOne Broadband VPN Gateway. Figure 8: Password Screen 1. The default login nam e is "admi n". Change this to the desired value. 2. The default password is blank (no password). Enter t he desired passw[...]

  • Page 20

    Chapter 4 PC Configuration This Chapter detail s the PC Configurat ion required on the local ( "Internal") LAN. Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration Windows Clients This section describes how to configure Windows clients for In ternet access via the Le[...]

  • Page 21

    LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Net work . You should see a screen like t he following: Figure 10: Network Configuration 2. Select the TCP/IP protocol for your network card. 3. Click on the Properti es button. You should then see a screen li ke the following. Figure 11: I[...]

  • Page 22

    PC Configuration • On the Gateway tab, enter the LevelOne Broadband VPN Gateway 's IP address in the New Gateway field and click Add , as shown below. Your LAN adm inistrator can advise you of the IP Address they assigned to the LevelOne Broadband VPN Gat eway. Figure 12: Gateway Tab (Win 95/98) • On the DNS Configurati on tab, ensure Enab[...]

  • Page 23

    LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Net work , and, on the Protocols tab, select the TCP/IP prot ocol, as shown below. Figure 14: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below. 20[...]

  • Page 24

    PC Configuration Figure 15: Windows NT4.0 - IP Address 3. Select the network card for your LAN. 4. Select the appropriate radi o button - Obtain an IP address from a DHC P Server or Specify an IP Address , as explained below. Obtain an IP address from a DHCP Server This is the default Windows setting. Using this is recommended . By default, the Lev[...]

  • Page 25

    LevelOne Broadband VPN Gateway User Guide Figure 16 - Windows NT4.0 - Add Gateway 2. The DNS should be set to the address provided by y our ISP, as follows: • Click the DNS tab. • On the DNS screen, shown below, click the Add button (under DNS Service Search Order ), and enter the DNS provided by your ISP. 22[...]

  • Page 26

    PC Configuration Figure 17: Windows NT4.0 - DNS 23[...]

  • Page 27

    LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Ne twork and Dial-up Connect ion . 2. Right - click t he Local Area Connection icon and select Properties . You shoul d see a screen like the following : Figure 18: Network Configuration (Win 2000) 3. Select the TCP/IP protocol for your netw[...]

  • Page 28

    PC Configuration Figure 19: TCP/IP Properties (Win 2000) 5. Ensure your TCP/IP settings are correct , as described below. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatical ly . This is the default Windows setting. Using this is recommended . By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Res[...]

  • Page 29

    LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Net work Connection . 2. Right click t he Local Area Connection and choose Properties . You should see a screen like the following: Figure 20: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4. Click on t[...]

  • Page 30

    PC Configuration Figure 21: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatical ly . This is the default Windows setting. Using this is recommended . By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Restart your PC t o en[...]

  • Page 31

    LevelOne Broadband VPN Gateway User Guide Internet Access To configure your PCs to use the LevelOne Broadband VPN Gateway for Internet access: • Ensure that the DSL modem, Ca ble modem , or other permanent connect ion is functional. • Use the following procedure to configure y our Browser to access the Internet via the LAN, rather than by a Dia[...]

  • Page 32

    PC Configuration Macintosh Clients From your Macintosh, you can access the Internet via the LevelOne Broadband VPN Gateway. The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up m enu. 3. Select Using DHCP Server from the Confi gure pop-up menu. The DHC P Client ID fiel d can be left blank. 4.[...]

  • Page 33

    Chapter 5 Operation and Status This Chapter details the operation of the LevelOne Broadband VPN Gateway and the status screens. Operation Once both the LevelOne Broadband VPN Gateway and the PCs are configured, opera- tion is automatic. However, there are some situations where add iti onal Internet configurat ion may be required: • If using Inter[...]

  • Page 34

    Operation and Status Data - Status Screen Internet Connection Method This indicates the current connect ion method, as set in the Setup Wizard. Broadband Modem This shows the connection status of the m odem. Internet Connection Current connection status: • Active • Idle • Unknown • Failed If there is an error, you can click th e "Conne[...]

  • Page 35

    LevelOne Broadband VPN Gateway User Guide Connection Status - PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the "Connectio n Details" button is clicked. Figure 23: PPPoE Status Screen Data - PPPoE Screen Connection Physical Address The hardware address of this device, as seen by rem o[...]

  • Page 36

    Operation and Status Buttons Connect If not connected, establish a connect ion to your ISP. Disconnect If connected to your ISP, hang up the connection. Clear Log Delete all data currently in the Log . This will make it easier to read new messages. Refresh Update the data on screen. Connection Log Messages Message Description Connect on Demand Conn[...]

  • Page 37

    LevelOne Broadband VPN Gateway User Guide Connection Status - PPTP If using PPTP (Peer-to-Peer Tunne ling Protocol), a screen like the following example will be displayed when the "Connect ion Details" but ton is clicked. Figure 24: PPTP Status Screen Data - PPTP Screen Connection Physical Address The hardware address of this device, as s[...]

  • Page 38

    Operation and Status Clear Log Delete all data currently in the Log . This will make it easier to read new messages. Refresh Update the data on screen. Connection Status - Telstra Big Pond An example screen is shown below. Figure 25: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection Physical Address The hardware address of th[...]

  • Page 39

    LevelOne Broadband VPN Gateway User Guide Connection Log Connection Log • The Connection Log shows status m essages relating to the existing connection. • The Clear Log button will restart the Log, while the Refresh button will update the messages shown on screen. Buttons Connect If not connected, establish a connect ion to Telstra Big Pond. Di[...]

  • Page 40

    Operation and Status Default Gateway Th e IP Address of the remote Gatewa y or Router associated with the IP Address above. DNS IP Address The IP Address of the Domain Name Server which is currently used. DHCP Client This will show "Enabled" or "Disab led", depending on whether or not this device is funct ioning as a DHCP client[...]

  • Page 41

    LevelOne Broadband VPN Gateway User Guide Connection Details - Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the follo wing exam ple will be displayed when the "Connect ion Details" but ton is clicked. Figure 27: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address [...]

  • Page 42

    Operation and Status DHCP Server. • If an IP Address has been allocated to the LevelOne Broadband VPN Gateway (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connec- tion and release the IP Address. Refresh Update the data shown on screen. 39[...]

  • Page 43

    Chapter 6 Internet Features This Chapter explains when and how to use the LevelOne Broadband VPN Gateway's "Internet" Features. Overview The following advanced features are covered in this Chapter: • WAN Port • Advanced Internet • Communication Appli cations • Special Applications • DMZ • URL filter • Dynamic DNS • Vi[...]

  • Page 44

    Internet Features WAN Port Configuration Screen The WAN Port Configuration screen provides an alte rnative to using the Wizard. It can be accessed from the Internet m enu. An example screen i s shown below. Figure 28: WAN Port Screen Data - WAN Port Screen Identification Hostname Normally , there is no need to change the default nam e, but if your [...]

  • Page 45

    LevelOne Broadband VPN Gateway User Guide Specified IP Address Also called Static IP Address . Select this if your ISP has allocated you a fixed IP Address. If this option i s selected, the followi ng data must be entered. • IP Address . The IP Address allocated by the ISP. • Network Mask (Not required for PPPoE) This is also supplied by you r [...]

  • Page 46

    Internet Features MAC Address MAC Address Also called Network Adapter Address or Physical Address . This is a low-level identifier, as seen from the WAN po rt. Normally there is no need to change this, bu t som e ISPs require a particular value, often that of the PC initially used for Internet access. You can use the Copy from PC button to copy you[...]

  • Page 47

    LevelOne Broadband VPN Gateway User Guide Send incoming calls to This lists the PCs on your LAN. • If necessary, you can add PCs m anually, using the "PC Database" option on the advanced m enu. • For each application listed a bove, you can choose a destina- tion PC. • There is no need to "Save" af ter each change; you can [...]

  • Page 48

    Internet Features Incoming Ports • Type - Select the protocol (TCP or UDP) used when you receive data from the special application or service. (Note: Som e applications use different protocols for outgoi ng and incoming dat a). • Start - Enter the beginning of the range of port num bers used by the application server, for data you recei ve. If [...]

  • Page 49

    LevelOne Broadband VPN Gateway User Guide URL Filter The URL Filter allows you to block access to undesirable Web site • To use this feature, you must define "filter string s". If the "filter string" appears in a requested URL, the request is blocked. • Enabling the URL Filter also affects the Internet Access Log . If Enable[...]

  • Page 50

    Internet Features Dynamic DNS (Domain Name Server) This free service is very usef ul when combined with the Virtual Server feature. It allows Internet users to connect to your Vi rtual Serv ers using a URL, rather than an IP Address. This also solves the problem of having a dynami c IP address. With a dynamic IP address, y our IP address may change[...]

  • Page 51

    LevelOne Broadband VPN Gateway User Guide DDNS Data User Name Enter the "User name " specified at the www.dyndns.org Web site when you registered. Password Enter your current password for www.dyndns.org Domain Name • Enter your domai n name, as all ocated at www.dyndns.org. • The name should consis t only of lett ers and the hyphen (d[...]

  • Page 52

    Internet Features Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Norm ally, Internet users would not be able to access a server on your LAN because: • Your Server does not have a valid external IP Address. • Attempts to connect to devices on your LAN are blocked by t he firewall in this devi ce[...]

  • Page 53

    LevelOne Broadband VPN Gateway User Guide Virtual Servers Screen The Virtual Servers screen is reached by the Virtual Servers link on the Internet m enu. An example screen is shown below. Figure 34: Virtual Servers Screen This screen lists a num ber of pre-defined Serv ers,. providing a qui ck and convenient me thod to set up the comm on server typ[...]

  • Page 54

    Internet Features It is more convenient if you are using a Fixed IP Address from your ISP, rather than Dynam ic. However, you can use the Dynamic DNS feature, described in the followi ng section, to allow users to connect to your Virtual Servers usi ng a URL, rather than an IP Address. Internet Options This screen allows advanced users to enter or [...]

  • Page 55

    Chapter 7 Security Configuration This Chapter explains the settings ava ilable via the security configuration section of the "Security " menu. Overview The following advanced configurations are provi ded. • Access Control • Firewall Rules • Logs • Security Options • Scheduling • Services 52[...]

  • Page 56

    Security Configuration Access Control This feature is accessed by the Access Control link on the Securi ty menu. The Access Control feature allows administrators to restrict the level of Internet Access avail- able to PCs on your LAN. With the default se ttings, everyone has unrestricted Internet access. To use this feature: 1. Set the desired rest[...]

  • Page 57

    LevelOne Broadband VPN Gateway User Guide "Members" Button Click this but ton to add or remove m em bers from the current Group. • If the current group is "Default", t hen mem bers can not be added or deleted. This group contai ns PCs not allocated to any other group. • To remove PCs from the Default Group, assign them to an[...]

  • Page 58

    Security Configuration Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Figure 37: Group Members Use this screen to add or remove m em bers (PCs) from the current group. • The "Del >>" butto n will remove the selected PC (in the Members list) from the current group. •[...]

  • Page 59

    LevelOne Broadband VPN Gateway User Guide Firewall Rules For normal operati on and LAN protection, it i s not necessary to use this screen. The Firewall will always block DoS (Denial of Serv ice) attacks. A DoS attack does not attempt to steal data or dam age your PCs, but overloads y our Internet connection so you can not use it - the service is u[...]

  • Page 60

    Security Configuration Data For each rule, the following data is shown: • Name - The name you assigned t o the rule. • Source - The traffic covered by this rule, defi ned by the source IP address. If the IP address is follo wed by ... this indicates there is range of IP addresses, rather than a single address. • Destination - The traffic cove[...]

  • Page 61

    LevelOne Broadband VPN Gateway User Guide Firewall Rule Clicking the "Add" but ton in the Firewall Rules screen will display a screen like the ex am ple below. Figure 39: Firewall Rule Data - Firewall Rule Screen Name Enter a suitable name for this rule. Type This determines the source and destin ation ports for traffic covered by this ru[...]

  • Page 62

    Security Configuration Dest IP These settings determ ine which traffic, based on their dest ination IP address, is covered by this rule. Select the desired option: • Any - All traffic from the source port is covered b y this rule. • Single address - Enter the required IP address in the "St art IP address" field". You can ignore t[...]

  • Page 63

    LevelOne Broadband VPN Gateway User Guide Logs The Logs record various types of activity on the LevelOne Broadband VPN Gateway. Thi s data is useful for troubleshooti ng, but enabling all logs will ge nerate a large amount of data and adversely affect performance. Since only a lim ited am ount of log data can be stored in t he LevelOne Broadband VP[...]

  • Page 64

    Security Configuration E-Mail Logs Send E-mail alert If enabled, an E-mail will be sent immediately if a DoS (Denial of Service) attack is detected. If enabled, the E-mail address infor- mation m ust be provided. E-mail Logs You can choose to have the logs E-mailed to you, by enabl ing either or both checkboxes. If enab led, the Log will send to th[...]

  • Page 65

    LevelOne Broadband VPN Gateway User Guide Security Options This screen allows you to set Firewall and other security-related options. Figure 41: Security Options Screen Data - Security Options Screen SPI Firew all Enable DoS Firewall If enabled, DoS (Denial of Serv ice) attacks will be detected and blocked. The default is enabled. It is strongly re[...]

  • Page 66

    Security Configuration Options Respond to ICMP The ICMP protocol is used by the "ping" and "trace route" programs, and by network moni toring and diagnostic programs. • If checked, the LevelOne Broadband VPN Gateway will respond to ICMP packets received from the Internet. • If not checked, ICMP packets from the Internet will[...]

  • Page 67

    LevelOne Broadband VPN Gateway User Guide Scheduling • This schedule can be (optionall y) applied to any Access C ontrol Group. • Blocking will be performed dur ing the scheduled time (between the "Start" and "Finish" times.) • Two (2) separate sessions or periods can be defined. • Times m ust be entered using a 24 hr cl[...]

  • Page 68

    Security Configuration Services Services are used in defining traffic to be bl ocked or allowed by the Access Control or Fire- wall Rules features. Many comm on Services are pre-defined, but you can al so define your own services if required. To view the Services screen, select the Services link on the Securit y menu. Figure 43: Services Screen Dat[...]

  • Page 69

    LevelOne Broadband VPN Gateway User Guide Cancel Clear the " Add New Service " area, ready for entering data for a new Service. 66[...]

  • Page 70

    Chapter 8 VPN This Chapter describes the VPN c apabilities and configuration required for common situations. Overview This section describes the VPN (Virtual Pri vat e Network) support provided by y our LevelOne Broadband VPN Gateway. A VPN (Virtual Private Network) provides a secure connect ion between 2 points, over an insecure network - typicall[...]

  • Page 71

    LevelOne Broadband VPN Gateway User Guide • Phase I is the negotiati on and establishm ent of the IKE connection. • Phase II is the negotiation and est ablishm ent of the IPsec connection. Because the IKE and IPsec connections are separa te, they have different SAs (security associa- tions). Policies VPN configuration settings are st ored in Po[...]

  • Page 72

    VPN Common VPN Situations VPN Pass-through Figure 44: VPN Pass-through Here, a PC on the LAN behind the Router/Gat eway is using VPN software, but the Router/Gateway is NOT acting as a VPN endpoint. It is onl y allowing the VPN connect ion. • The PC software can use any VPN protocol supporte d by the remote VPN. • The remote VPN Server m ust su[...]

  • Page 73

    LevelOne Broadband VPN Gateway User Guide Connecting 2 LANs via VPN Figure 46: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. • The 2 LANs MUST use different IP address ranges. • The VPN Policies at each end determine when a VPN tunnel will be established, and what [...]

  • Page 74

    VPN VPN Policies This section covers the configurati on re quired on the LevelOne Broadband VPN Gate way when using Manual Key Exchange (Manual Policies) or IKE (Autom atic Pol icies). Details of using Certificates are cov ered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu. This screen lists all [...]

  • Page 75

    LevelOne Broadband VPN Gateway User Guide Move There are 2 ways to change the order of policies: • Use the up and down indicators on the right t o move the selected row. You must confirm your changes by cli cking "OK". If you change your mind before cl icking "OK", click "Cancel" to reverse your changes. • Click &q[...]

  • Page 76

    VPN Figure 49: VPN Wizard - General General Settings Policy Name Enter a suitable name. This name is not supplied to the remote VPN. It is used only to help you m anage the policie s. Enable Policy Enable or disable the policy as re quired. For each remote VPN, only 1 policy can be enabled at any time. Remote VPN Endpoint The Internet IP address of[...]

  • Page 77

    LevelOne Broadband VPN Gateway User Guide Figure 50: VPN Wizard - Traffic Selector • For outgoing VPN conn ections, these settings determine which traffic will cause a VPN tunnel to be created, and which tra ffic will be sent through the tunnel. • For incoming VPN connecti ons, these settings determ ine which system s on your local LAN will be [...]

  • Page 78

    VPN Remote IP addresses Type • Single address - enter an IP address in the "Start IP address" field. • Range address - enter the starting IP address in the "Start IP address" field, and the finish IP address in the "Finis h IP ad- dress" field. • Subnet address - enter the desired IP address in the "Start IP[...]

  • Page 79

    LevelOne Broadband VPN Gateway User Guide These settings must match t he remote VPN. Note that you cannot use both AH and ESP. Manually assigned Key s AH Authentication AH (Authentication Header) specifi es the authenticat ion protocol for the VPN header, if used. (AH is often NOT used) If AH is not enabled, the foll owing settings can be ignored. [...]

  • Page 80

    VPN • Click "Next" to view the final screen. • On the final screen, click "Finish " to save your settings, then "Close" to exit the Wizard. IKE Phase 1 If you selected IKE , the following screen is displayed after th e Traffic Selector screen. Figure 52: VPN Wizard - IKE Phase 1 IKE Phase 1 (IKE SA) Direction Selec[...]

  • Page 81

    LevelOne Broadband VPN Gateway User Guide IKE Exchange Mode Select the desired option, and ensure the rem ote VPN endpoint uses the same mode. Main Mode provides iden tity protection for the hosts initiating the IPSec session, but take s slightly longer to complete. Aggressive Mode pr ovides no identity protection, b ut is quicker. IKE SA Life Time[...]

  • Page 82

    VPN ESP Encryption ESP (Encapsulating Security Payload) provides security for t he payload (data) sent through the VPN tunnel. Generally, you will want to enable both ESP Encrypti on and ESP Authentication. Select the desired m ethod, and ensure the remote VPN endpoint uses the same m ethod. The "3DES" algorithm provides greater security [...]

  • Page 83

    LevelOne Broadband VPN Gateway User Guide Certificates Certificates are used to authen ticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificat e to itself. This Certificate is required in order to v alidate communication wi[...]

  • Page 84

    VPN Adding a Trusted Certificate 1. After obtaining a new Cert ificate from the CA, you need to upload it t o the LevelOne Broadband VPN Gateway. 2. On the "Certificates" scr een, click the "Add Trusted Certificate" button to view the Add Trusted Certificate screen, shown below. Figure 55: Add Trusted Certificate 3. Click the &q[...]

  • Page 85

    LevelOne Broadband VPN Gateway User Guide Subject Name This is the name which other or ganizations will see as the Holder (owner) of this Certi ficate. This should be your registered business name or offi cial company nam e. Gener- ally, all Certi ficates should have the same val ue in the Subject field. Hash Algorithm Select the desired option. Si[...]

  • Page 86

    VPN Figure 58: Add Self Certificate (3) 8. Upload the Certificate: • Click the "Browse" button, and locat e the certificate file on your PC • Select th e file. The name will appear in the "Certificate File" field. • Click "Upload" to upload the certificate file t o the LevelOne Broadband VPN Gate- way. • Click [...]

  • Page 87

    LevelOne Broadband VPN Gateway User Guide CRLs CRLs are only necessary if using Certificates. CRL (Certificat e Revocation List) fil es show Certificates whi ch have been revoked, and are no longer valid. Each CA issues their own C RLs. It is VERY IMPORTANT to keep your CRLs up- to-date. You need to obtain the CRL for each CA regularly. The "N[...]

  • Page 88

    VPN VPN Status This screens lists all VPN SAs (Security Association) wh ich exist at the current time. • If no VPN tunnels exist at the current time, the table will be empty. • To update the display, cli ck the "Refresh" button. • If using IKE, there is one SA for the IKE connection, and anot her SA for the IPSec connection. • For[...]

  • Page 89

    LevelOne Broadband VPN Gateway User Guide Examples This section describes som e examples of using the LevelOne Broadband VPN Gateway i n comm on VPN situations. Example 1: Connecting 2 LevelOne Broadband VPN Gateways In this example, 2 LANs are connected via VPN. Figure 62: Connecting 2 LevelOne Broadband VPN Gatew ays Note • The LANs MUST use di[...]

  • Page 90

    VPN IKE Authentication method Pre-shared Key Pre-shared Key Certificates are not widely used. Pre-shared Key Xxxxxxxxxx Xxxxxxxxxx Must ma tch IKE Authentication algorithm MD5 MD5 Mu st match IKE Encryption DES DES Must m atch IKE Exchange mode Main Mode Main Mode Must match DH Group Group 1 (768 bit) Group 1 (768 bit) Must ma tch IKE SA Life tim e[...]

  • Page 91

    LevelOne Broadband VPN Gateway User Guide Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP cl ient connects to the LevelOne Broadband VPN Gate- way and gains access to the local LAN. Figure 63: Windows 2000/XP Client to Level One Broadband VPN Gateway To use 3DES encryption, y ou need Service Pack 3 or later installed on [...]

  • Page 92

    VPN DH Group Group 1 (768 bit) Must mat ch client PC IKE SA Life tim e 28800 Does not have to match client PC. Shorter period will be used. IKE PFS Disable Must match client PC IPSec SA Parameters IPSec SA Life time 28800 Do not have to match. Shorter period will be used. IPSec PFS Disable Must match client PC AH authentication Disabled AH is rarel[...]

  • Page 93

    LevelOne Broadband VPN Gateway User Guide Figure 65: Windows 2000/XP - Policy Properties • Note that no rules are in use. Two 2 rules are required - incom ing and outgoing. • Th e outgoing rule will be added first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" to view the screen bel ow. Figure 66: IP Filter Lis[...]

  • Page 94

    VPN Figure 67: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address . • Sin ce this is the outing filter, the Source IP address is "My IP address" and the Desti- nation IP address is the address range used on the rem ote LAN. • Ensure the Mirrored option is checked. 9. Click "OK" to sav[...]

  • Page 95

    LevelOne Broadband VPN Gateway User Guide Figure 69: New Rule Properties: Filter Action 11. Select Require Security , then click the "Edit" button, to view the Requi re Security Proper- ties screen. Figure 70: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add". 92[...]

  • Page 96

    VPN Figure 71: Modify Security Method 13. On the resulting screen (above), select High [ ESP] then click "OK" to save your changes and return to the Require Security Properties screen. Figure 72: Require Security Properties 14. Ensure the follo wing settings are correct, then click "OK" to return to th e Filter Action tab of the[...]

  • Page 97

    LevelOne Broadband VPN Gateway User Guide 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP ad- dress . Enter the WAN (Internet) IP address of the LevelOne Broadband VPN Gateway, as shown below. Figure 73: Tunnel Setting 16. Click the Authenticati on Methods tab, then click the "Edit" to see the scr[...]

  • Page 98

    VPN 19. Click "Close" to retu rn to the DUT to Win2K properti es screen . The "To DUT" filter should now be listed, as shown bel ow. Figure 75: Windows 2000/XP Client to Level One Broadband VPN Gateway 20. To add the second (outgoing) rule, cli ck "Add". For the name, ent er "To Win2K", then click "Add&q[...]

  • Page 99

    LevelOne Broadband VPN Gateway User Guide Figure 77: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Cl o se". Figure 78: Filter List 23. Ensure the "To W in2K" filter is selected, then click the Filter Action tab. 96[...]

  • Page 100

    VPN Figure 79: Filter Action 24. Select Require Security , then click "Edit". On the Require Security Methods screen below, select Negotiate security . Figure 80: Security Methods 25. Click the "Add" butt on. On the resulting Modify Security Method screen below, select High [ESP] . 97[...]

  • Page 101

    LevelOne Broadband VPN Gateway User Guide Figure 81: Modify Security Method 26. Click "OK" to save you r changes, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and en ter the WAN (Internet) IP address of this PC (172.10..9.10 in this exam ple). Figure 82: Tunnel Setting 28. Selec[...]

  • Page 102

    VPN Figure 83: Authentication Method 29. Select Use this string to protect the key exchange (preshared key) , then enter your pre- shared key in the field provided. 30. Click "OK" to save you r settings, then "Close" to return to th e DUT to Win2K Properties screen. There should now be 2 IP Filers list ed, as shown below. Figure[...]

  • Page 103

    LevelOne Broadband VPN Gateway User Guide Figure 85: Properties - General Tab 32. Click the "Advanced" button to see t he screen below. Figure 86: Key Exchange Settings 33. Click the "Methods" butt on to see the screen below. 100[...]

  • Page 104

    VPN Figure 87: Key Exchange Security Methods 34. Select the first entry, and click the "Edit" button to see the followin g screen. Figure 88: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm , "3DES" for Encryption algorithm , and "Low(1)" for the Diffie-Hellman Group . 36. Click "OK&quo[...]

  • Page 105

    LevelOne Broadband VPN Gateway User Guide Example 3: Windows 2000 Server to VPN Gatew ay In this example, a Windows 2000 Server connects t o the LevelOne B roadband VPN Gateway. Users on each LAN can then gain access to the remote LAN. Figure 90: LevelOne Broadband VPN Gateway to Wi ndows 2000 Server LevelOne Broadband VPN Gateway Configuration Thi[...]

  • Page 106

    VPN Windows 2000 Server Configuration Configuration is t he same as for Example 2: Window s 2000/XP Client t o except for specifying the Source and Destination ad dresses for the "Filter Properties". Instead, for both IP Filters, the Filter Properties- Addressing should be completed as follows. Figure 91: Windows 2000 Server - Addressing [...]

  • Page 107

    Chapter 9 Other Features and Settings This Chapter explains the screens and settings available via the "Other" menu. Overview Normally, it is not necessary to use these scr eens, or change any settings. These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users. The sc[...]

  • Page 108

    Other Features and Settings PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It elimi- nates the need to enter IP addresses. Also, y ou do not need to use fixed IP addresses on your LAN. PC Database Screen An example PC Data base screen is shown below. Figure 92: PC Database • PCs which are &[...]

  • Page 109

    LevelOne Broadband VPN Gateway User Guide Data - PC Database Screen Known PCs This lists all current entries. Data displayed is name (IP Address) type . The "type" indicates whether the PC is connected to the LAN. Name If adding a new PC to the list, en ter its nam e here. It is best if this matches the PC's "hostname". IP [...]

  • Page 110

    Other Features and Settings PC Database (Admin) This screen is display ed if the "Advanced Admi nistration" button on t h e PC Database is clicked. It provides m ore control than the standard PC Database screen. Figure 93: PC Database (Admin) Data - PC Database ( Admin) Screen Known PCs This lists all current entries. Data displayed is na[...]

  • Page 111

    LevelOne Broadband VPN Gateway User Guide MAC Address Select the appropriate option • Automatic discovery - Select this to have the LevelOne Broad- band VPN Gateway contact the PC and fi nd its MAC address. This is only possibl e if the PC is connected to the LAN and pow- ered On. • MAC is - Enter the MAC address on the PC. The MAC address is a[...]

  • Page 112

    Other Features and Settings Remote Administration This feature allows you to m anage the Leve lOne Broadband VPN Gateway via the Internet. Figure 94: Remote Administration Screen Data - Remote Administration Screen Remote Administration Enable Remote Administration Enable to allow administration via the Internet. If Disab led, this device will igno[...]

  • Page 113

    LevelOne Broadband VPN Gateway User Guide Routing Overview • If you don't have other Routers or Gateway s on your LAN, you can ignore the "Routing" page completely. • If the LevelOne Broadband VPN Gateway is onl y acting as a Gateway for the local LAN segment, ignore the "R outing" page even if your LAN has other Rout e[...]

  • Page 114

    Other Features and Settings Figure 95: Routing Screen Data - Routing Screen RIP Enable RIP Check this t o enable the RIP (Routing Inform ation Protocol) feature of the LevelOne Broadband VPN Gateway. The LevelOne Broadband VPN Gateway supports R IP 1 only. Static Routing Static Routing Table Entries This list shows all entries in th e Routing Table[...]

  • Page 115

    LevelOne Broadband VPN Gateway User Guide Add Add a new entry to the Stati c Routing table, usi ng the data shown in the "Properties" area on screen. Th e entry selected in the list is ignored, and has no effect. Update Update the current St atic Routing Table entry, using the data shown in the "Properties" area on screen. Delet[...]

  • Page 116

    Other Features and Settings Static Routing - Example Figure 96: Routing Example For the LevelOne Broadband VPN Gateway 's Routing Table For the LAN shown above, with 2 routers a nd 3 LAN segm ents, the LevelOne Broadband VPN Gateway requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address 192.168.1.0 Network Mask 255.255.255.0[...]

  • Page 117

    LevelOne Broadband VPN Gateway User Guide Upgrade Firmware The firmware (software) in the LevelOne B roadband VPN Gateway can be upgraded using your Web Browser. You must first downl oad the upgrade file, then select Upgrade on the Other menu. You will see a screen like the following. Figure 97: Upgrade Firmware Screen To perform the Firmware Upgra[...]

  • Page 118

    Other Features and Settings UPnP An example UPnP screen is shown bel ow. Figure 98: UPNP Screen Data - UPNP Screen UPnP Enable UPnP Services • UPnP (Universal Plug and Play) allows autom atic discovery and configuration of equipm ent attached to your LAN. UPnP is by supported by Windows ME, XP, or la ter. • If Enabled, th is device will be visi[...]

  • Page 119

    116 A Appendix A T roubleshooting This Appendix covers the most likely probl ems and their solutions. Overview This chapter covers some comm on problems that m ay be encountered while using the Leve- lOne Broadband VPN Gateway and som e possible solutions to them. If you fol low the suggested steps and the LevelOne Broadband VPN Gateway still does [...]

  • Page 120

    Appendix A - Troubleshooting check your Internet connection (DSL/C able modem etc) to see that it is working correctly. Problem 2: Some applications do not run properly when using the LevelOne Broadband VPN Gateway. Solution 2: The LevelOne Broadband VPN Gateway processes the data passing through it, so it is not transparent. Use the Special Applic[...]

  • Page 121

    118 B Appendix B Specifications LevelOne Broadband VPN Gateway Model FBR-1404TX Dimensions 141mm(W) * 100m m(D) * 27mm(H) Operating Temperature 0 ° C to 40 ° C Storage Temperature -10 ° C to 70 ° C Network Protocol: TCP/IP Network Interface: 5 Ethernet: 4 * 10/100BaseT (RJ45) LAN connection 1 * 10/100BaseT (RJ45) for WAN LEDs 11 Power Adapter 1[...]

  • Page 122

    Appendix B - Specifications FCC Radiation Exposure Statement This equipment complies with FCC RF radiat ion exposure limits set forth for an uncontrol led environment. Thi s equipment shoul d be installed and operated with a mi nimum distance of 20 centimeters bet w een the radiat or and your body. This device complies with Part 15 of th e FCC Rule[...]