Go to page of
Similar user manuals
-
Switch
LevelOne GSW-2600TXM
200 pages 3.33 mb -
Switch
LevelOne GSW-1601TX
40 pages 0.26 mb -
Switch
LevelOne GSW-2474T
41 pages 0.56 mb -
Switch
LevelOne GSW-2692
390 pages 4.82 mb -
Switch
LevelOne FSW-2410TX
23 pages 0.12 mb -
Switch
LevelOne FSW-0512
2 pages 0.09 mb -
Switch
LevelOne IFE-0500
21 pages 0.46 mb -
Switch
LevelOne VOI-9300
61 pages 2.02 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of LevelOne FBR-1404TX, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of LevelOne FBR-1404TX one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of LevelOne FBR-1404TX. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of LevelOne FBR-1404TX should contain:
- informations concerning technical data of LevelOne FBR-1404TX
- name of the manufacturer and a year of construction of the LevelOne FBR-1404TX item
- rules of operation, control and maintenance of the LevelOne FBR-1404TX item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of LevelOne FBR-1404TX alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of LevelOne FBR-1404TX, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the LevelOne service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of LevelOne FBR-1404TX.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the LevelOne FBR-1404TX item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
LevelOne FBR-1404TX Broadband VPN Gateway w/ 4-port Switch User’s Manual Version:1.1[...]
-
Page 2
Table of Contents CHAPTER 1 INTRODUCTION ............................................................................................. 1 LevelOne Broadband VPN Gateway Features ............................................................... 1 Package Contents ..........................................................................................[...]
-
Page 3
Certificates ................................................................................................................... .... 80 CRLs ........................................................................................................................... ...... 84 VPN Status ...............................................................[...]
-
Page 4
Chapter 1 Introduction This Chapter provides an overview of the LevelOne Broadband VPN Gate- way's features and capabilities. Congratulations on the purchase of y our new LevelOne Broadband VPN Gateway. The Leve- lOne Broadband VPN Gateway is a m ulti-func tion device providing t he following services: • Shared Broadband Internet Access for [...]
-
Page 5
LevelOne Broadband VPN Gateway User Guide Advanced Internet Functions • Communication Applications. Support for Internet com municat ion applications, such as interactive Gam es, Telephony, and Conferencing appl ications, which are often di fficult to use when behind a Firewall, is i ncluded. • Special Internet Applications. Applications which [...]
-
Page 6
Introduction • Protection against DoS attacks. DoS (Denial of Service) attacks can flood y our Internet connection with invalid packets a nd connection requests, usi ng so much band- width and so many resources that Internet access becom es unavailable. The LevelOne Broadband VPN Gateway incorporates protect ion against DoS attacks. • Rule-base[...]
-
Page 7
LevelOne Broadband VPN Gateway User Guide Physical Details Front-mounted LEDs Figure 2: Front Panel Power (Green) On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. LAN For each port, there are 2 LEDs • Link/Act (Green) • On - Corresponding LAN (hub) port is acti[...]
-
Page 8
Introduction Rear Panel Figure 3: Rear Panel Reset Button This button has two (2) functi ons: • Reboot . When pressed and released, the LevelOne Broadband VPN Gateway will reboot (restart). • Clear All Data . This button can also be used to clear ALL data and restore ALL settings to the factory defaul t values. To Clear All Data and resto re th[...]
-
Page 9
Chapter 2 Installation This Chapter covers the physical installation of the LevelOne Broadband VPN Gateway. Requirements • Network cables. Use standard 10/100BaseT network (UTP) cables wit h RJ45 connectors. • TCP/IP protocol m ust be installed on all PCs. • For Internet Access, an Internet Access account with an ISP, and either of a DSL or C[...]
-
Page 10
Installation required. Just connect any LAN port to a norm al port on the ot her hub, using a standard LAN cable. 3. Connect WAN Cable Connect the DSL or Cable m odem to t he WAN port on the LevelOne Broadband VPN Gateway. Use the cable suppli ed with your DSL/Cabl e modem . If no cable was supplied, use a standard cable. 4. Power Up • Power on t[...]
-
Page 11
Chapter 3 Setup This Chapter provides Setup deta ils of the LevelOne Broadband VPN Gate- way. Overview This chapter describes the setup procedure for: • Internet Access • LAN configuration PCs on your local LAN m ay also require configurati on. For details, see Chapter 4 - PC Con- figuration . Other configuration m ay also be required, de pendi[...]
-
Page 12
Setup Configure or use any of the followi ng: • Config File backup/restore • PC Database • Remo te Ad min • Routing (RIP and stat ic Routing) • Upgrade Firmware • UPnP Chapter 9: Other Features and Settings Where use of a certain feature requires that PCs or other LAN devices be configured, this is also explained in the relevant chapter[...]
-
Page 13
LevelOne Broadband VPN Gateway User Guide Using your Web Browser To establish a connection from your PC to t he LevelOne Broadband VPN Gateway: 1. After installing t he LevelOne Broadband VPN Gateway in your LAN, st art your PC. If your PC is already runni ng, restart it. 2. Start your WEB browser. 3. In the Address box, enter "HTTP://" a[...]
-
Page 14
Setup Setup Wizard The first time you connect to the LevelOne Bro adband VPN Gateway, the Setup Wizard will run automatically. (The Setup Wizard will also ru n if the LevelOne Broadband VPN Gate- way's default sett ing are restored.) 1. Step through the Wizard until finished. • You need to know the type of Internet connection service used by[...]
-
Page 15
LevelOne Broadband VPN Gateway User Guide PPPoE You connect to the ISP only when required. The IP address is usually allocated auto m ati- cally. User name and password. PPTP Mainly used in Europe. You connect to the ISP only when required. The IP address is usually allocated auto m ati- cally, but may be Static (Fixed). • PPTP Server IP Address.[...]
-
Page 16
Setup Home Screen After finishing or exitin g the Setup Wizard, you will see the Home screen. When you connect in future, you will see this sc reen when you connect. An example screen is shown below. Figure 6: Home Screen Navigation & Data Input • Use the menu bar on the top of t he screen, and the "Back" button on your Browser, for[...]
-
Page 17
LevelOne Broadband VPN Gateway User Guide LAN Screen Use the LAN link on the main m enu to reach the LAN screen. An example screen is shown below. Figure 7: LAN Screen Data - LAN Screen TCP/IP IP Address IP address for the LevelOne Broa dband VPN Gateway, as seen from the local LAN. Use the default valu e unless the address is already in use or you[...]
-
Page 18
Setup DHCP What DHCP Does A DHCP (Dynami c Host Configuration Prot ocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request. • The client request is ma de when the client device start s up (boots). • The DHCP Server provides the Gateway and DNS addresses to the clien t, as well as allocating an IP Address. • The [...]
-
Page 19
LevelOne Broadband VPN Gateway User Guide Password Screen The Admin Login screen all ows you to assign a user nam e and password to the LevelOne Broadband VPN Gateway. Figure 8: Password Screen 1. The default login nam e is "admi n". Change this to the desired value. 2. The default password is blank (no password). Enter t he desired passw[...]
-
Page 20
Chapter 4 PC Configuration This Chapter detail s the PC Configurat ion required on the local ( "Internal") LAN. Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration Windows Clients This section describes how to configure Windows clients for In ternet access via the Le[...]
-
Page 21
LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Net work . You should see a screen like t he following: Figure 10: Network Configuration 2. Select the TCP/IP protocol for your network card. 3. Click on the Properti es button. You should then see a screen li ke the following. Figure 11: I[...]
-
Page 22
PC Configuration • On the Gateway tab, enter the LevelOne Broadband VPN Gateway 's IP address in the New Gateway field and click Add , as shown below. Your LAN adm inistrator can advise you of the IP Address they assigned to the LevelOne Broadband VPN Gat eway. Figure 12: Gateway Tab (Win 95/98) • On the DNS Configurati on tab, ensure Enab[...]
-
Page 23
LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Net work , and, on the Protocols tab, select the TCP/IP prot ocol, as shown below. Figure 14: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below. 20[...]
-
Page 24
PC Configuration Figure 15: Windows NT4.0 - IP Address 3. Select the network card for your LAN. 4. Select the appropriate radi o button - Obtain an IP address from a DHC P Server or Specify an IP Address , as explained below. Obtain an IP address from a DHCP Server This is the default Windows setting. Using this is recommended . By default, the Lev[...]
-
Page 25
LevelOne Broadband VPN Gateway User Guide Figure 16 - Windows NT4.0 - Add Gateway 2. The DNS should be set to the address provided by y our ISP, as follows: • Click the DNS tab. • On the DNS screen, shown below, click the Add button (under DNS Service Search Order ), and enter the DNS provided by your ISP. 22[...]
-
Page 26
PC Configuration Figure 17: Windows NT4.0 - DNS 23[...]
-
Page 27
LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Ne twork and Dial-up Connect ion . 2. Right - click t he Local Area Connection icon and select Properties . You shoul d see a screen like the following : Figure 18: Network Configuration (Win 2000) 3. Select the TCP/IP protocol for your netw[...]
-
Page 28
PC Configuration Figure 19: TCP/IP Properties (Win 2000) 5. Ensure your TCP/IP settings are correct , as described below. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatical ly . This is the default Windows setting. Using this is recommended . By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Res[...]
-
Page 29
LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Net work Connection . 2. Right click t he Local Area Connection and choose Properties . You should see a screen like the following: Figure 20: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4. Click on t[...]
-
Page 30
PC Configuration Figure 21: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatical ly . This is the default Windows setting. Using this is recommended . By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Restart your PC t o en[...]
-
Page 31
LevelOne Broadband VPN Gateway User Guide Internet Access To configure your PCs to use the LevelOne Broadband VPN Gateway for Internet access: • Ensure that the DSL modem, Ca ble modem , or other permanent connect ion is functional. • Use the following procedure to configure y our Browser to access the Internet via the LAN, rather than by a Dia[...]
-
Page 32
PC Configuration Macintosh Clients From your Macintosh, you can access the Internet via the LevelOne Broadband VPN Gateway. The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up m enu. 3. Select Using DHCP Server from the Confi gure pop-up menu. The DHC P Client ID fiel d can be left blank. 4.[...]
-
Page 33
Chapter 5 Operation and Status This Chapter details the operation of the LevelOne Broadband VPN Gateway and the status screens. Operation Once both the LevelOne Broadband VPN Gateway and the PCs are configured, opera- tion is automatic. However, there are some situations where add iti onal Internet configurat ion may be required: • If using Inter[...]
-
Page 34
Operation and Status Data - Status Screen Internet Connection Method This indicates the current connect ion method, as set in the Setup Wizard. Broadband Modem This shows the connection status of the m odem. Internet Connection Current connection status: • Active • Idle • Unknown • Failed If there is an error, you can click th e "Conne[...]
-
Page 35
LevelOne Broadband VPN Gateway User Guide Connection Status - PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the "Connectio n Details" button is clicked. Figure 23: PPPoE Status Screen Data - PPPoE Screen Connection Physical Address The hardware address of this device, as seen by rem o[...]
-
Page 36
Operation and Status Buttons Connect If not connected, establish a connect ion to your ISP. Disconnect If connected to your ISP, hang up the connection. Clear Log Delete all data currently in the Log . This will make it easier to read new messages. Refresh Update the data on screen. Connection Log Messages Message Description Connect on Demand Conn[...]
-
Page 37
LevelOne Broadband VPN Gateway User Guide Connection Status - PPTP If using PPTP (Peer-to-Peer Tunne ling Protocol), a screen like the following example will be displayed when the "Connect ion Details" but ton is clicked. Figure 24: PPTP Status Screen Data - PPTP Screen Connection Physical Address The hardware address of this device, as s[...]
-
Page 38
Operation and Status Clear Log Delete all data currently in the Log . This will make it easier to read new messages. Refresh Update the data on screen. Connection Status - Telstra Big Pond An example screen is shown below. Figure 25: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection Physical Address The hardware address of th[...]
-
Page 39
LevelOne Broadband VPN Gateway User Guide Connection Log Connection Log • The Connection Log shows status m essages relating to the existing connection. • The Clear Log button will restart the Log, while the Refresh button will update the messages shown on screen. Buttons Connect If not connected, establish a connect ion to Telstra Big Pond. Di[...]
-
Page 40
Operation and Status Default Gateway Th e IP Address of the remote Gatewa y or Router associated with the IP Address above. DNS IP Address The IP Address of the Domain Name Server which is currently used. DHCP Client This will show "Enabled" or "Disab led", depending on whether or not this device is funct ioning as a DHCP client[...]
-
Page 41
LevelOne Broadband VPN Gateway User Guide Connection Details - Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the follo wing exam ple will be displayed when the "Connect ion Details" but ton is clicked. Figure 27: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address [...]
-
Page 42
Operation and Status DHCP Server. • If an IP Address has been allocated to the LevelOne Broadband VPN Gateway (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connec- tion and release the IP Address. Refresh Update the data shown on screen. 39[...]
-
Page 43
Chapter 6 Internet Features This Chapter explains when and how to use the LevelOne Broadband VPN Gateway's "Internet" Features. Overview The following advanced features are covered in this Chapter: • WAN Port • Advanced Internet • Communication Appli cations • Special Applications • DMZ • URL filter • Dynamic DNS • Vi[...]
-
Page 44
Internet Features WAN Port Configuration Screen The WAN Port Configuration screen provides an alte rnative to using the Wizard. It can be accessed from the Internet m enu. An example screen i s shown below. Figure 28: WAN Port Screen Data - WAN Port Screen Identification Hostname Normally , there is no need to change the default nam e, but if your [...]
-
Page 45
LevelOne Broadband VPN Gateway User Guide Specified IP Address Also called Static IP Address . Select this if your ISP has allocated you a fixed IP Address. If this option i s selected, the followi ng data must be entered. • IP Address . The IP Address allocated by the ISP. • Network Mask (Not required for PPPoE) This is also supplied by you r [...]
-
Page 46
Internet Features MAC Address MAC Address Also called Network Adapter Address or Physical Address . This is a low-level identifier, as seen from the WAN po rt. Normally there is no need to change this, bu t som e ISPs require a particular value, often that of the PC initially used for Internet access. You can use the Copy from PC button to copy you[...]
-
Page 47
LevelOne Broadband VPN Gateway User Guide Send incoming calls to This lists the PCs on your LAN. • If necessary, you can add PCs m anually, using the "PC Database" option on the advanced m enu. • For each application listed a bove, you can choose a destina- tion PC. • There is no need to "Save" af ter each change; you can [...]
-
Page 48
Internet Features Incoming Ports • Type - Select the protocol (TCP or UDP) used when you receive data from the special application or service. (Note: Som e applications use different protocols for outgoi ng and incoming dat a). • Start - Enter the beginning of the range of port num bers used by the application server, for data you recei ve. If [...]
-
Page 49
LevelOne Broadband VPN Gateway User Guide URL Filter The URL Filter allows you to block access to undesirable Web site • To use this feature, you must define "filter string s". If the "filter string" appears in a requested URL, the request is blocked. • Enabling the URL Filter also affects the Internet Access Log . If Enable[...]
-
Page 50
Internet Features Dynamic DNS (Domain Name Server) This free service is very usef ul when combined with the Virtual Server feature. It allows Internet users to connect to your Vi rtual Serv ers using a URL, rather than an IP Address. This also solves the problem of having a dynami c IP address. With a dynamic IP address, y our IP address may change[...]
-
Page 51
LevelOne Broadband VPN Gateway User Guide DDNS Data User Name Enter the "User name " specified at the www.dyndns.org Web site when you registered. Password Enter your current password for www.dyndns.org Domain Name • Enter your domai n name, as all ocated at www.dyndns.org. • The name should consis t only of lett ers and the hyphen (d[...]
-
Page 52
Internet Features Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Norm ally, Internet users would not be able to access a server on your LAN because: • Your Server does not have a valid external IP Address. • Attempts to connect to devices on your LAN are blocked by t he firewall in this devi ce[...]
-
Page 53
LevelOne Broadband VPN Gateway User Guide Virtual Servers Screen The Virtual Servers screen is reached by the Virtual Servers link on the Internet m enu. An example screen is shown below. Figure 34: Virtual Servers Screen This screen lists a num ber of pre-defined Serv ers,. providing a qui ck and convenient me thod to set up the comm on server typ[...]
-
Page 54
Internet Features It is more convenient if you are using a Fixed IP Address from your ISP, rather than Dynam ic. However, you can use the Dynamic DNS feature, described in the followi ng section, to allow users to connect to your Virtual Servers usi ng a URL, rather than an IP Address. Internet Options This screen allows advanced users to enter or [...]
-
Page 55
Chapter 7 Security Configuration This Chapter explains the settings ava ilable via the security configuration section of the "Security " menu. Overview The following advanced configurations are provi ded. • Access Control • Firewall Rules • Logs • Security Options • Scheduling • Services 52[...]
-
Page 56
Security Configuration Access Control This feature is accessed by the Access Control link on the Securi ty menu. The Access Control feature allows administrators to restrict the level of Internet Access avail- able to PCs on your LAN. With the default se ttings, everyone has unrestricted Internet access. To use this feature: 1. Set the desired rest[...]
-
Page 57
LevelOne Broadband VPN Gateway User Guide "Members" Button Click this but ton to add or remove m em bers from the current Group. • If the current group is "Default", t hen mem bers can not be added or deleted. This group contai ns PCs not allocated to any other group. • To remove PCs from the Default Group, assign them to an[...]
-
Page 58
Security Configuration Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Figure 37: Group Members Use this screen to add or remove m em bers (PCs) from the current group. • The "Del >>" butto n will remove the selected PC (in the Members list) from the current group. •[...]
-
Page 59
LevelOne Broadband VPN Gateway User Guide Firewall Rules For normal operati on and LAN protection, it i s not necessary to use this screen. The Firewall will always block DoS (Denial of Serv ice) attacks. A DoS attack does not attempt to steal data or dam age your PCs, but overloads y our Internet connection so you can not use it - the service is u[...]
-
Page 60
Security Configuration Data For each rule, the following data is shown: • Name - The name you assigned t o the rule. • Source - The traffic covered by this rule, defi ned by the source IP address. If the IP address is follo wed by ... this indicates there is range of IP addresses, rather than a single address. • Destination - The traffic cove[...]
-
Page 61
LevelOne Broadband VPN Gateway User Guide Firewall Rule Clicking the "Add" but ton in the Firewall Rules screen will display a screen like the ex am ple below. Figure 39: Firewall Rule Data - Firewall Rule Screen Name Enter a suitable name for this rule. Type This determines the source and destin ation ports for traffic covered by this ru[...]
-
Page 62
Security Configuration Dest IP These settings determ ine which traffic, based on their dest ination IP address, is covered by this rule. Select the desired option: • Any - All traffic from the source port is covered b y this rule. • Single address - Enter the required IP address in the "St art IP address" field". You can ignore t[...]
-
Page 63
LevelOne Broadband VPN Gateway User Guide Logs The Logs record various types of activity on the LevelOne Broadband VPN Gateway. Thi s data is useful for troubleshooti ng, but enabling all logs will ge nerate a large amount of data and adversely affect performance. Since only a lim ited am ount of log data can be stored in t he LevelOne Broadband VP[...]
-
Page 64
Security Configuration E-Mail Logs Send E-mail alert If enabled, an E-mail will be sent immediately if a DoS (Denial of Service) attack is detected. If enabled, the E-mail address infor- mation m ust be provided. E-mail Logs You can choose to have the logs E-mailed to you, by enabl ing either or both checkboxes. If enab led, the Log will send to th[...]
-
Page 65
LevelOne Broadband VPN Gateway User Guide Security Options This screen allows you to set Firewall and other security-related options. Figure 41: Security Options Screen Data - Security Options Screen SPI Firew all Enable DoS Firewall If enabled, DoS (Denial of Serv ice) attacks will be detected and blocked. The default is enabled. It is strongly re[...]
-
Page 66
Security Configuration Options Respond to ICMP The ICMP protocol is used by the "ping" and "trace route" programs, and by network moni toring and diagnostic programs. • If checked, the LevelOne Broadband VPN Gateway will respond to ICMP packets received from the Internet. • If not checked, ICMP packets from the Internet will[...]
-
Page 67
LevelOne Broadband VPN Gateway User Guide Scheduling • This schedule can be (optionall y) applied to any Access C ontrol Group. • Blocking will be performed dur ing the scheduled time (between the "Start" and "Finish" times.) • Two (2) separate sessions or periods can be defined. • Times m ust be entered using a 24 hr cl[...]
-
Page 68
Security Configuration Services Services are used in defining traffic to be bl ocked or allowed by the Access Control or Fire- wall Rules features. Many comm on Services are pre-defined, but you can al so define your own services if required. To view the Services screen, select the Services link on the Securit y menu. Figure 43: Services Screen Dat[...]
-
Page 69
LevelOne Broadband VPN Gateway User Guide Cancel Clear the " Add New Service " area, ready for entering data for a new Service. 66[...]
-
Page 70
Chapter 8 VPN This Chapter describes the VPN c apabilities and configuration required for common situations. Overview This section describes the VPN (Virtual Pri vat e Network) support provided by y our LevelOne Broadband VPN Gateway. A VPN (Virtual Private Network) provides a secure connect ion between 2 points, over an insecure network - typicall[...]
-
Page 71
LevelOne Broadband VPN Gateway User Guide • Phase I is the negotiati on and establishm ent of the IKE connection. • Phase II is the negotiation and est ablishm ent of the IPsec connection. Because the IKE and IPsec connections are separa te, they have different SAs (security associa- tions). Policies VPN configuration settings are st ored in Po[...]
-
Page 72
VPN Common VPN Situations VPN Pass-through Figure 44: VPN Pass-through Here, a PC on the LAN behind the Router/Gat eway is using VPN software, but the Router/Gateway is NOT acting as a VPN endpoint. It is onl y allowing the VPN connect ion. • The PC software can use any VPN protocol supporte d by the remote VPN. • The remote VPN Server m ust su[...]
-
Page 73
LevelOne Broadband VPN Gateway User Guide Connecting 2 LANs via VPN Figure 46: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. • The 2 LANs MUST use different IP address ranges. • The VPN Policies at each end determine when a VPN tunnel will be established, and what [...]
-
Page 74
VPN VPN Policies This section covers the configurati on re quired on the LevelOne Broadband VPN Gate way when using Manual Key Exchange (Manual Policies) or IKE (Autom atic Pol icies). Details of using Certificates are cov ered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu. This screen lists all [...]
-
Page 75
LevelOne Broadband VPN Gateway User Guide Move There are 2 ways to change the order of policies: • Use the up and down indicators on the right t o move the selected row. You must confirm your changes by cli cking "OK". If you change your mind before cl icking "OK", click "Cancel" to reverse your changes. • Click &q[...]
-
Page 76
VPN Figure 49: VPN Wizard - General General Settings Policy Name Enter a suitable name. This name is not supplied to the remote VPN. It is used only to help you m anage the policie s. Enable Policy Enable or disable the policy as re quired. For each remote VPN, only 1 policy can be enabled at any time. Remote VPN Endpoint The Internet IP address of[...]
-
Page 77
LevelOne Broadband VPN Gateway User Guide Figure 50: VPN Wizard - Traffic Selector • For outgoing VPN conn ections, these settings determine which traffic will cause a VPN tunnel to be created, and which tra ffic will be sent through the tunnel. • For incoming VPN connecti ons, these settings determ ine which system s on your local LAN will be [...]
-
Page 78
VPN Remote IP addresses Type • Single address - enter an IP address in the "Start IP address" field. • Range address - enter the starting IP address in the "Start IP address" field, and the finish IP address in the "Finis h IP ad- dress" field. • Subnet address - enter the desired IP address in the "Start IP[...]
-
Page 79
LevelOne Broadband VPN Gateway User Guide These settings must match t he remote VPN. Note that you cannot use both AH and ESP. Manually assigned Key s AH Authentication AH (Authentication Header) specifi es the authenticat ion protocol for the VPN header, if used. (AH is often NOT used) If AH is not enabled, the foll owing settings can be ignored. [...]
-
Page 80
VPN • Click "Next" to view the final screen. • On the final screen, click "Finish " to save your settings, then "Close" to exit the Wizard. IKE Phase 1 If you selected IKE , the following screen is displayed after th e Traffic Selector screen. Figure 52: VPN Wizard - IKE Phase 1 IKE Phase 1 (IKE SA) Direction Selec[...]
-
Page 81
LevelOne Broadband VPN Gateway User Guide IKE Exchange Mode Select the desired option, and ensure the rem ote VPN endpoint uses the same mode. Main Mode provides iden tity protection for the hosts initiating the IPSec session, but take s slightly longer to complete. Aggressive Mode pr ovides no identity protection, b ut is quicker. IKE SA Life Time[...]
-
Page 82
VPN ESP Encryption ESP (Encapsulating Security Payload) provides security for t he payload (data) sent through the VPN tunnel. Generally, you will want to enable both ESP Encrypti on and ESP Authentication. Select the desired m ethod, and ensure the remote VPN endpoint uses the same m ethod. The "3DES" algorithm provides greater security [...]
-
Page 83
LevelOne Broadband VPN Gateway User Guide Certificates Certificates are used to authen ticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificat e to itself. This Certificate is required in order to v alidate communication wi[...]
-
Page 84
VPN Adding a Trusted Certificate 1. After obtaining a new Cert ificate from the CA, you need to upload it t o the LevelOne Broadband VPN Gateway. 2. On the "Certificates" scr een, click the "Add Trusted Certificate" button to view the Add Trusted Certificate screen, shown below. Figure 55: Add Trusted Certificate 3. Click the &q[...]
-
Page 85
LevelOne Broadband VPN Gateway User Guide Subject Name This is the name which other or ganizations will see as the Holder (owner) of this Certi ficate. This should be your registered business name or offi cial company nam e. Gener- ally, all Certi ficates should have the same val ue in the Subject field. Hash Algorithm Select the desired option. Si[...]
-
Page 86
VPN Figure 58: Add Self Certificate (3) 8. Upload the Certificate: • Click the "Browse" button, and locat e the certificate file on your PC • Select th e file. The name will appear in the "Certificate File" field. • Click "Upload" to upload the certificate file t o the LevelOne Broadband VPN Gate- way. • Click [...]
-
Page 87
LevelOne Broadband VPN Gateway User Guide CRLs CRLs are only necessary if using Certificates. CRL (Certificat e Revocation List) fil es show Certificates whi ch have been revoked, and are no longer valid. Each CA issues their own C RLs. It is VERY IMPORTANT to keep your CRLs up- to-date. You need to obtain the CRL for each CA regularly. The "N[...]
-
Page 88
VPN VPN Status This screens lists all VPN SAs (Security Association) wh ich exist at the current time. • If no VPN tunnels exist at the current time, the table will be empty. • To update the display, cli ck the "Refresh" button. • If using IKE, there is one SA for the IKE connection, and anot her SA for the IPSec connection. • For[...]
-
Page 89
LevelOne Broadband VPN Gateway User Guide Examples This section describes som e examples of using the LevelOne Broadband VPN Gateway i n comm on VPN situations. Example 1: Connecting 2 LevelOne Broadband VPN Gateways In this example, 2 LANs are connected via VPN. Figure 62: Connecting 2 LevelOne Broadband VPN Gatew ays Note • The LANs MUST use di[...]
-
Page 90
VPN IKE Authentication method Pre-shared Key Pre-shared Key Certificates are not widely used. Pre-shared Key Xxxxxxxxxx Xxxxxxxxxx Must ma tch IKE Authentication algorithm MD5 MD5 Mu st match IKE Encryption DES DES Must m atch IKE Exchange mode Main Mode Main Mode Must match DH Group Group 1 (768 bit) Group 1 (768 bit) Must ma tch IKE SA Life tim e[...]
-
Page 91
LevelOne Broadband VPN Gateway User Guide Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP cl ient connects to the LevelOne Broadband VPN Gate- way and gains access to the local LAN. Figure 63: Windows 2000/XP Client to Level One Broadband VPN Gateway To use 3DES encryption, y ou need Service Pack 3 or later installed on [...]
-
Page 92
VPN DH Group Group 1 (768 bit) Must mat ch client PC IKE SA Life tim e 28800 Does not have to match client PC. Shorter period will be used. IKE PFS Disable Must match client PC IPSec SA Parameters IPSec SA Life time 28800 Do not have to match. Shorter period will be used. IPSec PFS Disable Must match client PC AH authentication Disabled AH is rarel[...]
-
Page 93
LevelOne Broadband VPN Gateway User Guide Figure 65: Windows 2000/XP - Policy Properties • Note that no rules are in use. Two 2 rules are required - incom ing and outgoing. • Th e outgoing rule will be added first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" to view the screen bel ow. Figure 66: IP Filter Lis[...]
-
Page 94
VPN Figure 67: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address . • Sin ce this is the outing filter, the Source IP address is "My IP address" and the Desti- nation IP address is the address range used on the rem ote LAN. • Ensure the Mirrored option is checked. 9. Click "OK" to sav[...]
-
Page 95
LevelOne Broadband VPN Gateway User Guide Figure 69: New Rule Properties: Filter Action 11. Select Require Security , then click the "Edit" button, to view the Requi re Security Proper- ties screen. Figure 70: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add". 92[...]
-
Page 96
VPN Figure 71: Modify Security Method 13. On the resulting screen (above), select High [ ESP] then click "OK" to save your changes and return to the Require Security Properties screen. Figure 72: Require Security Properties 14. Ensure the follo wing settings are correct, then click "OK" to return to th e Filter Action tab of the[...]
-
Page 97
LevelOne Broadband VPN Gateway User Guide 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP ad- dress . Enter the WAN (Internet) IP address of the LevelOne Broadband VPN Gateway, as shown below. Figure 73: Tunnel Setting 16. Click the Authenticati on Methods tab, then click the "Edit" to see the scr[...]
-
Page 98
VPN 19. Click "Close" to retu rn to the DUT to Win2K properti es screen . The "To DUT" filter should now be listed, as shown bel ow. Figure 75: Windows 2000/XP Client to Level One Broadband VPN Gateway 20. To add the second (outgoing) rule, cli ck "Add". For the name, ent er "To Win2K", then click "Add&q[...]
-
Page 99
LevelOne Broadband VPN Gateway User Guide Figure 77: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Cl o se". Figure 78: Filter List 23. Ensure the "To W in2K" filter is selected, then click the Filter Action tab. 96[...]
-
Page 100
VPN Figure 79: Filter Action 24. Select Require Security , then click "Edit". On the Require Security Methods screen below, select Negotiate security . Figure 80: Security Methods 25. Click the "Add" butt on. On the resulting Modify Security Method screen below, select High [ESP] . 97[...]
-
Page 101
LevelOne Broadband VPN Gateway User Guide Figure 81: Modify Security Method 26. Click "OK" to save you r changes, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and en ter the WAN (Internet) IP address of this PC (172.10..9.10 in this exam ple). Figure 82: Tunnel Setting 28. Selec[...]
-
Page 102
VPN Figure 83: Authentication Method 29. Select Use this string to protect the key exchange (preshared key) , then enter your pre- shared key in the field provided. 30. Click "OK" to save you r settings, then "Close" to return to th e DUT to Win2K Properties screen. There should now be 2 IP Filers list ed, as shown below. Figure[...]
-
Page 103
LevelOne Broadband VPN Gateway User Guide Figure 85: Properties - General Tab 32. Click the "Advanced" button to see t he screen below. Figure 86: Key Exchange Settings 33. Click the "Methods" butt on to see the screen below. 100[...]
-
Page 104
VPN Figure 87: Key Exchange Security Methods 34. Select the first entry, and click the "Edit" button to see the followin g screen. Figure 88: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm , "3DES" for Encryption algorithm , and "Low(1)" for the Diffie-Hellman Group . 36. Click "OK&quo[...]
-
Page 105
LevelOne Broadband VPN Gateway User Guide Example 3: Windows 2000 Server to VPN Gatew ay In this example, a Windows 2000 Server connects t o the LevelOne B roadband VPN Gateway. Users on each LAN can then gain access to the remote LAN. Figure 90: LevelOne Broadband VPN Gateway to Wi ndows 2000 Server LevelOne Broadband VPN Gateway Configuration Thi[...]
-
Page 106
VPN Windows 2000 Server Configuration Configuration is t he same as for Example 2: Window s 2000/XP Client t o except for specifying the Source and Destination ad dresses for the "Filter Properties". Instead, for both IP Filters, the Filter Properties- Addressing should be completed as follows. Figure 91: Windows 2000 Server - Addressing [...]
-
Page 107
Chapter 9 Other Features and Settings This Chapter explains the screens and settings available via the "Other" menu. Overview Normally, it is not necessary to use these scr eens, or change any settings. These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users. The sc[...]
-
Page 108
Other Features and Settings PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It elimi- nates the need to enter IP addresses. Also, y ou do not need to use fixed IP addresses on your LAN. PC Database Screen An example PC Data base screen is shown below. Figure 92: PC Database • PCs which are &[...]
-
Page 109
LevelOne Broadband VPN Gateway User Guide Data - PC Database Screen Known PCs This lists all current entries. Data displayed is name (IP Address) type . The "type" indicates whether the PC is connected to the LAN. Name If adding a new PC to the list, en ter its nam e here. It is best if this matches the PC's "hostname". IP [...]
-
Page 110
Other Features and Settings PC Database (Admin) This screen is display ed if the "Advanced Admi nistration" button on t h e PC Database is clicked. It provides m ore control than the standard PC Database screen. Figure 93: PC Database (Admin) Data - PC Database ( Admin) Screen Known PCs This lists all current entries. Data displayed is na[...]
-
Page 111
LevelOne Broadband VPN Gateway User Guide MAC Address Select the appropriate option • Automatic discovery - Select this to have the LevelOne Broad- band VPN Gateway contact the PC and fi nd its MAC address. This is only possibl e if the PC is connected to the LAN and pow- ered On. • MAC is - Enter the MAC address on the PC. The MAC address is a[...]
-
Page 112
Other Features and Settings Remote Administration This feature allows you to m anage the Leve lOne Broadband VPN Gateway via the Internet. Figure 94: Remote Administration Screen Data - Remote Administration Screen Remote Administration Enable Remote Administration Enable to allow administration via the Internet. If Disab led, this device will igno[...]
-
Page 113
LevelOne Broadband VPN Gateway User Guide Routing Overview • If you don't have other Routers or Gateway s on your LAN, you can ignore the "Routing" page completely. • If the LevelOne Broadband VPN Gateway is onl y acting as a Gateway for the local LAN segment, ignore the "R outing" page even if your LAN has other Rout e[...]
-
Page 114
Other Features and Settings Figure 95: Routing Screen Data - Routing Screen RIP Enable RIP Check this t o enable the RIP (Routing Inform ation Protocol) feature of the LevelOne Broadband VPN Gateway. The LevelOne Broadband VPN Gateway supports R IP 1 only. Static Routing Static Routing Table Entries This list shows all entries in th e Routing Table[...]
-
Page 115
LevelOne Broadband VPN Gateway User Guide Add Add a new entry to the Stati c Routing table, usi ng the data shown in the "Properties" area on screen. Th e entry selected in the list is ignored, and has no effect. Update Update the current St atic Routing Table entry, using the data shown in the "Properties" area on screen. Delet[...]
-
Page 116
Other Features and Settings Static Routing - Example Figure 96: Routing Example For the LevelOne Broadband VPN Gateway 's Routing Table For the LAN shown above, with 2 routers a nd 3 LAN segm ents, the LevelOne Broadband VPN Gateway requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address 192.168.1.0 Network Mask 255.255.255.0[...]
-
Page 117
LevelOne Broadband VPN Gateway User Guide Upgrade Firmware The firmware (software) in the LevelOne B roadband VPN Gateway can be upgraded using your Web Browser. You must first downl oad the upgrade file, then select Upgrade on the Other menu. You will see a screen like the following. Figure 97: Upgrade Firmware Screen To perform the Firmware Upgra[...]
-
Page 118
Other Features and Settings UPnP An example UPnP screen is shown bel ow. Figure 98: UPNP Screen Data - UPNP Screen UPnP Enable UPnP Services • UPnP (Universal Plug and Play) allows autom atic discovery and configuration of equipm ent attached to your LAN. UPnP is by supported by Windows ME, XP, or la ter. • If Enabled, th is device will be visi[...]
-
Page 119
116 A Appendix A T roubleshooting This Appendix covers the most likely probl ems and their solutions. Overview This chapter covers some comm on problems that m ay be encountered while using the Leve- lOne Broadband VPN Gateway and som e possible solutions to them. If you fol low the suggested steps and the LevelOne Broadband VPN Gateway still does [...]
-
Page 120
Appendix A - Troubleshooting check your Internet connection (DSL/C able modem etc) to see that it is working correctly. Problem 2: Some applications do not run properly when using the LevelOne Broadband VPN Gateway. Solution 2: The LevelOne Broadband VPN Gateway processes the data passing through it, so it is not transparent. Use the Special Applic[...]
-
Page 121
118 B Appendix B Specifications LevelOne Broadband VPN Gateway Model FBR-1404TX Dimensions 141mm(W) * 100m m(D) * 27mm(H) Operating Temperature 0 ° C to 40 ° C Storage Temperature -10 ° C to 70 ° C Network Protocol: TCP/IP Network Interface: 5 Ethernet: 4 * 10/100BaseT (RJ45) LAN connection 1 * 10/100BaseT (RJ45) for WAN LEDs 11 Power Adapter 1[...]
-
Page 122
Appendix B - Specifications FCC Radiation Exposure Statement This equipment complies with FCC RF radiat ion exposure limits set forth for an uncontrol led environment. Thi s equipment shoul d be installed and operated with a mi nimum distance of 20 centimeters bet w een the radiat or and your body. This device complies with Part 15 of th e FCC Rule[...]