Go to page of
Similar user manuals
-
Network Router
Planet VIP-280
43 pages 1.46 mb -
Network Router
Planet ADW-4100
56 pages 1.87 mb -
Network Router
Planet ADW-4300B
87 pages 0.92 mb -
Network Router
Planet WRT-416
8 pages 1.13 mb -
Network Router
Planet XRT-401E
55 pages 2.37 mb -
Network Router
Planet 200Mbps Powerline Ethernet Bridge PL-501-EU/US/UK
8 pages 0.86 mb -
Network Router
Planet ADE-4000
56 pages 1.14 mb -
Network Router
Planet USB ADSL Modem ADU-2000
24 pages 1.85 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Planet VRT-401, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Planet VRT-401 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Planet VRT-401. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Planet VRT-401 should contain:
- informations concerning technical data of Planet VRT-401
- name of the manufacturer and a year of construction of the Planet VRT-401 item
- rules of operation, control and maintenance of the Planet VRT-401 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Planet VRT-401 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Planet VRT-401, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Planet service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Planet VRT-401.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Planet VRT-401 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
Networking & Communicat io n Broadband VPN Router VRT-401 User ’ s Manual[...]
-
Page 2
ii Cop y right Copyright (C) 2002 PLANET Technology Corp. All rights reserved. The products and programs described in this User ’ s M anual are licensed products of PLANET Technology, This User ’ s M anual contains proprietary information protected by copyright, and this User ’ s M anual and all accompanying hard w are, soft w are, and docume[...]
-
Page 3
i Table of Contents CH A P T ER 1 IN T RODUC T IO N ..................................................................................... .1 VR T -401 Feature s ................................................................................................. .1 Package Content s ......................................................................[...]
-
Page 4
ii Example s ............................................................................................................. . 83 Using Certificate s ............................................................................................. . 101 CH A P T ER 9 O T HER FE A T URES A ND SE TT ING S ................................................ . [...]
-
Page 5
1 Chapter 1 Introduction This Chapter provides an overview of VRT-401's features and capabili- ties. Congratulations on the purchase o f y our ne w VR T -401. VR T -401 is a m ulti- f unction device providing the f ollo w ing services: • Shared Broadband Internet Access f or all LAN users. • 4-Port Switching Hub f or 10Base T or 100Base T [...]
-
Page 6
VRT-401 User Manual 2 A d v anced Internet Functions • Communication Applications. Support f or Internet co mm unication applica- tions, such as interactive Ga m es, T elephon y , and Con f erencing applications, w hich are o f ten di ff icult to use w hen behind a Fire w all, is included. • Special Internet Applications. Applications w hich us[...]
-
Page 7
Introduction 3 tion and even the existence o f each PC is hidden. Fro m the external vie w point, there is no net w or k , onl y a single device - VR T -401. • Stateful Inspection Firewall. All inco m ing data pac k ets are m onitored and all inco m ing server requests are f iltered, thus protecting y our net w or k f ro m m alicious attac k s f [...]
-
Page 8
VRT-401 User Manual 4 Ph y sical Details Front-mounted LEDs Figure 2: Front Panel Po w er On - Po w er on. Off - No po w er. Status (Red) On - Error condition. Off - Nor m al operation. Blinking - T his LED blin k s during start up. L A N For each port, there are 2 LEDs • LNK/ A C T • On - Corresponding LAN port is active. • Off - No active c[...]
-
Page 9
Introduction 5 Rear Panel Figure 3: Rear Panel D M Z Use a standard LAN cable to connect a nor m al port on the other hub. Reset Button T his button has t w o (2) f unctions: • Reboot . W hen pressed and released, VR T -401 w ill reboot (restart). • Clear A ll Data . T his button can also be used to clear ALL data and restore ALL settings to th[...]
-
Page 10
6 Chapter 2 Installation This Chapter covers the physical installation of VRT-401. Requirements • Net w or k cables. Use standard 10/100Base T net w or k (U T P) cables w ith RJ45 connectors. • T CP/IP protocol m ust be installed on all PCs. • For Internet Access, an Internet Access account w ith an ISP, and either o f a DSL or Cable m ode m [...]
-
Page 11
Installation 7 • I f desired, connect the DMZ port to a standard port on a Hub. PCs connected to this hub w ill also gain Internet access, but w ill NO T be able to access the rest o f the LAN. 3. Connect W A N Cable Connect the DSL or Cable m ode m to the W AN port on VR T -401. Use the cable supplied w ith y our DSL/Cable m ode m . I f no cable[...]
-
Page 12
8 Chapter 3 Setup This Chapter provides Setup details of VRT-401. O v er v ie w T his chapter describes the setup procedure f or: • Internet Access • LAN con f iguration PCs on y our local LAN m a y also require con f iguration. For details, see Chapter 4 - PC Configuration . Other con f iguration m a y also be required, depending on w hich f e[...]
-
Page 13
Setup 9 Con f igure or use an y o f the f ollo w ing: • PC Database • Re m ote Ad m in • Routing (RIP and static Routing) • Upgrade f ir m w are • Enable/Disable UPnP Support Chapter 9: Other Features and Set- tings Where use of a certain feature requires that PCs or other L A N de v ices be configured, this is also explained in the rele [...]
-
Page 14
VRT-401 User Manual 10 2. Start y our W EB bro w ser. 3. In the Address box, enter "H TT P://" and the IP Address o f VR T -401, as in this exa m ple, w hich uses VR T -401 ’ s de f ault IP Address: H TT P://192.168.0.1 If y ou can't connect I f VR T -401 does not respond, chec k the f ollo w ing: • VR T -401 is properl y install[...]
-
Page 15
Setup 11 Config Wizard T he f irst ti m e y ou connect to VR T -401, the Con f ig W i z ard w ill run auto m aticall y . ( T he Setup W i z ard w ill also run i f VR T -401 ’ s de f ault settings are restored.) 1. Step through the W i z ard until f inished. • Y ou need to k no w the t y pe o f Internet connection service used b y y our ISP. Che[...]
-
Page 16
VRT-401 User Manual 12 PP T P Mainl y used in Europe. Y ou connect to the ISP onl y w hen required. T he IP address is usuall y allocated auto m aticall y , but m a y be Static (Fixed). • PP T P Server IP Address. • User na m e and pass- w ord. • IP Address allocated to y ou, i f Static (Fixed). Other Modems (e.g. Broadband Wireless) T y pe D[...]
-
Page 17
Setup 13 Home Screen A f ter f inishing or exiting the Setup W i z ard, y ou w ill see the Home screen. W hen y ou connect in f uture, y ou w ill see this screen w hen y ou connect. An exa m ple screen is sho w n belo w . Figure 6: Home Screen Na v igation & Data Input • Use the m enu bar on the top o f the screen, and the "Bac k " [...]
-
Page 18
VRT-401 User Manual 14 L A N Screen Use the LAN lin k on the m ain m enu to reach the LAN screen An exa m ple screen is sho w n belo w . Figure 7: L A N Screen Data - L A N Screen T CP/IP IP A ddress IP address f or VR T -401, as seen f ro m the local LAN. Use the de f ault value unless the address is alread y in use or y our LAN is using a di ff e[...]
-
Page 19
Setup 15 DHCP What DHCP Does A DHCP (D y na m ic Host Con f iguration Protocol) Ser v er allocates a valid IP address to a DHCP Client (PC or device) upon request. • T he client request is m ade w hen the client device starts up (boots). • T he DHCP Server provides the Gateway and DNS addresses to the client, as w ell as allocating an IP Addres[...]
-
Page 20
16 Chapter 4 PC Configuration This Chapter details the PC Configuration required on the local ("Inter- nal") LAN. O v er v ie w For each PC, the f ollo w ing m a y need to be con f igured: • T CP/IP net w or k settings • Internet Access con f iguration Windo w s Clients T his section describes ho w to con f igure W indo w s clients f [...]
-
Page 21
PC Configuration 17 Checking TCP/IP Settings - Windo w s 9x/ME: 1. Select Control Panel - Network . Y ou should see a screen li k e the f ollo w ing: Figure 8: Net w ork Configuration 2. Select the TCP/IP protocol f or y our net w or k card. 3. Clic k on the Properties button. Y ou should then see a screen li k e the f ollo w ing. Figure 9: IP A dd[...]
-
Page 22
VRT-401 User Manual 18 • On the Gateway tab, enter VR T -401 ’ s IP address in the New Gateway f ield and clic k Add , as sho w n belo w . Y our LAN ad m inistrator can advise y ou o f the IP Ad- dress the y assigned to VR T -401. Figure 10: Gate w a y T ab (Win 95/98) • On the DNS Configuration tab, ensure Enable DNS is selected. I f the DNS[...]
-
Page 23
PC Configuration 19 Checking TCP/IP Settings - Windo w s NT4.0 1. Select Control Panel - Network , and, on the Protocols tab, select the T CP/IP protocol, as sho w n belo w . Figure 12: Windo w s N T 4.0 - T CP/IP 2. Clic k the Properties button to see a screen li k e the one belo w .[...]
-
Page 24
VRT-401 User Manual 20 Figure 13: Windo w s N T 4.0 - IP A ddress 3. Select the net w or k card f or y our LAN. 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address , as explained belo w . Obtain an IP address from a DHCP Ser v er T his is the de f ault W indo w s setting. Using this is recommend[...]
-
Page 25
PC Configuration 21 Figure 14 - Windo w s N T 4.0 - A dd Gate w a y 2. T he DNS should be set to the address provided b y y our ISP, as f ollo w s: • Clic k the DNS tab. • On the DNS screen, sho w n belo w , clic k the Add button (under DNS Service Search Order ), and enter the DNS provided b y y our ISP.[...]
-
Page 26
VRT-401 User Manual 22 Figure 15: Windo w s N T 4.0 - DNS[...]
-
Page 27
PC Configuration 23 Checking TCP/IP Settings - Windo w s 2000: 1. Select Control Panel - Network and Dial-up Connection . 2. Right - clic k the Local Area Connection icon and select Properties . Y ou should see a screen li k e the f ollo w ing: Figure 16: Net w ork Configuration (Win 2000) 3. Select the TCP/IP protocol f or y our net w or k card. 4[...]
-
Page 28
VRT-401 User Manual 24 Figure 17: T CP/IP Properties (Win 2000) 5. Ensure y our T CP/IP settings are correct, as described belo w . Using DHCP T o use DHCP, select the radio button Obtain an IP Address automatically . T his is the de f ault W indo w s setting. Using this is recommended . B y de f ault, VR T -401 w ill act as a DHCP Server. Restart [...]
-
Page 29
PC Configuration 25 Checking TCP/IP Settings - Windo w s XP 1. Select Control Panel - Network Connection . 2. Right clic k the Local Area Connection and choose Properties . Y ou should see a screen li k e the f ollo w ing: Figure 18: Net w ork Configuration (Windo w s XP) 3. Select the TCP/IP protocol f or y our net w or k card. 4. Clic k on the Pr[...]
-
Page 30
VRT-401 User Manual 26 Figure 19: T CP/IP Properties (Windo w s XP) 5. Ensure y our T CP/IP settings are correct. Using DHCP T o use DHCP, select the radio button Obtain an IP Address automatically . T his is the de f ault W indo w s setting. Using this is recommended . B y de f ault, VR T -401 w ill act as a DHCP Server. Restart y our PC to ensure[...]
-
Page 31
PC Configuration 27 Internet A ccess T o con f igure y our PCs to use VR T -401 f or Internet access: • Ensure that the DSL m ode m , Cable m ode m , or other per m anent connection is f unctional. • Use the f ollo w ing procedure to con f igure y our Bro w ser to access the Internet via the LAN, rather than b y a Dial-up connection. For Windo [...]
-
Page 32
VRT-401 User Manual 28 M acintosh Clients Fro m y our Macintosh, y ou can access the Internet via VR T -401. T he procedure is as f ollo w s. 1. Open the T CP/IP Control Panel. 2. Select Ethernet f ro m the Connect via pop-up m enu. 3. Select Using DHCP Server f ro m the Configure pop-up m enu. T he DHCP Client ID f ield can be le f t blan k . 4. C[...]
-
Page 33
29 Chapter 5 Operation and Status This Chapter details the operation of VRT-401 and the status screens. Operation Once both VR T -401 and the PCs are configured, operation is automatic. Ho w ever, there are so m e situations w here additional Internet con f iguration m a y be required: • I f using Internet-based Communication Applications , it m [...]
-
Page 34
VRT-401 User Manual 30 Data - Status Screen Internet Connection M ethod T his indicates the current connection m ethod, as set in the Setup W i z ard. Broadband M odem T his sho w s the connection status o f the m ode m . Internet Connection Current connection status: • Active • Idle • Un k no w n • Failed I f there is an error, y ou can cl[...]
-
Page 35
Operation and Status 31 Connection Status - PPPoE I f using PPPoE (PPP over Ethernet), a screen li k e the f ollo w ing exa m ple w ill be dis- pla y ed w hen the "Connection Details" button is clic k ed. Figure 21: PPPoE Status Screen Data - PPPoE Screen Connection Ph y sical A ddress T he hard w are address o f this device, as seen b y [...]
-
Page 36
VRT-401 User Manual 32 Connection Log Connection Log • T he Connection Log sho w s status m essages relating to the existing connection. • T he m ost co mm on m essages are listed in the table belo w . • T he "Clear Log" button w ill restart the Log, w hile the Re f resh button w ill update the m essages sho w n on screen. Buttons C[...]
-
Page 37
Operation and Status 33 Error: Invalid or un- k no w n pac k et t y pe T he data received f ro m the ISP's Server could not be processed. T his could be caused b y data corruption ( f ro m a bad lin k ), or the Server using a protocol w hich is not supported b y this device.[...]
-
Page 38
VRT-401 User Manual 34 Connection Status - PPTP I f using PP T P (Peer-to-Peer T unneling Protocol), a screen li k e the f ollo w ing exa m ple w ill be displa y ed w hen the "Connection Details" button is clic k ed. Figure 22: PP T P Status Screen Data - PP T P Screen Connection Ph y sical A d- dress T he hard w are address o f this devi[...]
-
Page 39
Operation and Status 35 Buttons Connect I f not connected, establish a connection to y our ISP. Disconnect I f connected to y our ISP, hang up the connection. Clear Log Delete all data currentl y in the Log. T his w ill m a k e it easier to read ne w m essages. Refresh Update the data on screen. Connection Status - Telstra Big Pond An exa m ple scr[...]
-
Page 40
VRT-401 User Manual 36 Connection Status T his indicates w hether or not the connection is currentl y established. • I f the connection does not exist, the "Connect" button can be used to establish a connection. • I f the connection currentl y exists, the "Disconnect" button can be used to brea k the connection. • Nor m al[...]
-
Page 41
Operation and Status 37 Data - Sing T el R A S Screen Internet R A S Plan T he RAS Plan w hich is currentl y used. Ph y sical A d- dress T he hard w are address o f this device, as seen b y re m ote de- vices on the Internet. ( T his is di ff erent to the hard w are address seen b y devices on the local LAN.) IP A ddress T he IP Address o f this de[...]
-
Page 42
VRT-401 User Manual 38 Connection Details - Fixed/D y namic IP A ddress I f y our access m ethod is "Direct" (no login), a screen li k e the f ollo w ing exa m ple w ill be displa y ed w hen the "Connection Details" button is clic k ed. Figure 25: Connection Details - Fixed/D y namic IP A ddress Data - Fixed/D y namic IP address[...]
-
Page 43
Operation and Status 39 Buttons Release/Rene w Button w ill displa y EI T HER "Release" OR "Rene w " T his button is onl y use f ul i f the IP address sho w n above is allocated auto m aticall y on connection. (D y na m ic IP address). I f y ou have a Fixed (Static) IP address, this button has no e ff ect. • I f the ISP's[...]
-
Page 44
40 Chapter 6 Internet Features This Chapter explains when and how to use VRT-401 ’ s "Internet" Fea- tures. O v er v ie w T he f ollo w ing advanced f eatures are provided. • Advanced Internet • Co mm unication Applications • Special Applications • DMZ • URL f ilter • D y na m ic DNS • Virtual Servers • Options A d v anc[...]
-
Page 45
Internet Features 41 Communication A pplications Most applications are supported transparentl y b y VR T -401. But so m eti m es it is not clear w hich PC should receive an inco m ing connection. T his proble m could arise w ith the Communication Applications listed on this screen. I f this proble m arises, y ou can use this screen to set w hich PC[...]
-
Page 46
VRT-401 User Manual 42 Figure 27: Special A pplications Screen Data - Special A pplications Screen Checkbox Use this to Enable or Disable this Special Application as required. Name Enter a descriptive na m e to identi f y this Special Application. Incoming Ports • T y pe - Select the protocol ( T CP or UDP) used w hen y ou receive data f ro m the[...]
-
Page 47
Internet Features 43 If an application still cannot function correctl y , tr y using the "D M Z" feature. DMZ T his f eature, i f enabled, allo w s one (1) co m puter on y our LAN to be exposed to all users on the Internet, allo w ing unrestricted 2- w a y co mm unication bet w een the "DMZ PC" and other Internet users or Server[...]
-
Page 48
VRT-401 User Manual 44 URL Filter Screen Clic k the "Con f igure URL Filter" button on the Advanced Internet screen to access the URL Filter screen. An exa m ple screen is sho w n belo w . Figure 28: URL Filter Screen Data - URL Filter Screen Filter Strings Current Entries T his lists an y existing entries. I f y ou have not entered an y [...]
-
Page 49
Internet Features 45 D y namic DNS (Domain Name Ser v er) T his f ree service is ver y use f ul w hen co m bined w ith the Virtual Server f eature. It allo w s Internet users to connect to y our Virtual Servers using a URL, rather than an IP Ad- dress. T his also solves the proble m o f having a d y na m ic IP address. W ith a d y na m ic IP addres[...]
-
Page 50
VRT-401 User Manual 46 Data - D y namic DNS Screen DDNS Ser v ice DDNS Ser v ice • Y ou m ust sign up f irst to create a ne w account be f ore using the service. T he service is f ree. • Clic k this lin k to connect to the www .d y ndns.org W eb site. • Y our initial pass w ord w ill be E- m ailed to y ou; y ou can change this later i f y ou [...]
-
Page 51
Internet Features 47 Virtual Ser v ers T his f eature allo w s y ou to m a k e Servers on y our LAN accessible to Internet users. Nor m all y , Internet users w ould not be able to access a server on y our LAN because: • Y our Server does not have a valid external IP Address. • Atte m pts to connect to devices on y our LAN are bloc k ed b y the[...]
-
Page 52
VRT-401 User Manual 48 Using the DMZ port for Virtual Ser v ers Y ou should connect y our Virtual Servers to the DMZ port, f or the f ollo w ing reasons: • T ra ff ic passing bet w een the DMZ and LAN passes through the f ire w all. T he f ire- w all w ill protect y our LAN i f y our Server is co m pro m ised and used to launch an attac k on y ou[...]
-
Page 53
Internet Features 49 Defining y our o w n Virtual Ser v ers I f the t y pe o f Server y ou w ish to use is not listed on the Virtual Servers screen, y ou can use the Fire w all Rules to allo w particular inco m ing tra ff ic and f or w ard it to a speci f ied PC (Server). Connecting to the Virtual Ser v ers Once con f igured, an y one on the Intern[...]
-
Page 54
VRT-401 User Manual 50 MT U MT U size M T U (Maxi m u m T rans m ission Unit) value should onl y be changed i f advised to do so b y T echnical Support. • Enter a value bet w een 1 and 1500. • T his device w ill still auto-negotiate w ith the re m ote server, to set the M T U si z e. T he s m aller o f the 2 values (auto- negotiated, or entered[...]
-
Page 55
51 Chapter 7 Securit y Configuration This Chapter explains the settings available via the security configura- tion section of the "Security" menu. O v er v ie w T he f ollo w ing advanced con f igurations are provided. • Ad m in Login • Access Control • Fire w all Rules • Logs • Securit y Options • Scheduling • Services A dm[...]
-
Page 56
VRT-401 User Manual 52 Figure 34: Pass w ord Dialog Enter the "User Na m e" and "Pass w ord" y ou set on the Admin Login screen above.[...]
-
Page 57
Security Configuration 53 A ccess Control T his f eature is accessed b y the Access Control lin k on the Securit y m enu. T he Access Control f eature allo w s ad m inistrators to restrict the level o f Internet Ac- cess available to PCs on y our LAN. W ith the de f ault settings, ever y one has unrestricted Internet access. T o use this feature: 1[...]
-
Page 58
VRT-401 User Manual 54 Data - A ccess Control Screen Group Group Select the desired Group. T he screen w ill update to displa y the settings f or the selected Group. Groups are na m ed "De- f ault", "Group 1", "Group 2", "Group 3" and "Group 4", and cannot be re-na m ed. " M embers" Button[...]
-
Page 59
Security Configuration 55 Vie w Log Clic k this to open a sub- w indo w w here y ou can vie w the "Access Control" log. T his log sho w s atte m pted Internet accesses w hich have been bloc k ed b y the Access Control f eature. Clear Log Clic k this to clear and restart the "Access Control" log, m a k- ing ne w entries easier to[...]
-
Page 60
VRT-401 User Manual 56 Group Members Screen T his screen is displa y ed w hen the M embers button on the Access Control screen is clic k ed. Figure 36: Group M embers Use this screen to add or re m ove m e m bers (PCs) f ro m the current group. • T he "Del >>" button w ill re m ove the selected PC (in the M embers list) f ro m the[...]
-
Page 61
Security Configuration 57[...]
-
Page 62
VRT-401 User Manual 58 Fire w all Rules For nor m al operation and LAN protection, it is not necessar y to use this screen. T he Fire w all w ill al w a y s bloc k DoS (Denial o f Service) attac k s. A DoS attac k does not atte m pt to steal data or da m age y our PCs, but overloads y our Internet connection so y ou can not use it - the service is [...]
-
Page 63
Security Configuration 59 Data - Fire w all Rules Screen Rule List Vie w Rules for .. Select the desired option; the screen w ill update and list an y current rules. I f y ou have not de f ined an y rules, the list w ill be e m pt y . Data For each rule, the f ollo w ing data is sho w n: • Name - T he na m e y ou assigned to the rule. • Source [...]
-
Page 64
VRT-401 User Manual 60 Define Fire w all Rule Clic k ing the "Add" button in the Firewall Rules screen w ill displa y a screen li k e the exa m ple belo w . Figure 38: Define Fire w all Rule Data - Define Fire w all Rule Screen Name Enter a suitable na m e f or this rule. T y pe T his deter m ines the source and destination ports f or tra[...]
-
Page 65
Security Configuration 61 Dest IP T hese settings deter m ine w hich tra ff ic, based on their destination IP address, is covered b y this rule. Select the desired option: • An y - All tra ff ic f ro m the source port is covered b y this rule. • Single address - Enter the required IP address in the "Start IP address" f ield". Y o[...]
-
Page 66
VRT-401 User Manual 62 Logs T he Logs record various t y pes o f activit y on VR T -401. T his data is use f ul f or trouble- shooting, but enabling all logs w ill generate a large a m ount o f data and adversel y a ff ect per f or m ance. Since onl y a li m ited a m ount o f log data can be stored in VR T -401, log data can also be E- m ailed to y[...]
-
Page 67
Security Configuration 63 A ccess Control I f enabled, the log w ill include atte m pted outgoing connec- tions w hich have been bloc k ed b y the "Access Control" f eature. Fire w all Rules I f enabled, the log w ill details o f pac k ets bloc k ed b y user- de f ined Fire w all rules. Logging can be set f or each rule individuall y . On[...]
-
Page 68
VRT-401 User Manual 64 Include Select the logs y ou w ish to be included.[...]
-
Page 69
Security Configuration 65 Securit y Options T his screen allo w s y ou to set Fire w all and other securit y -related options. Figure 40: Securit y Options Screen Data - Securit y Options Screen SPI Fire w all Enable DoS Fire w all I f enabled, DoS (Denial o f Service) attac k s w ill be detected and bloc k ed. T he de f ault is enabled. It is stro[...]
-
Page 70
VRT-401 User Manual 66 Options Respond to IC M P T he ICMP protocol is used b y the "ping" and "trace route" pro- gra m s, and b y net w or k m onitoring and diagnostic progra m s. • I f chec k ed, VR T -401 w ill respond to ICMP pac k ets received f ro m the Internet. • I f not chec k ed, ICMP pac k ets f ro m the Internet [...]
-
Page 71
Security Configuration 67 Scheduling • T his schedule can be (optionall y ) applied to an y Access Control Group. • Bloc k ing w ill be per f or m ed during the scheduled ti m e (bet w een the "Start" and "Finish" ti m es.) • T w o (2) separate sessions or periods can be de f ined. • T i m es m ust be entered using a 24 [...]
-
Page 72
VRT-401 User Manual 68 Ser v ices Services are used in de f ining tra ff ic to be bloc k ed or allo w ed b y the Access Control or Firewall Rules f eatures. Man y co mm on Services are pre-de f ined, but y ou can also de f ine y our o w n services i f required. T o vie w the Services screen, select the Services lin k on the Securit y m enu. Figure [...]
-
Page 73
Security Configuration 69 service. Buttons Delete Delete the selected service f ro m the list. A dd Add a ne w entr y to the Service list, using the data sho w n in the "Add Ne w Service" area on screen. Cancel Clear the " Add Ne w Service " area, read y f or entering data f or a ne w Service.[...]
-
Page 74
70 Chapter 8 VPN This Chapter describes the VPN capabilities and configuration required for common situations. O v er v ie w T his section describes the VPN (Virtual Private Net w or k ) support provided b y y our VR T -401. A VPN (Virtual Private Net w or k ) provides a secure connection bet w een 2 points, over an insecure net w or k - t y picall[...]
-
Page 75
VPN 71 • Phase I is the negotiation and establish m ent up o f the IKE connection. • Phase II is the negotiation and establish m ent up o f the IPsec connection. Because the IKE and IPsec connections are separate, the y have di ff erent SAs (secu- rit y associations). Policies VPN con f iguration settings are stored in Policies . Each polic y d[...]
-
Page 76
VRT-401 User Manual 72 Common VPN Situations VPN Pass-through Figure 43: VPN Pass-through Here, a PC on the LAN behind the Router/Gate w a y is using VPN so f t w are, but the Router/Gate w a y is NO T acting as a VPN endpoint. It is onl y allo w ing the VPN connec- tion. • T he PC so f t w are can use an y VPN protocol supported b y the re m ote[...]
-
Page 77
VPN 73 Connecting 2 L A Ns v ia VPN Figure 45: Connecting 2 VPN Gate w a y s T his allo w s t w o (2) LANs to be connected. PCs on each endpoint gain secure access to the re m ote LAN. • T he 2 LANs MUS T use di ff erent IP address ranges. • T he VPN Policies at each end deter m ine w hen a VPN tunnel w ill be established, and w hat s y ste m s[...]
-
Page 78
VRT-401 User Manual 74 VPN Configuration T his section covers the con f iguration required on VR T -401 w hen using Manual Ke y Exchange (Manual Policies) or IKE (Auto m atic Policies). Details o f using Certi f icates are covered in a later section. VPN Policies Screen T o vie w this screen, select VPN Policies f ro m the VPN m enu. T his screen l[...]
-
Page 79
VPN 75 Operations A dd T o add a ne w polic y , clic k the "Add" button. See the f ollo w ing section f or details. Edit T o Edit or m odi f y an existing polic y , select it and clic k the "Edit" button. M o v e T here are 2 w a y s to change the order o f policies: • Use the up and do w n indicators on the right to m ove the[...]
-
Page 80
VRT-401 User Manual 76 • Other w ise, clic k Next to continue. Y ou w ill see a screen li k e the f ollo w ing. Figure 48: VPN Wizard - General General Settings Polic y Name Enter a suitable na m e. T his na m e is not supplied to the re m ote VPN. It is used onl y to help y ou m anage the policies. Enable Policy Enable or disable the polic y as [...]
-
Page 81
VPN 77 Figure 49: VPN Wizard - T raffic Selector • For outgoing VPN connections, these settings deter m ine w hich tra ff ic w ill cause a VPN tunnel to be created, and w hich tra ff ic w ill be sent through the tunnel. • For inco m ing VPN connections, these settings deter m ine w hich s y ste m s on y our local LAN w ill be available to the r[...]
-
Page 82
VRT-401 User Manual 78 Remote IP addresses T y pe • Single address - enter an IP address in the "Start IP address" f ield. • Range address - enter the starting IP address in the "Start IP address" f ield, and the f inish IP address in the "Finish IP address" f ield. • Subnet address - enter the desired IP address[...]
-
Page 83
VPN 79 T hese settings m ust m atch the re m ote VPN. Note that y ou cannot use both AH and ESP. M anuall y assigned Ke y s A H A uthentication AH (Authentication Header) speci f ies the authentication protocol f or the VPN header, i f used. (AH is o f ten NO T used) I f AH is not enabled, the f ollo w ing settings can be ignored. Ke y s • T he &[...]
-
Page 84
VRT-401 User Manual 80 For Manual Ke y Exchange, con f iguration is no w co m plete. • Clic k "Next" to vie w the f inal screen. • On the f inal screen, clic k "Finish" to save y our settings, then "Close" to exit the W i z ard. IKE Phase 1 I f y ou selected IKE , the f ollo w ing screen is displa y ed a f ter the [...]
-
Page 85
VPN 81 A uthentication • RS A Signature requires that both VPN endpoints have valid Certi f icates issued b y a CA (Certi f ication Authorit y ). • For Pre-shared key , enter the sa m e k e y value in both endpoints. T he k e y should be at least 8 characters ( m axi- m u m is 128 characters). Note that this k e y is used f or the IKE SA onl y [...]
-
Page 86
VRT-401 User Manual 82 IKE Phase 2 (IPsec S A ) IPsec S A Life T ime T his setting does not have to m atch the re m ote VPN end- point; the shorter ti m e w ill be used. Although m easured in seconds, it is co mm on to use ti m e periods o f several hours, such 28,800 seconds. IPSec PFS I f enabled, PFS (Per f ect For w ard Securit y ) enhances sec[...]
-
Page 87
VPN 83 Examples T his section describes so m e exa m ples o f using VR T -401 in co mm on VPN situations. Example 1: Connecting 2 VRT-401s In this exa m ple, 2 LANs are connected via VPN. Figure 53: Connecting 2 VR T -401s Note • T he LANs MUS T use di ff erent IP address ranges. • Both endpoints have f ixed W AN (Internet) IP addresses. Config[...]
-
Page 88
VRT-401 User Manual 84 Pre-shared Ke y Xxxxxxxxxx Xxxxxxxxxx Must m atch IKE Authentica- tion algorith m MD5 MD5 Must m atch IKE Encr y ption DES DES Must m atch IKE Exchange m ode Main Mode Main Mode Must m atch DH Group Group 1 (768 bit) Group 1 (768 bit) Must m atch IKE SA Li f e ti m e 28800 28800 Does not have to m atch. Shorter period w ill b[...]
-
Page 89
VPN 85 Example 2: Windo w s 2000/XP Client to L A N In this exa m ple, a W indo w s 2000/XP client connects to VR T -401 and gains access to the local LAN. Figure 54: Windo w s 2000/XP Client to VR T -401 T o use 3DES encr y ption, y ou need Ser v ice Pack 3 or later installed on Windo w s 2000. VR T -401 Configuration Setting Value Notes Na m e W [...]
-
Page 90
VRT-401 User Manual 86 m ode DH Group Group 1 (768 bit) Must m atch client PC IKE SA Li f e ti m e 28800 Does not have to m atch client PC. Shorter period w ill be used. IKE PFS Disable Must m atch client PC IPSec S A Parameters IPSec SA Li f e ti m e 28800 Do not have to m atch. Shorter period w ill be used. IPSec PFS Disable Must m atch client PC[...]
-
Page 91
VPN 87 Figure 56: Windo w s 2000/XP - Polic y Properties • Note that no rules are in use. T w o 2 rules are required - inco m ing and outgo- ing. • T he outgoing rule w ill be added f irst. 6. Deselect the "Use Add W i z ard" chec k box, then clic k "Add" to vie w the screen belo w . Figure 57: IP Filter List 7. T y pe "[...]
-
Page 92
VRT-401 User Manual 88 Figure 58: Filter Properties: A ddressing 8. Enter the Source IP address and the Destination IP address . • Since this is the outing f ilter, the Source IP address is "M y IP address" and the Destination IP address is the address range used on the re m ote LAN. • Ensure the M irrored option is chec k ed. 9. Clic[...]
-
Page 93
VPN 89 Figure 60: Ne w Rule Properties: Filter A ction 11. Select Require Security , then clic k the "Edit" button, to vie w the Require Security Properties screen. Figure 61: Require Securit y Properties 12. Select Negotiate security (this selects IKE), then clic k "Add".[...]
-
Page 94
VRT-401 User Manual 90 Figure 62: M odif y Securit y M ethod 13. On the resulting screen (above), select High [ESP] then clic k "OK" to save y our changes and return to the Require Security Properties screen. Figure 63: Require Securit y Properties 14. Ensure the f ollo w ing settings are correct, then clic k "OK" to return to t[...]
-
Page 95
VPN 91 15. Clic k the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address . Enter the W AN (Internet) IP address o f VR T -401, as sho w n belo w . Figure 64: T unnel Setting 16. Clic k the Authentication M ethods tab, then clic k the "Edit" to see the screen li k e the exa m ple belo w . Figure 65: A uthen[...]
-
Page 96
VRT-401 User Manual 92 19. Clic k "Close" to return to the DUT to W in2K properties screen. T he " T o DU T " f ilter should no w be listed, as sho w n belo w . Figure 66: Windo w s 2000/XP Client to VR T -401 20. T o add the second (outgoing) rule, clic k "Add". For the na m e, enter " T o W in2K", then clic[...]
-
Page 97
VPN 93 Figure 68: Filter Properties: A ddressing 22. Clic k "OK" to save y our changes, then "Close". Figure 69: Filter List 23. Ensure the " T o W in2K" f ilter is selected, then clic k the Filter Action tab.[...]
-
Page 98
VRT-401 User Manual 94 Figure 70: Filter A ction 24. Select Require Security , then clic k "Edit". On the Require Security M ethods screen belo w , select Negotiate security . Figure 71: Securit y M ethods 25. Clic k the "Add" button. On the resulting M odify Security M ethod screen belo w , select High [ESP] .[...]
-
Page 99
VPN 95 Figure 72: M odif y Securit y M ethod 26. Clic k "OK" to save y our changes, then clic k "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the W AN (Internet) IP address o f this PC (172.10..9.10 in this exa m ple). Figure 73: T unnel Setting 28. Select the Authentication M eth[...]
-
Page 100
VRT-401 User Manual 96 Figure 74: A uthentication M ethod 29. Select Use this string to protect the key exchange (preshared key) , then enter y our preshared k e y in the f ield provided. 30. Clic k "OK" to save y our settings, then "Close" to return to the DUT to W in2K Prop- erties screen. T here should no w be 2 IP Filers lis[...]
-
Page 101
VPN 97 Figure 76: Properties - General T ab 32. Clic k the "Advanced" button to see the screen belo w . Figure 77: Ke y Exchange Settings 33. Clic k the "Methods" button to see the screen belo w .[...]
-
Page 102
VRT-401 User Manual 98 Figure 78: Ke y Exchange Securit y M ethods 34. Select the f irst entr y , and clic k the "Edit" button to see the f ollo w ing screen. Figure 79: IKE Securit y A lgorithms 35. Select "SHA1" f or Integrity Algorithm , "3DES" f or Encryption algorithm , and "Lo w (1)" f or the Diffie-Hel[...]
-
Page 103
VPN 99 Example 3: Windo w s 2000 Ser v er to VPN Gate w a y In this exa m ple, a W indo w s 2000 Server connects to VR T -401. Users on each LAN can then gain access to the re m ote LAN. Figure 81: VR T -401 to Windo w s 2000 Ser v er VR T -401 Configuration T his is the sa m e as f or the client setup earlier, w ith the exception o f the IP addres[...]
-
Page 104
VRT-401 User Manual 100 Windo w s 2000 Ser v er Configuration Con f iguration is the sa m e as f or Example 2: W indows 2000/XP Client to except f or speci f y ing the Source and Destination addresses f or the "Filter Properties". Instead, f or both IP Filters, the Filter Properties- Addressing should be co m pleted as f ollo w s. Figure [...]
-
Page 105
VPN 101 Using Certificates Certi f icates are used to authenticate users. Certi f icates are issued to y ou b y various CAs (Certi f ication Authorities). T hese Certi f icates are called "Sel f Certi f icates". Each CA also issues a certi f icate to itsel f . T his Certi f icate is required in order to vali- date co mm unication w ith th[...]
-
Page 106
VRT-401 User Manual 102 A dding a Trusted Certificate 1. A f ter obtaining a ne w Certi f icate f ro m the CA, y ou need to upload it to VR T -401. 2. On the "Certi f icates" screen, clic k the "Add T rusted Certi f icate" button to vie w the Add Trusted Certificate screen, sho w n belo w . Figure 84: A dd T rusted Certificate 3[...]
-
Page 107
VPN 103 Subject Name T his is the na m e w hich other organi z ations w ill see as the Holder (o w ner) o f this Certi f icate. T his should be y our registered business na m e or o ff icial co m pan y na m e. Generall y , all Certi f icates should have the sa m e value in the Subject f ield. Hash A lgorithm Select the desired option. Signature A l[...]
-
Page 108
VRT-401 User Manual 104 Figure 87: A dd Self Certificate (3) 8. Upload the Certi f icate: • Clic k the "Bro w se" button, and locate the certi f icate f ile on y our PC • Select the f ile. T he na m e w ill appear in the "Certi f icate File" f ield. • Clic k "Upload" to upload the certi f icate f ile to VR T -401[...]
-
Page 109
VPN 105 Figure 89: Upload CRL 4. Upload the CRL f ile: • Clic k the "Bro w se" button, and locate the CRL f ile on y our PC • Select the f ile. T he na m e w ill appear in the "File to Upload" f ield. • Clic k "Upload" to upload the CRL f ile to VR T -401. • Clic k "Bac k " to return to the CRL list. [...]
-
Page 110
106 Chapter 9 Other Features and Settings This Chapter explains the screens and settings available via the " M iscellaneous" menu. O v er v ie w Nor m all y , it is not necessar y to use these screens, or change an y settings. T hese screens and settings are provided to deal w ith non-standard situations, or to provide additional options [...]
-
Page 111
Other Features and Settings 107 PC Database T he PC Database is used w henever y ou need to select a PC (e.g. f or the "DMZ" PC). It eli m inates the need to enter IP addresses. Also, y ou do not need to use f ixed IP addresses on y our LAN. PC Database Screen An exa m ple PC Database screen is sho w n belo w . Figure 90: PC Database • [...]
-
Page 112
VRT-401 User Manual 108 Data - PC Database Screen Kno w n PCs T his lists all current entries. Data displa y ed is name (IP Address) type . T he "t y pe" indicates w hether the PC is connected to the LAN. Name I f adding a ne w PC to the list, enter its na m e here. It is best i f this m atches the PC's "hostna m e". IP A d[...]
-
Page 113
Other Features and Settings 109 PC Database ( A dmin) T his screen is displa y ed i f the "Advanced Ad m inistration" button on the PC Database is clic k ed. It provides m ore control than the standard PC Database screen. Figure 91: PC Database ( A dmin) Data - PC Database ( A dmin) Screen Kno w n PCs T his lists all current entries. Data[...]
-
Page 114
VRT-401 User Manual 110 IP A ddress Select the appropriate option: • A utomatic - T he PC is set to be a DHCP client ( W indo w s: "Obtain an IP address auto m aticall y "). VR T -401 w ill allocate an IP address to this PC w hen requested to do so. T he IP address could change, but nor m all y w on't. • DCHP Client - Reser v ed [...]
-
Page 115
Other Features and Settings 111 Remote A dministration T his f eature allo w s y ou to m anage VR T -401 via the Internet. Figure 92: Remote A dministration Screen Data - Remote A dministration Screen Remote A dministration Enable Remote A dministration Enable to allo w ad m inistration via the Internet. I f Disabled, this device w ill ignore m ana[...]
-
Page 116
VRT-401 User Manual 112 Routing O v er v ie w • I f y ou don't have other Routers or Gate w a y s on y our LAN, y ou can ignore the "Routing" page co m pletel y . • I f VR T -401 is onl y acting as a Gate w a y f or the local LAN seg m ent, ignore the "Routing" page even i f y our LAN has other Routers. • I f y our LA[...]
-
Page 117
Other Features and Settings 113 Figure 93: Routing Screen Data - Routing Screen RIP Enable RIP Chec k this to enable the RIP (Routing In f or m ation Protocol) f eature o f VR T -401. VR T -401 supports RIP 1 onl y . Static Routing Static Routing T able Entries T his list sho w s all entries in the Routing T able. • T he "Properties" ar[...]
-
Page 118
VRT-401 User Manual 114 Properties • Destination Net w ork - T he net w or k address o f the re m ote LAN seg m ent. For standard class "C" LANs, the net w or k address is the f irst 3 f ields o f the Destination IP Address. T he 4th (last) f ield can be le f t at 0. • Net w ork M ask - T he Net w or k Mas k f or the re m ote LAN seg [...]
-
Page 119
Other Features and Settings 115 Other Routers on the Local L A N Other routers on the local LAN m ust use VR T -401 ’ s Local Router as the Default Route . T he entries w ill be the sa m e as VR T -401 ’ s local router, w ith the exception o f the Gateway IP Address . • For a router w ith a direct connection to VR T -401 ’ s local Router, t[...]
-
Page 120
VRT-401 User Manual 116 For Router B's Default Route Destination IP Address 0.0.0.0 Net w or k Mas k 0.0.0.0 Gate w a y IP Address 192.168.1.80 (VR T -401 ’ s local router) Firm w are Upgrade T he f ir m w are (so f t w are) in VR T -401 can be upgraded using y our W eb Bro w ser. Y ou m ust f irst do w nload the upgrade f ile, then select U[...]
-
Page 121
Other Features and Settings 117 UPNP An exa m ple UPNP screen is sho w n belo w . Figure 96: UPNP Screen Data - UPNP Screen UPnP Enable UPnP Ser v ices • UPnP (Universal Plug and Pla y ) allo w s auto m atic discover y and con f iguration o f equip m ent attached to y our LAN. UPnP is b y supported b y W indo w s ME, XP, or later. • I f Enabled[...]
-
Page 122
118 A ppendix A T roubleshooting This Appendix covers the most likely problems and their solutions. O v er v ie w T his chapter covers so m e co mm on proble m s that m a y be encountered w hile using VR T -401 and so m e possible solutions to the m . I f y ou f ollo w the suggested steps and VR T -401 still does not f unction properl y , contact y[...]
-
Page 123
Appendi x A - Troubleshooting 119 Solution 2: VR T -401 processes the data passing through it, so it is not transpar- ent. Use the Special Applications f eature to allo w the use o f Internet applications w hich do not f unction correctl y . I f this does solve the proble m y ou can use the D MZ f unction. T his should w or k w ith al m ost ever y [...]
-
Page 124
120 Appendix B Specifications VRT-401 Model VR T -401 Di m ensions 170 mm ( W ) * 147 mm (D) * 27 mm (H) Operating T e m pera- ture 0 ° C to 40 ° C Storage T e m perature -10 ° C to 70 ° C Net w or k Protocol: T CP/IP, NA T , DHCP, H TT P, DNS, PAP, CHAP, T F T P Net w or k Inter f ace: 6 Ethernet: 4 * 10/100Base T (RJ45) LAN connection 1 * 10/[...]
-
Page 125
Appendi x B - Specifications 121 FCC Radiation Exposure Statement T his equip m ent co m plies w ith FCC RF radiation exposure li m its set f orth f or an uncon- trolled environ m ent. T his equip m ent should be installed and operated w ith a m ini m u m distance o f 20 centi m eters bet w een the radiator and y our bod y . T his device co m plies[...]