RF760/660/600VPN Internet Security Appliance Quick Start Guide
Copyright and Technical Support Quick Start Guide RouteFinder VPN RF760/660/600VPN 82013762L, Revision C Copyright This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. All rights reserved. Copyright © 2004-5, by Multi-Tech Systems, Inc. Multi-Tech Systems, Inc.
Table of Contents Contents Chapter 1 – Introduction ...................................................................................................................................................... 5 The RouteFinder and Its Documentation .......................................................................................................................... 5 Other References ..............................................................................................................................
Chapter 1 – Introduction Chapter 1 – Introduction The RouteFinder and Its Documentation The RouteFinder VPN is both a Virtual Private Network (VPN) and a firewall. It also offers an optional email antivirus protection subscription. Using the RouteFinder VPN is a cost-effective, manageable way for small to medium businesses to add a remote user VPN, a Branch Office VPN, and/or Firewall Security applications to their networks.
Chapter 1 – Introduction Safety Recommendations for Rack Installations • • • • • • • • Ensure proper installation of the RF760/660VPN in a closed or multi-unit enclosure by following the recommended installation as defined by the enclosure manufacturer. IMPORTANT: Do not place the RF760/660VPN directly on top of other equipment or place other equipment directly on top of the RF760/660VPN.
Chapter 1 – Introduction Typical Applications Remote User VPN. The client-to-LAN VPN application replaces traditional dial-in remote access by allowing a remote user to connect to the corporate LAN through a secure tunnel over the Internet. The advantage is that a remote user can make a local call to an Internet Service Provider, without sacrificing the company’s security, as opposed to a long distance call to the corporate remote access server. Branch Office VPN.
Chapter 2 – Installation Chapter 2 – Installation Installation – Planning the Network Before you begin the installation process, you should plan your network and decide which computer is to have access to which services. This simplifies configuration and saves you a lot of time that you would otherwise need for corrections and adjustments.
Chapter 2 – Installation Cabling Procedure Cabling your RouteFinder VPN involves making the proper Power, DMZ, WAN and LAN connections as illustrated and described below. RF760VPN RF660VPN RF600VPN 1. 2. 3. 4. 5. Using an RJ-45 Ethernet cable, connect the DMZ RJ-45 jack to the DMZ device or network (Optional – for example, a Voice over IP gateway). Using an RJ-45 Ethernet cable, connect the WAN RJ-45 jack to the device for the external network.
Chapter 2 – Installation Setting up a Workstation and Starting the RouteFinder VPN This section of the Quick Start Guide covers the steps for setting up a workstation that is connected to the RouteFinder VPN, starting up the RouteFinder VPN, opening the RouteFinder VPN Web Management program, performing the time zone setup, and using the Menu bar to navigate through the Web Management software screens. Connections 1. Connect a workstation to the RouteFinder's LAN port via Ethernet.
Chapter 2 – Installation Login 8. The Login screen is displayed. • Type the default User name: admin (all lower-case) • Tab to the Password field and type the default password: admin (all lower-case). • Click the Login button. Note: The User name and Password entries are case-sensitive (both must be typed in lower-case). The password can be up to 12 characters. Later, you will want to change the password from the default (admin) to something else.
Chapter 2 – Installation Navigating Through the Screens Before using the software, you may find the following information about navigating the screens and the structuring of the menus helpful.
Chapter 2 – Installation Sub-Menu Each item on the Menu Bar has its own sub-menu, which displays on the left side of the screen. When you click one of the Menu Bar buttons, the screen that displays is the first sub-menu option. You can choose other sub-menu screens by clicking the screen name in the sub-menu. This is an example of the Administration sub-menu. It displays when Administration is clicked on the Menu Bar.
Chapter 3 – Configuration Chapter 3 – Configuration Initial Configuration Step Set Up Your Time Zone Click Administration on the Menu Bar. The System Setup screen displays. Set the following: • Set System Time by selecting your Time Zone • Set the current Day, Month, Year, Hour, and Minute Administration System Setup Displays as soon as Administration is selected from the Menu Bar. System Time 14 Multi-Tech Systems, Inc.
Chapter 3 – Configuration Second Configuration Step – Using the Wizard Setup Using the Wizard Setup is a quick way to enter the basic configuration parameters to allow communication between the LAN’s workstation(s) and the Internet as shown in the example below. Important Note: An initial configuration must be completed for each type of RouteFinder functions: firewall configuration, LAN-to-LAN configuration, a LAN-to-Remote Client configuration.
Chapter 3 – Configuration The Wizard Setup Screen Click on the Wizard Setup button located under the Menu Bar. The following screen displays. 1. Enter your Administrator Email Address (can be anything). Example: admin@yourdomain.com 2. Enter your Hostname for the RouteFinder VPN (can be anything). Example: RouteFinder VPN.domainname.com 3. LAN IP Address and Subnet Mask default into the fields. These should be acceptable for your site. 4. Enter the WAN IP Address.
Chapter 4 – Configuration Examples Chapter 4 – Configuration Examples These examples show how to configure the RouteFinder using the entire Web Management software program. The Wizard Setup utility provides a basic connection, while the Web Management software allows you to configure firewall features, VPN features, management features, and other options (see the menu outline in Chapter 2).
Chapter 4 – Configuration Examples Setup Networks & Services Site A Configuration on the RouteFinder VPN in the Home Office To configure your RouteFinder VPN in the home office in preparation for connection to a remote branch office, click the Networks & Services button on the Menu bar, and then select Network. Set the following: 1. Add a network for the remote LAN port (private LAN on eth0 at the branch office). Enter the following: • • • Name = RemoteLAN IP address = 192.168.10.0 Subnet mask = 255.255.
Chapter 4 – Configuration Examples Set Packet Filters Site A Configuration: RouteFinder VPN in the Home Office Establish remote access filtering: click on Packet Filters > Packet Filter Rules. 1.
Chapter 4 – Configuration Examples Set VPN IPSec Protocol Site A Configuration: RouteFinder VPN in the Home Office Establish an IPSec Protocol for your remote branch office access: click on VPN > IPSec. 1. 2. Check the VPN Status box, and then click Save. Click the Add button for Add IKE Connection. The VPN IPSec > IKE screen displays. 20 Multi-Tech Systems, Inc.
Chapter 4 – Configuration Examples 3. Enter the following information in order to establish an IPSec protocol. • Enter a Connection name. (Example: SiteA) • Place a checkmark in the box to enable Perfect Forward Secrecy. • Select Secret for the Authentication Method. • Enter a shared Secret string using alphanumeric characters. (Example: 1o2t3t4f) • Select 3DES for Select Encryption. • Accept the defaults for IKE Life Time and Key Life.
Chapter 4 – Configuration Examples Example 2 – Remote Client-to-LAN VPN Configuration This example shows the setup for the RF660VPN that will allow a remote client to see a LAN and where the remote client is using SSH Sentinel. Use the VPN function to set up your RouteFinder VPN so that your network allows a remote client to have access to the LAN through a secure tunnel on the Internet.
Chapter 4 – Configuration Examples Example 3 – Remote Client-to-LAN Configuration Using DNAT and Aliasing Use this procedure to configure the RF660VPN with DNAT and Aliasing. This configuration allows a Windows 2000 Remote Client to Telnet through the RouteFinder VPN to several Windows 2000 Systems located on the LAN. Multi-Tech Systems, Inc.
Chapter 4 – Configuration Examples Example 4 – Client-to-LAN Configuration Using PPTP Tunneling Use this procedure to configure the RouteFinder VPN as a PPTP server for VPN Remote Client Access (aka, PPTP Roadwarrior configuration). Note: IPX and Netbeui are not supported when using PPTP tunneling. 24 Multi-Tech Systems, Inc.
Chapter 5 – URL Categorization Chapter 5 – URL Categorization The Universal Resource Locator (URL) Categorization License Key allows you to set up a URL database that limits clients’ access to places on the Internet by blocking sites you do not want accessed. In other words, you can deny users access to various categories of Web sites you select. Important Settings • • Client access to the Internet works in conjunction with the HTTP proxy running in transparent mode.
Chapter 5 – URL Categorization 3. Enter your URL License Key. • • Go to Administration > License Key. Click the Open button for the URL Categorization License Key. The Administration > License Key > URL Categorization screen displays. This screen shows that a license number has been entered previously. If no license has been entered, there will be a text box in which to enter the number. IMPORTANT: It is important that the serial number be entered in upper case.
Chapter 5 – URL Categorization 5. The URL Categories screen displays. You can use this screen to allow or block Web sites from users. • Use the Allow and Filter buttons to move a URL Category from the URL Categories Allowed list to the URL Categories Filtered or from Filtered to Allowed. • When you have established your filtered and allowed categories, click the Backup button to create a backup of your URL category database files.
82013762L
