VPN DUAL-WAN Router 2x100Mbps WAN + 4x100Mbps Switch LAN (WAN2/DMZ) Fully Integrated SMB & IPSec VPN Solution English User’s Manual
VPN DUAL-WAN Router Product Manual Using Permit Agreement [Product Manual (hereafter the "Manual") Using Permit Agreement] hereafter the "Agreement" is the using permit of the Manual, and the relevant rights and obligations between the users and Allnet GmbH (hereafter "Allnet"), and is the exclusion to remit or limit the liability of Allnet. The users who obtain the file of this manual directly or indirectly, and users who use the relevant services, must obey this Agreement.
VPN DUAL-WAN Router the right to adjust or terminate the software / Manual any time without informing the users. There will be no further notice regarding the product upgrade or change of technical specification. If it is necessary, the change or termination will be announced in the relevant block of the Allnet website. 【4-3】All the set parameters are examples and they are for reference only. You may also purpose your opinion or suggestion.
VPN DUAL-WAN Router Content I. Introduction .................................................................................................................................. 6 II. Multi- WAN VPN Router Installation ....................................................................................... 8 2.1 Systematic Setting Process ........................................................................................................................ 8 2.2 Setting Flow Chart.......................
VPN DUAL-WAN Router The Maximum Bandwidth provided by ISP ........................................................................................ 72 8.1.2 QoS ...................................................................................................................................................... 73 8.2 Session control .............................................................................................................................................. 79 8.3 Smart QoS ...........
VPN DUAL-WAN Router 12.3 Traffic Statistic .............................................................................................................................................. 157 12.4 IP/ Port Statistic ............................................................................................................................................ 159 12.5 QRTG (Router Traffic Grapher) ...................................................................................................................
VPN DUAL-WAN Router I. Introduction IPSec VPN QoS Router (referred as VPN Router hereby) is a business level security router that efficiently integrates new generation multiple WAN-port devices. It meets the needs of medium enterprises, internet cafés, campus, dorm and communities, etc. Apart from its internet connectivity that suits the broadband market, VPN Router has a built-in QoS and VLAN switching board which enables it to fulfill most enterprise and internet cafe firewall needs.
VPN DUAL-WAN Router VPN Router fully protects the safety of communication between all offices and branches of an organization. It helps to free enterprises from increasing hacker intrusion. With an exclusive independent operation platform, users are able to set up and use a firewall without professional network knowledge. VPN Router setting up and management can be carried out through web browsers, such as IE, Netscape, etc.
VPN DUAL-WAN Router II. Multi- WAN VPN Router Installation In this chapter we are going to introduce hardware installation. Through the understanding of multi-WAN setting process, users can easily setup and manage the network,making VPN Router functioning and having best performance. 2.1 Systematic Setting Process Users can set up and enable the network by utilizing bandwidth efficiently. The network can achieve the ideal efficientness,block attacks, and prevent security risks at the same time.
VPN DUAL-WAN Router 1 Hardware installation Configure the Install the device hardware based on user network to meet physical requirements. user’s demand. 2 Login Login the device with Login the device web- based UI. Web Browser. 3 Verify device Verify Firmware Verify the device specification, Firmware specification version and working version and working status. status. Set password and time Set time and re- new Modify the login password considering safe password. issue.
VPN DUAL-WAN Router 9 Management and maintenance settings: Syslog, SNMP, and Monitor VPN Router Administrators can look up system log and working status and monitor system status and inbound/outbound configuration backup. flow in real time. Configure VPN Configure different types of VPN to meet tunnels, e.g. PPTP, different application environment. configuration backup 10 VPN Virtual Private Network, QVM VPN function setting 11 Logout and QVM VPN.
VPN DUAL-WAN Router III. Hardware Installation In this chapter we are going to introduce hardware interface as well as physical installation. 3.1 LED Signal LED Signal Description LED Color Description Power Green Green LED on: Power ON DIAG Amber Amber LED on: System self-test is running. Amber LED blinking: System not ready Amber LED off: System self-test is completed successfully. Link/Act Green Green LED on: Port has been connected & Get IP.
VPN DUAL-WAN Router 3.2 VPN Router Network Connection WAN connection:A WAN port can be connected with xDSL Modem, Fiber Modem, Switching Hub, or through an external router to connect to the Internet. LAN Connection: The LAN port can be connected to a Switching Hub or directly to a PC. Users can use servers for monitoring or filtering through the port after “Physical Port Mangement” configuration is done.
VPN DUAL-WAN Router IV. Login This chapter is mainly introducing Web- based UI after conneting the device. First, check up the device’s IP address by connecting to DOS through the LAN PC under the device. Go to Start → Run, enter cmd to commend DOS, and enter ipconfig for getting Default Gateway address, as the graphic below, 192.168.1.1. Make sure Default Gateway is also the default IP address of the router.
VPN DUAL-WAN Router Then, open webpage browser, IE for example, and key in 192.168.1.1 in the website column. The login window will appear as below: The device’s default username and password are both “admin”. Users can change the login password in the setting later. Attention! For security, we strongly suggest that users must change password after login. Please keep the password safe, or you can not login to the device. Press Reset button for more than 10 sec, all the setting will return to default.
VPN DUAL-WAN Router V. V. Device Spec Verification, Status Display and Login Password and Time Setting This chapter introduces the device specification and status after login as well as change password and system time settings for security. 5.1 Home Page In the Home page, all the device’s parameters and status are listed for users’ reference. 5.1.1 WAN Status IP Address: Indicates the current IP configuration for WAN port. Default Gateway: Indicates current WAN gateway IP address from ISP.
VPN DUAL-WAN Router Manual Connect: When “Obtain an IP automatically” is selected, two buttons (Release and Renew) will appear. If a WAN connection, such as PPPoE or PPTP, is selected, “Disconnect” and “Connect” will appear. DMZ IP Address: Indicates the current DMZ IP address. 5.1.2 Physical Port Status The status of all system ports, including each connected and enabled port, will be shown on this Home page (see above table).
VPN DUAL-WAN Router The current port setting status information will be shown in the Port Information Table. Examples: type (10Base-T/100Base-TX), iniferface (WAN/ LAN/ DMZ), link status (Up/ Down), physical port status (Port Enabled/ Port Disabled), priority (high or normal), speed status (10Mbps or 100Mbps), duplex status (Half/ Full), auto negotiation (Enabled or Disabled). The tabble also shows statistics of Receive/ Transmit Packets, Receive/Transmit Packets Byte Count as well as Error Packets Count.
VPN DUAL-WAN Router 5.1.3 System Information LAN IP/Subnet Mask: Identifies the current device IP address. The default is 192.168.1.1. Working Mode: Indicates the current working mode. Can be NAT Gateway or Router mode. The default is “NAT Gateway” mode. System Active Time:Indicates how long the Serial Number:This number is the Router has been running. Router serial number. Firmware Version: Information about the Router present software version. Current Time:Indicates the device present time.
VPN DUAL-WAN Router 5.1.4 Firewall Status SPI (Stateful Packet Inspection): Indicates whether SPI (Stateful Packet Inspection) is on or off. The default configuration is “On”. DoS (Denial of Service):Indicates if DoS attack prevention is activated. The default configuration is “On”. Block WAN Request:Indicates that denying the connection from Internet is activated. The default configuration is “On”. Prevent ARP Virus Attack:Indicates that preventing Arp virus attack is acitvated.
VPN DUAL-WAN Router 5.2 Change and Set Login Password and Time 5.2.1 Password Setting When you login the device setting window every time, you must enter the password. The default value for the device username and password are both “admin”. For security reasons, we strongly recommend that you must change your password after first login. Please keep the password safe, or you might not login to the device. You can press Reset button for more than 10 sec, the device will return back to default.
VPN DUAL-WAN Router Cancel: Click “Cancel" to leave without making any change. This action will be effective before ”Apply” to save the configuration. 5.2.2 Time The device can adjust time setting. Users can know the exact time of event occurrences that are recorded in the System Log, and the time of closing or opening access for Internet resources. You can either select the embedded NTP Server synchronization function or set up a time reference.
VPN DUAL-WAN Router NTP Server: If you have your own preferred time server, input the server IP address. Apply: After the changes are completed, click “Apply” to save the configuration. Cancel: Click “Cancel" to leave without making any change. This action will be effective before ”Apply” to save the configuration. Select the Local Time Manually: Input the correct time, date, and year in the boxes. After the changes are completed, click “Apply” to save the configuration.
VPN DUAL-WAN Router VI. Network This Network page contains the basic settings. For most users, completing this general setting is enough for connecting with the Internet. However, some users need advanced information from their ISP. Please refer to the following descriptions for specific configurations. 6.1 Network Connection 6.1.1 Host Name and Domain Name Device name and domain name can be input in the two boxes.
VPN DUAL-WAN Router 6.1.2 LAN Setting This is configuration information for the device current LAN IP address. The default configuration is 192.168.1.1 and the default Subnet Mask is 255.255.255.0. It can be changed according to the actual network structure. Multiple-Subnet Setting: Click “Unified IP Management” to enter the configuration page, as shown in the following figure. Input the respective IP addresses and subnet masks.
VPN DUAL-WAN Router 6.1.3 WAN & DMZ Settings WAN Setting: Interface: An indication of which port is connected. Connection Type: Obtain an IP automatically, Static IP connection, PPPoE (Point-to-Point Protocol over Ethernet), PPTP (Point-to-Point Tunneling Protocol) or Transparent Bridge. Config.: A modification in an advanced configuration: Click Edit to enter the advanced configuration page.
VPN DUAL-WAN Router Use the following DNS Server Select a user-defined DNS server IP address. Addresses: DNS Server: Input the DNS IP address set by ISP. At least one IP group should be input. The maximum acceptable groups is two IP groups. Enable Line-Dropped The WAN disconnection schedule will be activated by checking this Scheduling: option. In some areas, there is a time limitation for WAN connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am.
VPN DUAL-WAN Router Line-Dropped Scheduling: Input how long the WAN service may be disconnected before the newly added connections should go through another WAN to connect with the Internet. Backup Interface: Select another WAN port as link backup when port binding is configured. Users should select the port that employs the same ISP. After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without making any changes.
VPN DUAL-WAN Router Default Gateway Input the default gateway issued by ISP. For ADSL users, it is usually an ATU-R IP address. As for optical fiber users, please input the optical fiber switching IP. DNS Server Input the DNS IP address issued by ISP. At least one IP group should be input. The maximum acceptable is two IP groups. Enable The WAN disconnection schedule will be activated by checking this option. In Line-Dropped some areas, there is a time limitation for WAN connection service.
VPN DUAL-WAN Router User Name Input the user name issued by ISP. Password Input the password issued by ISP. Connect on Demand This function enables the auto-dialing function to be used in a PPPoE dial connection. When the client port attempts to connect with the Internet, the device will automatically make a dial connection. If the line has been idle for a period of time, the system will break the connection automatically.
VPN DUAL-WAN Router Enable The WAN disconnection schedule will be activated by checking this option. Line-Dropped In some areas, there is a time limitation for WAN connection service. For Scheduling example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. Although there is a standby system in the device, at the moment of WAN disconnection, all the external connections that go through this WAN will be disconnected too.
VPN DUAL-WAN Router WAN IP Address This option is to configure a static IP address. The IP address to be configured could be one issued by ISP. (The IP address is usually provided by the ISP when the PC is installed. Contact ISP for relevant information). Subnet Mask Input the subnet mask of the static IP address issued by ISP, such as: Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP addresses: 255.255.255.
VPN DUAL-WAN Router Connect on Demand This function enables the auto-dialing function to be used for a PPTP dial connection. When the client port attempts to connect with the Internet, the device will automatically connect with the default ISP auto dial connection; when the network has been idle for a period of time, the system will break the connection automatically. (The default time for automatic break off when no packets have been transmitted is five minutes).
VPN DUAL-WAN Router the WAN connection mode. In this way, users will be able to connect normally with the Internet while keeping the original Internet IP addresses in Intranet IP configuration. If there are two WANs configured, users still can select Transparent Bridge mode for WAN connection mode, and load balancing will be achieved as usual. WAN IP Address Subnet Mask Input one of the static IP addresses issued by ISP.
VPN DUAL-WAN Router Internal LAN IP Range Input the available IP range issued by ISP. If ISP issued two discontinuous IP address ranges, users can input them into Internal LAN IP Range 1 and Internal LAN IP Range 2 respectively. Enable The WAN disconnection schedule will be activated by checking this Line-Dropped option. In some areas, there is a time limitation for WAN connection Scheduling service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am.
VPN DUAL-WAN Router IP address: Indicates the current default static IP address. Config.: Indicates an advanced configuration modification: Click Edit to enter the advanced configuration page. The DMZ configuration can be classified by Subnet and Range: Subnet: The DMZ and WAN located in different Subnets For example: If the ISP issued 16 real IP addresses: 220.243.230.1-16 with Mask 255.255.255.240, users have to separate the 16 IP addresses into two groups: 220.243.230.1-8 with Mask 255.255.255.
VPN DUAL-WAN Router IP Range: Input the IP range located at the DMZ port. After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without making any changes.
VPN DUAL-WAN Router 6.2 Multi- WAN Setting When you have multiple WAN gateways, you can use Traffic Management and Protocol Binding function to fulfill WAN road balancing, so that we can have highest network bandwidth efficiency.
VPN DUAL-WAN Router 6.2.1 Load Balance Mode Auto Load Balance Mode When Auto Load Balance mode is selected, the device will use sessions or IP and the WAN bandwidth automatically allocate connections to achieve load balancing for external connections. The network bandwidth is set by what users input for it.
VPN DUAL-WAN Router connections; those which are not configured in the rule will still follow the device Auto Load Balance system. Please refer to the explanations in 6.2.3 Configuring Protocol Binding for setting up Protocol Binding and for examples of collocating router modes with Protocol Binding.
VPN DUAL-WAN Router automatically dispatch the traffic for Netcom through that WAN to connect with the Internet and dispatch traffic for Telecom to go through the WAN connected with Telecom to the Internet accordingly. In this way, the traffic for Netcom and Telecom can be divided. Set WAN Grouping: If more than one WAN is connected with Netcom, to apply a similar division of traffic policy to these WANs, a combination for the WANs must be made.
VPN DUAL-WAN Router Import Strategy: A division of traffic policy can be defined by users too. In the “Import Strategy” window, select the WAN or WAN group (ex. WAN 1) to be assigned and click the “Import IP Range” button; the dialogue box for document importation will be displayed accordingly. A policy document is an editable text document. It may contain a destination IP users designated.
VPN DUAL-WAN Router Note! China Netcom strategy and self-defined strategy can coexist. However, if a destination IP is assigned by both China Netcom strategy and self-defined strategy, China Netcom strategy will take priority. In other words, traffic to that destination IP will be transmitted through the WAN (or WAN group) under China Netcom strategy. Session Balance Advanced Function In general, session balance is to equally and randomly distribute the session connections of each intranet IP.
VPN DUAL-WAN Router Destination Auto Binding: Indicates that the session will be connected with the same WAN IP when the destination IP is in the same Class B range. For example, there are WAN1-1 200.10.10.1 and WAN2- 200.10.10.2, and two intranet IP addresses. When 192.168.1.100 visits Internet 61.222.81.100 for the first time, the connection is through WAN1- 200.10.10.1. If the next destination is to 61.222.81.101 (in the same Class B range), the connection will also be through WAN1- 200.10.10.1.
VPN DUAL-WAN Router through with the same WAN IP based on the first time learning. User Define Dis. Or Port Auto Indicates that the intranet IP will connect through the same WAN IP Binding: when the service ports are self- defined. You can self- define the service ports and destination IP. (If the destination IP is set as 0.0.0.0 to 0, this represents that the destination is to any IP range.) Note! You can only choose either Destimation Auto Binding or User Define Dis. Or Port Auto Binding.
VPN DUAL-WAN Router 192.168.100.1 and 192.168.100.2. When these intranet IPs first connects with TCP443 port, 192.168.100.1 will go through WAN1, and 192.168,100.2 will go through WAN2. Afterwards, 192.168.100.1 will go through WAN1 when there are TCP443 port connections. 192.168.100.2 will go through WAN2 when there are TCP443 port connections. This rule is by default. You can delete or add rules to meet your connection requirement. 6.2.
VPN DUAL-WAN Router When Fail: (1) Generate the Error Condition in the System Log: If an ISP connection failure is detected, an error message will be recorded in the System Log. This line will not be removed; therefore, the some of the users on this line will not have normal connections. This option is suitable under the condition that one of the WAN connections has failed; the traffic going through this WAN to the destination IP cannot shift to another WAN to reach the destination.
VPN DUAL-WAN Router input the DNS IP of the ISP port) Remote Host: This is the detected location for the remote Network Segment. This Remote Host IP should better be capable of receiving feedback stably and speedily. (Please input the DNS IP of the ISP port). DNS Lookup Host: This is the detect location for DNS. (Only a web address such as www.hinet.net is acceptable here. Do not input an IP address.) In addition, do not input the same web address in this box for two different WANs.
VPN DUAL-WAN Router bandwidth is set by what users input for it. For example, if the upload bandwidth of both WANs is 512Kbit/sec, the automatic load ratio will be 1:1; if one of the upload bandwidths is 1024Kbit/sec, while the other is 512Kbit/sec, the automatic load ratio will be 2:1. Therefore, to ensure that the device can balance the actual network load, please input real upload and download bandwidths. The section refers to QoS configuration. Therefore, it should be set in QoS page.
VPN DUAL-WAN Router Service: This is to select the Binding Service Port to be activated. The default (such as ALL-TCP&UDP 0~65535, WWW 80~80, FTP 21 to 21, etc.) can be selected from the pull-down option list. The default Service is All 0~65535. Option List for Service Management: Click the button to enter the Service Port configuration page to add or remove default Service Ports on the option list.
VPN DUAL-WAN Router connections to destination IP address 210.11.1.1 are to be restricted to WAN1, the external static IP address 210.1.1.1 ~ 210.1.1.1 should be input. If a range of destinations is to be assigned, input the range such as 210.11.1.1 ~ 210.11.255.254. This means the Class B Network Segment of 210.11.x.x will be restricted to a specific WAN. If only specific Service Ports need to be designated, while a specific IP destination assignment is not required, input “0” into the IP boxes.
VPN DUAL-WAN Router Service Name: In this box, input the name of the Service Port which users want to activate, such as BT, etc. Protocol: This option list is for selecting a packet format, such as TCP or UDP for the Service Ports users want to activate. Port range: In the boxes, input the range of Service Ports users want to add. Add To List: Click the button to add the configuration into the Services List. Users can add up to 100 services into the list.
VPN DUAL-WAN Router Auto Load Balancing mode when enabled: The collocation of the Auto Load Balance Mode and the Auto Load Mode will enable more flexible use of bandwidth. Users can assign specific Intranet IP addresses to specific destination application service ports or assign specific destination IP addresses to a WAN users choose for external connections. Example 1:How do I set up Auto Load Balance Mode to assign the Intranet IP 192.168.1.
VPN DUAL-WAN Router Example 2:How do I set up Auto Load Balance Mode to keep Intranet IP 192.168.1.150 ~ 200 from going through WAN2 when the destination port is Port 80? As in the figure below, select “HTTP [TCP/80~80]” from the pull-down option list “Service”, and then in the boxes for “Source IP” input “192.168.1.150” to “200”. Retain the original numbers “0.0.0.0” in the boxes of “Destination IP” (which means to include all Internet IP addresses).
VPN DUAL-WAN Router WAN2 from the pull-down option list “Interface”, and then click “Enable”. Finally, click “Add New” and the rule will be added to the mode. The device will transmit packets to Port 80 through WAN2. However, with only the above rule, packets that do not go to Port 80 may be transmitted through WAN2; therefore, a second rule is necessary. The second rule: Select “All Ports [TCP&UDP/1~65535]” from the pull-down option list “Service”, and then input “192.168.1.
VPN DUAL-WAN Router Configuring “Assigned Routing Mode” for load Balance: IP Group: This function allows users to assign packets from specific Intranet IP addresses or to specific destination Service Ports and to specific destination IP addresses through an assigned WAN to the Internet. After being assigned, the specific WAN will only support those assigned Intranet IP addresses, destination Service Ports, or destination IP addresses.
VPN DUAL-WAN Router “Enable”. Finally, click “Add New” and the rule will be added to the mode. After the rule is set up, only packets that go to Port 80 will be transmitted through WAN2, while other traffics will be transmitted through WAN1. Example 2:How do I configure Protocol Binding to keep traffic from all Intranet IP addresses from going through WAN2 when the destinations are IP 211.1.1.1 ~ 211.254.254.254 as well as the whole Class A group of 60.1.1.1 ~ 60.254.254.
VPN DUAL-WAN Router “Destination IP” input “211.1.1.1 ~ 60,254,254,254”. Select WAN2 from the pull-down option list “Interface”, and then click “Enable”. Finally, click “Add New”, and the rule will be added to the mode. After the rule has been set up, all traffic that is not going to the assigned destinations will only be transmitted through WAN1.
VPN DUAL-WAN Router VII. Intranet Configuration This chapter introduces how to configure ports and understand how to configure intranet IP addresses. 7.1 Port Management Through the device, users can easily manage the setup for WAN ports, LAN ports and the DMZ port by choosing the number of ports, speed, priority, duplex and enable/disable the auto-negotiation feature for connection setting of each port. DisabledPort: This feature allows users turn on/off the Ethernet port.
VPN DUAL-WAN Router Duplex Status: This feature allows users to select the network hardware connection speed working mode for the Ethernet. The options are full duplex and half duplex. Auto Neg.: The Auto-Negotiation mode can enable each port to automatically adjust and gather the connection speed and duplex mode. Therefore, if Enabled Auto-Neg. selected, the ports setup will be done without any manual setting by administrators.
VPN DUAL-WAN Router 7.2 Port Status Summary: There are Network Connection Type, Interface, Link Status (Up/Down), Port Activity (Port Enabled), Priority Setting (High or Normal), Speed Status (10Mbps or 100Mbps), Duplex Status (half duplex or full duplex), Auto Neg. (Enabled/Disabled), and VLAN. Statistics: The packet data of this specific port will be displayed. Data include receive/ transmit packet count, receive/ transmit packet Byte count and error packet count.
VPN DUAL-WAN Router 7.3 IP/ DHCP With an embedded DHCP server, it supports automatic IP assignation for LAN computers. (This function is similar to the DHCP service in NT servers.) It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively. When a computer is turned on, it will acquire an IP address from the device automatically. This function is to make management easier.
VPN DUAL-WAN Router Dynamic IP: Client lease Time: Check the option to activate the DHCP server automatic IP lease function. If the function is activated, all PCs will be able to acquire IP automatically. Otherwise, users should configure static virtual IP for each PC individually. Range Start: This is to set up a lease time for the IP address which is acquired by a PC. The default is 1440 minutes (a day). Users can change it according to their needs. The time unit is minute.
VPN DUAL-WAN Router Range End: This is an initial IP automatically leased by DHCP. It means DHCP will start the lease from this IP. The default initial IP is 192.168.1.100. DNS (Domain Name Service): This is for checking the DNS from which an IP address has been leased to a PC port. Input the IP address of this server directly. DNS (Required) 1: Input the IP address of the DNS server. DNS (Optional) 2: Input the IP address of the DNS server.
VPN DUAL-WAN Router 7.4 DHCP Status This is an indication list of the current status and setup record of the DHCP server. The indications are for the administrator’s reference when a network modification is needed. DHCP Server: This is the current DHCP IP. Dynamic IP Used: The amount of dynamic IP leased by DHCP. Static IP Used: The amount of static IP assigned by DHCP. DHCP Available: The amount of IP still available in the DHCP server.
VPN DUAL-WAN Router Host Name: The name of the current computer. IP Address: The IP address acquired by the current computer. MAC Address: The actual MAC network location of the current computer. Client Lease Time: The lease time of the IP released by DHCP. Delete: Remove a record of an IP lease.
VPN DUAL-WAN Router 7.5 IP & MAC Binding Administrators can apply IP & MAC Binding function to make sure that users can not add extra PCs for Internet access or change private IP addresses.
VPN DUAL-WAN Router There are two methods for setting up this function: (1)、Block MAC address not on the list This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access. When this method is applied, please fill out Static IP with 0.0.0.
VPN DUAL-WAN Router (2)、IP & MAC Binding Static IP: There are two ways to input static IP: 1. If users want to set up a MAC address to acquire IP from DHCP, but the IP need not be a specific assigned IP, input 0.0.0.0 in the boxes. The boxes cannot be left empty. 2. If users want DHCP to assign a static IP for a PC every single time, users should input the IP address users want to assign to this computer in the boxes.
VPN DUAL-WAN Router Name: For distinguishing clients, input the name or address of the client that is to be bound. The maximum acceptable characters are 12. Enabled: Activate this configuration. Add to list: Add the configuration or modification to the list. Delete selected item: Remove the selected binding from the list. Add: Add new binding.
VPN DUAL-WAN Router VIII. QoS (Quality of Service) QoS is an abbreviation for Quality of Service. The main function is to restrict bandwidth usage for some services and IP addresses to save bandwidth or provide priority to specific applications or services, and also to enable other users to share bandwidth, as well as to ensure stable and reliable network transmission.
VPN DUAL-WAN Router 8.
VPN DUAL-WAN Router 8.1.1 The Maximum Bandwidth provided by ISP In the boxes for WAN1 and WAN2 bandwidth, input the upstream and downstream bandwidth which users applied for from bandwidth supplier. The bandwidth QoS will make calculations according to the data users input. In other words, it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and WAN2.
VPN DUAL-WAN Router 20Kbit/Sec can be input for “Mini. Rate” Downstream bandwidth can be calculated in the same way. Attention! The unit of calculation in this example is Kbit. Some software indicates the downstream/upstream speed with the unit KB. 1KB = 8Kbit. 8.1.2 QoS To satisfy the bandwidth requirements of certain users, the device enables users to set up QoS: Rate Control and Priority Control. Users can select only one of the above QoS choices.
VPN DUAL-WAN Router Interface: Select on which WAN the QoS rule should be executed. It can be a single selection or multiple selections. Service Port: Select what bandwidth control is to be configured in the QoS rule. If the bandwidth for all services of each IP is to be controlled, select “All (TCP&UDP) 1~65535”. If only FTP uploads or downloads need to be controlled, select “FTP Port 21~21”. Refer to the Default Service Port Number List.
VPN DUAL-WAN Router IP Address: This is to select which user is to be controlled. If only a single IP is to be restricted, input this IP address, such as “192.168.1.100 to 100”. The rule will control only the IP 192.168.1.100. If an IP range is to be controlled, input the range, such as “192.168.1.100 ~ 149”. The rule will control IP addresses from 192.168.1.100 to 149. If all Intranet users that connect with the device are to be controlled, input “0” in the boxes of IP address.
VPN DUAL-WAN Router Bandwidth sharing: Sharing total bandwidth with all IP addresses: If this option is selected, all IP addresses or Service Ports will share the bandwidth range (from minimum to maximum bandwidth). Assign bandwidth for each IP address: If this option is selected, every IP or Service Port in this range can have this bandwidth (minimum to maximum). For example, If the rule is set for the IP of each PC, the IP of each PC will have the same bandwidth.
VPN DUAL-WAN Router Example 1. How to set up the maximum download speed to 50 Kbit for the FTP protocol on all WAN interfaces ? Please refer to the following as a setup example. Click before both WAN1 and WAN2; then choose "FTP [TCP/21~21]" in Service; for IP Address, put your LAN IP range (e.g.192.168.1.1~254); in "Direction" part, open the dropdown box and choose Downstream. Import 2Kbit/Sec in Mini. Rate, which guarantees the minimum bandwidth for FTP downloading. And import 50Kbit/Sec in Max.
VPN DUAL-WAN Router Example 2. How to set up the maximum download speed of each WAN to 512Kbit/Sec for each LAN user? One by one IP to set up? No need to set up one by one. Below is the example. Click both WAN1 and WAN2; then choose “No Check Port[TCP&UDP /0~0” in Service; for IP Address, put your LAN IP range (e.g.192.168.1.1~254); in "Direction" part, open the dropdown box and choose Downstream. Import 2Kbit/Sec in Mini. Rate, which guarantees the minimum bandwidth. And import 512Kbit/Sec in Max.
VPN DUAL-WAN Router 8.2 Session control Session management controls the acceptable maximum simultaneous sessions of Intranet PCs. This function is very useful for managing connection quantity when P2P software such as BT, Thunder, or emule is used in the Intranet causing large numbers of sessions. Setting up proper limitations on sessions can effectively control the sessions created by P2P software. It will also have a limiting effect on bandwidth usage.
VPN DUAL-WAN Router When single IP exceed __: If this function is selected, when the user’s port session reach the limit, this user will not be able to make a new session for five minutes. Even if the previous session has been closed, new sessions cannot be made until the setting time ends.
VPN DUAL-WAN Router Service Port: Choose the service port. Source IP: Input the IP address range or IP group. Enabled: Activate the rule. Add to list: Add this rule to the list. Delete seleted item: Remove the rules selected from the Service List. Apply: Click “Apply” to save the configuration. Cancel: Click “Cancel" to leave without making any change.
VPN DUAL-WAN Router 8.3 Smart QoS The smart QoS function enables the administrators to constrain the bandwidth occupied automatically without any configuring. Enabled QoS: Choose to apply QoS function. When the usage of any WAN’s bandwidth is Input the required rate value into the column. The over than___%, Enable Smart QoS default is 60%. Each IP’s upstream bandwidth threshold Input the max. upstream rate for intranet IPs. (for all WAN): Each IP’s downstream bandwidth threshold Input the max.
VPN DUAL-WAN Router Scheduling: If “Always” is selected, the rule will be executed around the clock. If “From…” is selected, the rule will be executed according to the configured time range. For example, if the time control is from Monday to Friday, 8:00am to 6:00pm, users can refer to the following figure to set up the rule.
VPN DUAL-WAN Router IX. Firewall This chapter introduces firewall general policy, access rule, and content filter settings to ensure network security. 9.1 General Policy The firewall is enabled by default. If the firewall is set as disabled, features such as SPI, DoS, and outbound packet responses will be turned off automatically. Meanwhile, the remote management feature will be activated. The network access rules and content filter will be turned off.
VPN DUAL-WAN Router Remote Management: To enter the device web- based UI by connecting to the remote Internet, this feature must be activated. In the field of remote browser IP, a valid external IP address (WAN IP) for the device should be filled in and the modifiable default control port should be adjusted (the default is set to 80, modifiable). Multicast Pass Through: There are many audio and visual streaming media on the network.
VPN DUAL-WAN Router Advanced Setting Packet Type: This device provides three types of data packet transmission: TCP-SYN-Flood, UDP-Flood and ICMP-Flood. WAN Threshold: When all packet values from external attack or from single external IP attack reach the maximum amount (the default is 15000 packets/Sec and 2000 packets/Sec respectively), if these conditions above occurs, the IP will be blocked for 5 minutes ( the default is 5 minutes OBJ 176 ).
VPN DUAL-WAN Router Show Blocked IP: Show the blocked IP list and the remained blocked time. Restricted WEB It supports the block that is connected through: Java, Cookies, Active X, Features: and HTTP Proxy access. Apply: Click “Apply” to save the configuration. Cancel: Click “Cancel" to leave without making any change.
VPN DUAL-WAN Router 9.2 Access Rule Users may turn on/off the setting to permit or forbid any packet to access internet. Users may select to set different network access rules: from internal to external or from external to internal. Users may set different packets for IP address and communication port numbers to filter Internet access rules.
VPN DUAL-WAN Router In addition to the default rules, all the network access rules will be displayed as illustrated above. Users may follow or self- define the priority of each network access rule. The device will follow the rule priorities one by one, so please make sure the priority for all the rules can suit the setting rules. Edit: Delete: Define the network access rule item Remove the item.
VPN DUAL-WAN Router 9.2.1 Add New Access Rule Action: Allow: Permits the pass of packets compliant with this control rule Deny: Prevents the pass of packets not compliant with this control rule Service: From the drop-down menu, select the service that users grant or do not give permission. Service Management: If the service that users wish to manage does not exist in the drop-down menu, press – Service Management to add the new service.
VPN DUAL-WAN Router address or an IP address within a session. Dest. IP: Select the destination IP range (such as Any, Single, Range, or preset IP group name) If Single or Range is selected; please enter a single IP address or an IP address within a session. Scheduling: Select “Always” to apply the rule on a round-the-clock basis. Select “from”, and the operation will run according to the defined time. Apply this rule: Select "Always" to apply the rule on a round-the-clock basis.
VPN DUAL-WAN Router Example 2.:How to forbid intranet IP range from 192.168.1.200 to 230 to access service port 80? Action:Forbid Service Port:TCP 80 Source Interface:LAN (Meaning to service port 80 which blocks the traffic from intranet to internet.) Source IP:192.168.1.200~192.168.1.230 Dest. IP:ANY (Meaning to any service port 80 which blocks the traffic from intranet to internet among 192.168.1.200~230.
VPN DUAL-WAN Router 9.3 Content Filter The device supports two webpage restriction modes: one is to block certain forbidden domains, and the other is to give access to certain web pages. Only one of these two modes can be selected. Block Forbidden Domain Fill in the complete website such as www.sex.com to have it blocked.
VPN DUAL-WAN Router Add: Enter the websites to be controlled such as www.playboy.com Add to list: Click ”Add to list” to create a new website to be controlled. Delete selected item: Click to select one or more controlled websites and click this option to delete.
VPN DUAL-WAN Router Website Blocking by Keywords: Enabled: Click to activate this feature. The default setting is disabled. For example: If users enter the string ”sex”, any websites containing ”sex” will be blocked. Keywords(Only for English Enter keywords. keyword) : Add to List: Add this new service item content to the list. Delete selected item: Delete the service item content from the list Apply: Click “Apply” to save the modified parameters.
VPN DUAL-WAN Router Enabled: Activate the function. The default setting is “Disabled.” Add: Input the allowed domain name, etc. www.google.com Add to list: Add the rule to list. Delete selected item: Users can select one or more rules and click to delete. Exception IP Here IP/IP ranges are exempted from “Accept Allowed Domain” through this method.
VPN DUAL-WAN Router Exception IP address Input unrestricted IP/IP Range Add to list: Click this button to add new unrestricted IPs Delete selected item: Select out one/more unrestricted IPs, click this button to delete them Content Filter Scheduling Select “Always” to apply the rule on a round-the-clock basis. Select “from”, and the operation will run according to the defined time. For example, if the control time runs from 8 a.m. to 6 p.m.
VPN DUAL-WAN Router X. VPN (Virtual Private Network) 10.1. VPN 10.1.1. Display All VPN Summary This VPN Summary displays the real-time data with regard to VPN status. These data include: all tunnel numbers (PPTP, IPSec VPN), setting parameters and Group VPN and so forth.
VPN DUAL-WAN Router Previous Page/Next Page, Jump to __/__ Page, __ Click Previous page or Next page to view the desired VPN tunnel page. Or users can select the page number directly to view all VPN tunnel statuses, such as 3, 5, 10, 20 or All. Entries Per Page Tunnel No. To set the embedded VPN feature, please select the tunnel number. It supports up to 300 IPSec VPN tunnel Setting (gateway to gateway as well as client to gateway). Status: Successful connection is indicated as-(Connected).
VPN DUAL-WAN Router Remote Group: Displays the setting for remote VPN connection secure group. Remote Gateway: Set the IP address to connect the remote VPN device. Please set the VPN device with a valid IP address or domain name. Control: Click “Connect” to verify the tunnel status. The test result will be updated. To disconnect, click “Disconnect” to stop the VPN connection. Config: Setting items include Edit and Delete icon.
VPN DUAL-WAN Router Remote Client: Displays the name of this group for remote VPN Connection secure group setting. Remote Client Status: Click on Detail List, and more information such as Group Name, IP address and the connection time will be displayed. Control: Click Connect to verify the status of the tunnel. The test result will be updated in this status. Config: As illustrated below, configurations include Edit and Delete icon. Click on Edit to enter the setting items to be changed.
VPN DUAL-WAN Router 10.1.2. Add a New VPN Tunnel The device supports Gateway to Gateway tunnel or Client to Gateway tunnel. The VPN tunnel connections are done by 2 VPN devices via the Internet. When a new tunnel is added, the setting page for Gateway to Gateway or Client to Gateway will be displayed. Gateway to Gateway: Click “Add” to enter the setting page of Gateway to Gateway. Client to Gateway: Click “Add” to enter the setting page of Client to Gateway.
VPN DUAL-WAN Router 10.1.2.1. Gateway to Gateway Setting The following instructions will guide users to set a VPN tunnel between two devices. Tunnel No.: Set the embedded VPN feature, please select the Tunnel number. Tunnel Name: Displays the current VPN tunnel connection name, such as XXX Office. Users are well-advised to give them different names to avoid confusion.
VPN DUAL-WAN Router Local Security GatewayType: This local gateway authentication type comes with five operation modes, which are: IP only IP + Domain Name (FQDN) Authentication IP + E-mail Addr. (USER FQDN) Authentication Dynamic IP + Domain Name (FQDN) Authentication Dynamic IP + E-mail Addr. (USER FQDN) Authentication. Dynamic IP address + Email address name (1) IP only: If users decide to use IP only, entering the IP address is the only way to gain access to this tunnel.
VPN DUAL-WAN Router (4) Dynamic IP + Domain Name(FQDN) Authentication: If users use dynamic IP address to connect to the device, users may select this option to link to VPN. If the remote VPN gateway requires connection to the device for VPN connection, this device will start authentication and respond to this VPN tunnel connection; if users select this option to link to VPN, please enter the domain name. (5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication.
VPN DUAL-WAN Router 2. Subnet This option allows local computers in this subnet can be connected to the VPN tunnel. Reference: When this VPN tunnel is connected, only computers with the session of 192.168.1.0 and with subnet mask as 255.255.255.0 can connect with remote VPN. Remote Group Setup: This remote gateway authentication type (Remote Security Gateway Type) must be identical to the remotely-connected local security gateway authentication type (Local Security Gateway Type).
VPN DUAL-WAN Router If the IP address of the remote client is unknown, choose IP by DNS Resolved, allowing DNS to translate IP address. When users finish the setting, the corresponding IP address will be displayed under the remote gateway of Summary. (2) IP + Domain Name(FQDN) Authentication: If users select IP + domain name, please enter IP address and the domain name to be verified. FQDN refers to the combination of host name and domain name.
VPN DUAL-WAN Router If the remote IP address is unknown, choose IP by DNS Resolved, allowing DNS to translated the IP address. This domain name must be available on the Internet. When users finish the setting, the corresponding IP address will be displayed under the remote gateway of Summary. (4) Dynamic IP + Domain Name(FQDN) Authentication: If users use dynamic IP address to connect with the device, users may select the combination of the dynamic IP address, host name and domain name.
VPN DUAL-WAN Router Remote Security Group Type: This option allows users to set the remote VPN connection access type. The following offers a few items for remote settings. Please select and set appropriate parameters: (1) IP address This option allows the only IP address which is entered to build the VPN tunnel. Reference: When this VPN tunnel is connected, computers with the IP address of 192.168.2.1 can establish connection.
VPN DUAL-WAN Router IPSec Setup If there is any encryption mechanism, the encryption mechanism of these two VPN tunnels must be identical in order to create connection. And the transmission data must be encrypted with IPSec key, which is known as the encryption "key". The device provides the IKE automatic encryption mode- IKE with Preshared Key (automatic). By using the drop down menu, select the desired encryption mode as illustrated below.
VPN DUAL-WAN Router Perfect Forward Secrecy: When users check the PFS option, don't forget to activate the PFS function of the VPN device and the VPN Client as well. Phase 1/ Phase 2 DH Group: This option allows users to select Diffie-Hellman groups: Group 1/ Group 2/ Group 5. Phase 1/ Phase 2 Encryption: This option allows users to set this VPN tunnel to use any encryption mode.
VPN DUAL-WAN Router Advanced Setting- for IKE Protocol Only The advanced settings include Main Mode and Aggressive mode. For the Main mode, the default setting is set to VPN operation mode. The connection is the same to most of the VPN devices. ● Aggressive Mode: This mode is mostly adopted by remote devices. The IP connection is designed to enhance the security control if dynamic IP is used for connection.
VPN DUAL-WAN Router tunnel regularly; the remote host will also send an ICMP ACK reply packet toward the originator. If there is still no received ICMP ACK reply after exceeding the setting retry, the Heart Beat originator will terminate this VPN tunnel. Under this situation, if you are the VPN tunnel initiator, the system will try to reconnect the tunnel; if you are the passive party, the system will wait for the initiator to establish the tunnel again.
VPN DUAL-WAN Router 10.1.2.2. Client to Gateway Setting The following describes how an administrator builds a VPN tunnel between devices. Users can set this VPN tunnel to be used by one client at the client end. If it is used by a group of clients, the individual setting for remote clients can be reduced. Only one tunnel will be set and used by a group of clients, which allows easy setting. Situation in Tunnel: Tunnel No.: Set the embedded VPN feature, please select the Tunnel number.
VPN DUAL-WAN Router Local Group Setup This local gateway authentication type (Local Security Gateway Type) must be identical with that of the remote type (Remote Security Gateway Type). Local Security Gateway Type: This local gateway authentication type comes with five operation modes, which are: IP only - Authentication by the use of IP only IP + Domain Name (FQDN) Authentication, -IP + Domain name IP + E-mail Addr.
VPN DUAL-WAN Router If users select IP address and E-mail, enter the IP address and E-mail address to gain access to this tunnel and the WAN IP address will be automatically filled into this space. Users don't need to do further settings. (4) Dynamic IP + Domain Name(FQDN) Authentication: If users use dynamic IP address to connect to the device, users may select this option to link to VPN.
VPN DUAL-WAN Router Reference: When this VPN tunnel is connected, computers with the IP address of 192.168.1.0 can establish connection. 2. Subnet This option allows local computers in this subnet to be connected to the VPN tunnel. Reference: When this VPN tunnel is connected, only computers with the session of 192.168.1.0 and with subnet mask as 255.255.255.0 can connect with remote VPN.
VPN DUAL-WAN Router Remote Group Setup: This remote gateway authentication type (Remote Security Gateway Type) must be identical to the remotely-connected local security gateway authentication type (Local Security Gateway Type). Remote Security Gateway Type: This local gateway authentication type comes with five operation modes, which are: IP only IP + Domain Name (FQDN) Authentication IP + E-mail Addr. (USER FQDN) Authentication Dynamic IP + Domain Name (FQDN) Authentication Dynamic IP + E-mail Addr.
VPN DUAL-WAN Router and domain name must be identical to those of the VPN secure gateway setting type to establish successful connection. (3) IP + E-mail Addr. (USER FQDN) Authentication. If users select IP address and E-mail, enter the IP address and E-mail address to gain access to this tunnel and the WAN IP address will be automatically filled into this space. Users don't need to do further settings.
VPN DUAL-WAN Router IPSec Setup If there is any encryption mechanism, the encryption mechanism of these two VPN tunnels must be identical in order to create connection. And the transmission data must be encrypted with IPSec key, which is known as the encryption "key". The device provides the IKE automatic encryption mode- IKE with Preshared Key (automatic). By using the drop down menu, select the desired encryption mode as illustrated below.
VPN DUAL-WAN Router Perfect Forward Secrecy: When users check the PFS option, don't forget to activate the PFS function of the VPN device and the VPN Client as well. Phase 1/ Phase 2 DH Group: This option allows users to select Diffie-Hellman groups: Group 1/ Group 2/ Group 5. Phase 1/ Phase 2 Encryption: This option allows users to set this VPN tunnel to use any encryption mode.
VPN DUAL-WAN Router The advanced settings include Main Mode and Aggressive mode. For the Main mode, the default setting is set to VPN operation mode. The connection is the same to most of the VPN devices. ● Aggressive Mode: This mode is mostly adopted by remote devices. The IP connection is designed to enhance the security control if dynamic IP is used for connection.
VPN DUAL-WAN Router Enabled PPTP Server: When this option is selected, the point-to-point tunnel protocol PPTP 123
VPN DUAL-WAN Router server can be enabled. PPTP IP Address Range: Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network. Enter Range Start: Enter the value into the last field. Enter Range End: Enter the value into the last field. User name: Please enter the name of the remote user. Password: Enter the password and confirm again by entering the new password. Confirm Password: Add to list: Add a new account and password.
VPN DUAL-WAN Router 10.2. QVM VPN Function Setup Account ID: Must be identical to that of the server account ID. Password: Must be identical to that of the server password. Confirm Password: Please enter the password and confirm again. QVM VPN ( IP Address or Input QVM VPN Server IP address or domain name. Dynamic Domain Name) : Status: Displays QVN connection status. Keep Alive: Redial Period This function is to set re- connect duration if QVM contention drops. The range is 1~60 mins.
VPN DUAL-WAN Router be automatically enabled to backup the VPN connection and ensure data transition security. Advanced Function: In some environment, port 443 has been used, for example, Change QVM Client’s Service E-Mail Forwarding. To avoid the conflict with QVM, QVM port Port: can be changed to other encryption ports, such as 10443. After modification, press “Apply” to save the network setting or press “Cancel” to keep the settings unchanged.
VPN DUAL-WAN Router XI. Advanced Function 11.1 DMZ Host/ Port Range Forwarding 11.1.1 DMZ Host When the NAT mode is activated, sometimes users may need to use applications that do not support virtual IP addresses such as network games. We recommend that users map the device actual WAN IP addresses directly to the Intranet virtual IP addresses, as follows: If the “DMZ Host” function is selected, to cancel this function, users must input "0” in the following “DMZ Private IP”.
VPN DUAL-WAN Router 11.1.2 Port Range Forwarding Setting up a Port Forwarding Virtual Host: If the server function (which means the server for an external service such as WWW, FTP, Mail, etc) is contained in the network, we recommend that users use the firewall function to set up the host as a virtual host, and then convert the actual IP addresses (the Internet IP addresses) with Port 80 (the service port of WWW is Port 80) to access the internal server directly.
VPN DUAL-WAN Router Service: To select from this option the default list of service ports of the virtual host that users want to activate. Such as: All (TCP&UDP) 0~65535, 80 (80~80) for WWW, and 21~21 for FTP. Please refer to the list of default service ports. IP Address: Input the virtual host IP address. Enabled: Activate this function. Service Port Add or remove service ports from the list of service ports. Management: Add to list: Add to the active service content.
VPN DUAL-WAN Router Service Name: Input the name of the service port users want to activate on the list, such as E-donkey, etc. Protocol: To select whether a service port is TCP or UDP. Port Range: To activate this function, input the range of the service port locations users want to activate such as 500~500 or 2300~2310, etc. Add to list: Add the service to the service list. It supports up to 100 rules. Delete selected item: To remove the selected services.
VPN DUAL-WAN Router 11.2 UPnP UPnP (Universal Plug and Play) is a protocol set by Microsoft. If the virtual host supports UPnP system (such as Windows XP), users could also activate the PC UPnP function to work with the device. Service Port: Select the UPnP service number default list here; for example, WWW is 80~80, FTP is 21~21. Please refer to the default service number list. Host Name or IP Address: Input the Intranet virtual IP address or name that maps with UPnP such as 192.168.1.100.
VPN DUAL-WAN Router 11.3 Routing In this chapter we introduce the Dynamic Routing Information Protocol and Static Routing Information Protocol. 11.3.1 Dynamic Routing The abbreviation of Routing Information Protocol is RIP. There are two kinds of RIP in the IP environment – RIP I and RIP II. Since there is usually only one router in a network, ordinarily just Static Routing will be used.
VPN DUAL-WAN Router RIP is a very simple routing protocol, in which Distance Vector is used. Distance Vector determines transmission distance in accordance with the number of routers, rather than based on actual session speed. Therefore, sometimes it will select a path through the least number of routers, rather than through the fastest routers. Working Mode: Select the working mode of the device: NAT mode or router mode. RIP: Click “Enabled” to open the RIP function.
VPN DUAL-WAN Router Dest. IP: Input the remote network IP locations and subnet that is to be Subnet Mask: routed. For example, the IP/subnet is 192.168.2.0/255.255.255.0. Gateway: The default gateway location of the network node which is to be routed. Hop Count: This is the router layer count for the IP. If there are two routers under the device, users should input “2” for the router layer; the default is “1”. (Max. is 15.
VPN DUAL-WAN Router 11.4 One to One NAT As both the device and ATU-R need only one actual IP, if ISP issued more than one actual IP (such as eight ADSL static IP addresses or more), users can map the remaining real IP addresses to the intranet PC virtual IP addresses. These PCs use private IP addresses in the Intranet, but after having One to One NAT mapping, these PCs will have their own public IP addresses.
VPN DUAL-WAN Router Enabled One to One NAT: To activate or close the One-to-One NAT function. (Check to activate the function). Private IP Range Begin: Input the Private IP address for the Intranet One-to-One NAT function. Public IP Range Begin: Input the Public IP address for the Internet One-to-One NAT function. Range Length: The numbers of final IP addresses of actual Internet IP addresses. (Please do not include IP addresses in use by WANs.
VPN DUAL-WAN Router Multiple to One NAT Enable Multiple to One NAT Click to enable multiple to one NAT function. Private IP Range Input intranet IPs for NAT mapping. Respective Public IP Input the respective public IP addresses. This should go along with the following interface selection. If the IP address is not within the interface ranges, the setting will not work. Interface Select the mapping interface. If the WAN IP above is not within the interface range, the setting will not work.
VPN DUAL-WAN Router services such as a website, it offers the function of dynamic web address transfer. This service can be applied from http://www.Allnet.cn/en/ddns, www.3322.org, www.dyndns.org, or www.dtdns.com, and these are free. Also, in order to solve the issue that DDNS server is not stable, the device can update the dynamic IP address with different services at the same time. * The UI might vary from model to model, depending on different product lines.
VPN DUAL-WAN Router Dynamic Domain Name Input the website address which has been applied from DDNS. Examples are abc.dyndns.org or xyz.3322.org. WAN IP Address Input the actual dynamic IP address issued by the ISP. Status An indication of the status of the current IP function refreshed by DDNS. Apply After the changes are completed, click “Apply” to save the network configuration modification. Cancel Click “Cancel" to leave without making any changes.
VPN DUAL-WAN Router 11.6 MAC Clone Some ISP will request for a fixed MAC address (network card physical address) for distributing IP address, which is mostly suitable for cable mode users. Users can input the network card physical address (MAC address: 00-xx-xx-xx-xx-xx) here. The device will adopt this MAC address when requesting IP address from ISP. Select the WAN port to which the configuration is to be edited; click the hyperlink to enter and edit its configuration.
VPN DUAL-WAN Router 11.7 E-Bulletin & ARP Binding Communities or enterprises can issue their web-bulletin and instant news to LAN users through E-Bulletin. LAN users can see the bulletin when they click on the browser. It’s very convenient and economical to send messages. “Web Page Redirection” can redirect web page to the enterprise website or specific advertisement page. “Client site ARP Binding Program Downloading” is one complementary function of Bi-direction ARP Binding.
VPN DUAL-WAN Router Content Input the Bulletin content within 1000 characters. Web Page Redirection: When user open the After establishing E-Bulletin is shown, when user execute next action, they will find the browser first time, browser directes to specific page, ex tw.yahoo.com.
VPN DUAL-WAN Router XII. System Tool This chapter introduces the management tool for controlling the device and testing network connection. For security consideration, we strongly suggest to change the password. Password and Time setting is in Chapter 5.2. 12.1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network-related problems. This tool includes DNS Name Lookup (Domain Name Inquiry Test) and Ping (Packet Delivery/Reception Test).
VPN DUAL-WAN Router Ping This item informs users of the status quo of the outbound session and allows the user to know the existence of computers online. On this test screen, please enter the host IP that users want to test such as 192.168.5.20. Press "Go" to start the test. The result will be displayed on this screen.
VPN DUAL-WAN Router 12.2 Firmware Upgrade Users may directly upgrade the device firmware on the Firmware Upgrade page. Please confirm all information about the software version in advance. Select and browse the software file, click "Firmware Upgrade Right Now" to complete the upgrade of the designated file. Note! Please read the warning before firmware upgrade. Users must not exit this screen during upgrade. Otherwise, the upgrade may fail.
VPN DUAL-WAN Router 12.3 Configuration Backup Import Configuration File: This feature allows users to integrate all backup content of parameter settings into the device. Before upgrade, confirm all information about the software version. Select and browse the backup parameter file: "config.exp." Select the file and click "Import" to import the file. Export Configuration File: This feature allows users to backup all parameter settings. Click "Export" and select the location to save the "config.exp" file.
VPN DUAL-WAN Router 12.4 SNMP Simple Network Management Protocol (SNMP) refers to network management communications protocol and it is also an important network management item. Through this SNMP communications protocol, programs with network management (i.e. SNMP Tools-HP Open View) can help communications of real-time management.
VPN DUAL-WAN Router Enabled: Activate SNMP feature. The default is activated. System Name: Set the name of the device such as Allnet. System Contact: Set the name of the person who manages the device (i.e. John). System Location: Define the location of the device (i.e. Taipei). Get Community Name: Set the name of the group or community that can view the device SNMP data. The default setting is "Public".
VPN DUAL-WAN Router 12.5 System Recover Users can restart the device with System Recover button. System Recover As the figure below, if clicking “Restart Router” button, the dialog block will pop out, confirming if users would like to restart the device.
VPN DUAL-WAN Router Return to Factory Default Setting If clicking “Return to Factory Default Setting, the dialog block will pop out, if the device will return to factory default.
VPN DUAL-WAN Router XIII. Log From the log management and look up, we can see the relevant operation status, which is convenient for us to facilitate the setup and operation. 12.1 System Log Its system log offers three options: system log, E-mail alert, and log setting.
VPN DUAL-WAN Router Enable: If this option is selected, the System Log feature will be enabled. Syslog Server: The device provides external system log servers with log collection feature. System log is an industrial standard communications protocol. It is designed to dynamically capture related system message from the network. The system log provides the source and the destination IP addresses during the connection, service number, and type.
VPN DUAL-WAN Router Unauthorized If intruders into the device are identified, the message will be sent to the Login: system log. General Log The device provides the following warning message. Click to activate the feature. System error message, blocked regulations, regulation of passage permission, system configuration change and registration verification. System Error Message: Provides the system log with all kinds of error messages.
VPN DUAL-WAN Router LAN IP, destination IP, and service port that is applied. It is illustrated as below. Incoming Packet Log: View system packet log of those entering the firewall. The log includes information about the external source IP addresses, destination IP addresses, and service ports. It is illustrated as below. Clear Log Now: This feature clears all the current information on the log.
VPN DUAL-WAN Router 12.2 System Statistic The device has the real-time surveillance management feature that provides system current operation information such as port location, device name, current WAN link status, IP address, MAC address, subnet mask, default gateway, DNS, number of received/ sent/ received/ sent/ total Bytes, Received and total packets , number of Sent Bytes/Sec.
VPN DUAL-WAN Router 156
VPN DUAL-WAN Router 12.3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control. Inbound IP Source Address: The figure displays the source IP address, bytes per second, and percentage. Outbound IP Source Address: The figure displays the source IP address, bytes per second, and percentage.
VPN DUAL-WAN Router Inbound IP Service: The figure displays the network protocol type, destination IP address, bytes per second, and percentage. Outbound IP Service: The figure displays the network protocol type, destination IP address, bytes per second, and percentage. Inbound IP Session: The figure displays the source IP address, network protocol type, source port, destination IP address, destination port, bytes per second and percentage.
VPN DUAL-WAN Router Outbound Session: The figure displays the source IP address, network protocol type, source port, destination IP address, destination port, bytes per second and percentage. 12.4 IP/ Port Statistic The device allows administrators to inquire a specific IP (or from a specific port) about the addresses that this IP had visited, or the users (source IP) who used this service port.
VPN DUAL-WAN Router Specific IP Status: Enter the IP address that users want to inquire, and then the entire destination IP connected to remote devices as well as the number of ports will be displayed. Specific Port Status: Enter the service port number in the field and IP that are currently used by this port will be displayed.
VPN DUAL-WAN Router 12.5 QRTG (Router Traffic Grapher) QRTG utilizes dynamic GUI and simple statistic to display system status of Allnet Firewall/ Router presently, including CPU Utilization(%), Memory Utilization(%), Session and WAN Traffic. Enable QRTG: The funcation is disabled by default. When you are going to enable the QRTG function, system will pop-up a warning massage to remind you this function will be enabled, which may influence router efficiency.
VPN DUAL-WAN Router 162
VPN DUAL-WAN Router 163
VPN DUAL-WAN Router II. WAN Traffic Statistic (hourly) graphic and average (up/down stream) (As in the following figures) * The UI might vary from model to model, depending on different product lines.
VPN DUAL-WAN Router III. WAN Traffic Statistic (Day) graphic and average (up/down stream)(As in the following figures) * The UI might vary from model to model, depending on different product lines.
VPN DUAL-WAN Router IV. WAN Traffic Statistic (Week) graphic and average (up/down stream)(As in the following figures) * The UI might vary from model to model, depending on different product lines.
VPN DUAL-WAN Router XIV. Log out On the top right corner of the web- based UI, there is a Logout button. Click on it to log out of the web- based UI. To enter next time, open the Web browser and enter the IP address, user name and password to log in.
VPN DUAL-WAN Router Appendix I: User Interface and User Manual Chapter Cross Reference This appendix is to show the corresponding index for each chapter and user interface. how to setup quickly and understand the VPN Router capability at the same time. VPN Router overall interface is as below. Category Sub- category Home Chapter V. Device Spec Verification, Status Display and Login Password and Time Setting 5.1 Home Basic Setting VI. Network Network 6.1 Network Connection Connection Traffic 6.
VPN DUAL-WAN Router Bandwidth 8.1 Bandwidth Management Management 8.3 Smart QoS Session Control 8.2 Session Limit IP/DHCP VII. Port Management Setup 7.3 DHCP/ IP Status 7.4 DHCP Status IP & MAC Binding 7.5 IP & MAC Binding Firewall IX. Firewall General Policy 9.1 General Policy 9.2 Restricted Application Access Rule 9.3 Access Rule Content Filter 9.4 Content Filter Advanced Function XI. Advanced Setting DMZ/Forwarding 11.1 DMZ Host/ Port Range Forwarding UPnP 11.
VPN DUAL-WAN Router Setup 7.1 Port Management Status 7.2 Port Status VPN X. VPN Summary 10.1.1 Summary Gateway to 10.1.2.1 Gateway to Gateway Gateway Client to Gateway 10.1.2.2 Client to Gateway PPTP Setup 10.1.3 PPTP Sever PPTP Status 10.1.3 PPTP Sever VPN Pass Through 10.1.4 VPN Pass Through QVM VPN 10.3 QVM VPN QVM Setup Log 10.3 QVM VPN Client Setting XIII. Log System Log 13.1 System Log System Status 13.2 System Status Traffic Statistic 13.
VPN DUAL-WAN Router Appendix II:Troubleshooting (1) Block BT Download To block BT and prevent downloading by users, go to the “Firewall -> Content Filter" and select "Enable Website Block by Keywords," followed by the input of "torrent." This will prevent the users from downloading.
VPN DUAL-WAN Router (2)Shock Wave and Worm Virus Prevention Since many users have been attacked by Shock Wave and Worm viruses recently, the internet transmission speed was brought down and the Session bulky increase result in the massive processing load of the device. The following guides users to block this virus' corresponding port for prevention. a. Add this TCP135-139, UDP135-139 and TCP445 Port. b. Use the "Access Rule" in the firewall and set to block these three ports.
VPN DUAL-WAN Router Use the same method to add UDP [UDP135~139] and TCP [445~445] Ports. c. Enhance the priority level of these three to the highest.
VPN DUAL-WAN Router (3)Block QQLive Video Broadcast Setting QQLive Video broadcast software is a stream media broadcast software. Many clients are bothered by the same problem: When several users apply QQLive Video broadcast software, a greater share of the bandwidth is occupied, thus overloading the device. Therefore, the device responds more slowly or is paralyzed. If the login onto the QQLive Server is blocked, the issue can be resolved.
VPN DUAL-WAN Router 60.28.235.119 222.28.155.17 QQ LiveVersion:QQ Live 2008 (7.0.4017.0) Tested on: 2008-07-29 After repeated addition, users may see the links to the QQLive Server blocked. Click "Apply" to block QQLive video broadcast.
VPN DUAL-WAN Router (4)ARP Virus Attack Prevention 1. ARP Issue and Information Recently, many cyber cafes in China experienced disconnection (partially or totally) for a short period of time, but connection is resumed quickly. This is caused by the clash with MAC address. When virus-contained MAC mirrors to such NAT equipments as host devices, there is complete disconnection within the network. If it mirrors to other devices of the network, only devices of this affected network have problems.
VPN DUAL-WAN Router address of 192.168.1.1 is 00-aa-00-62-c6-09”. So Host A knows the MAC address of Host B, and it can send data to Host B. Meanwhile, it will update its ARP cache. Moreover, ARP virus attack can be briefly described as an internal attack to the PC, which causes trouble to the ARP table of the PC. In LAN, IP address was transferred into the second physical address (MAC address) through ARP protocol. ARP protocol is critical to network security.
VPN DUAL-WAN Router If there are cases of packet loss of the ping LAN IP and lf later there is connection, it is possible that the system is attacked by ARP. To verify the situation, we may judge by checking ARP table. Enter the ARP -a command as illustrated below. It is found that the IP of 192.168.1.1 and 192.168.252 points to the same MAC address as 00-0f-3d-83-74-28. Evidently, this is a cheat by ARP. 3.
VPN DUAL-WAN Router b) Bind the Gateway IP and MAC address for each PC This prevents the ARP from cheating IP and its MAC address. First, find out the gateway IP and MAC address on the device end. On every PC, start or operate cmd to enter the dos operation. Enter arp –s 192.168.1.1 0a-0f-d4-9e-fb-0b so as to finish the binding of pc01 as illustrated. For other host devices within the network, follow the same way to enter the IP and MAC address of the corresponding device to complete the binding work.
VPN DUAL-WAN Router arp -d arp -s Router LAN IP Router LAN MAC For those internal network attacked by Arp, the source must be identified. Method: If the PC fails to go online or there is packet loss of ping, in the DOS screen, input arp –a command to check if the MAC address of the gateway is the same with the device MAC address. If not, the PC corresponding to the MAC address is the source of attack.
VPN DUAL-WAN Router After an item is added to the list, the corresponding message will be displayed in the white block on the bottom. However, such method is not recommended because the inquiry of IP/MAC addresses of all hosts creates heavy workload. Another method to bind IP and MAC is more recommended because of easy operation, reducing workload and time efficiency. It is described in the following. Enter “Setup” under the DHCP page and look for IP and MAC binding.
VPN DUAL-WAN Router Click to display IP and MAC binding list dialog box. In this box, the unbinding IP and MAC address corresponding to the PC are displayed. Enter the "Name" of the computer and click on "Enabled" with the display of the “√” icon and push the option on the top right corner of the screen to confirm. Now the bound options will display on the IP and MAC binding list (as illustrated in Figure 5) and click "Apply” to finish binding.
VPN DUAL-WAN Router Though these basic operations can help solve the problem but Allnet's technical engineers suggest that further measures should be taken to prevent the ARP attack. 1. Deal with virus source as well as the source device affected by virus through virus killing and the system re-installation. This operation is more important because it solves the source PC which is attacked by ARP. This can better shelter the network from being attacked. 2.
VPN DUAL-WAN Router 5. Frequently update anti-virus software (virus data base), and set the daily upgrade that allows regular and automatic update. Install and use the network firewall software. Network firewall is important for the process of anti-virus. It can effectively avert the attack from the network and invasion of the virus. Some users of the pirate version of Windows cannot install patches successfully. Users are advised to use network firewall and other measures for protection. 6.
