Multi-WAN VPN Link Balancer User’s Guide
TABLE OF CONTENTS 1: INTRODUCTION ..............................................................................................................................1 Internet Features ..........................................................................................................................1 Other Features ..............................................................................................................................3 Package Contents ................................................
Bandwidth Setup ........................................................................................................................69 Policy Configuration… ...............................................................................................................70 9: DNS CONFIGURATION .................................................................................................................74 Overview............................................................................................
1: Introduction Congratulations on the purchase of your new Multi-WAN VPN Link Balancer. The Multi-WAN VPN Link Balancer not only provides a selection of 1~8 WAN ports – it also provides Shared Broadband Internet Access for all LAN users. Figure 1-1: Multi-WAN VPN Link Balancer Internet Features • Flexible use of WAN ports There are 8 WAN ports available for use on Multi-WAN Link Balancer. The user can decide how many WAN ports to use by setting the web page on setup area.
This flexible configuration allows each port to use a different type of modem and connection method. Also, the Internet traffic that is shared between the 8 modems can be pre-determined. • Support for all common Connection Methods All popular DSL, Cable Modems and connection methods are supported. These include - Fixed IP, Dynamic IP, PPPoE and PPTP.
problems with some servers (e.g. SMTP server port 113) or WAN clients which require a response packet to verify the availability of their communication peers. • VPN (Virtual Private Network) Support is provided for up to 50 VPN tunnels with a failover and back-up mechanism. • VPN Mesh Group. The Multi-WAN VPN Link Balancer also supports VPN Load Balance with mesh group configuration.
• Syslog This is a very useful feature for monitoring the device in that it can generate real time system information on the web page or on a particular machine. • QoS Configuration. This function will allow higher priority pass-through for specified packets such as real-time applications like Internet phone, video conference, etc. • UPnP When UPnP (Universal Plug & Play), is set to “Enable” - the Multi-WAN VPN Link Balancer becomes a network device.
Package Contents The following items are included in the Multi-WAN VPN Link Balancer package: • Multi-WAN VPN Link Balancer Unit • Power Cord • Quick Installation Guide • CD-ROM containing the on-line manual. If any of the above items are damaged or missing, please contact your dealer immediately. Physical Details Front Panel Figure 1-2: Front Panel Front Panel LED indication is as follows: OFF – No Power Power ON – Normal Operation Status System Blinking – Normal Operation.
Ethernet Ports and Reset Button WAN ports: using Port 1 to Port 4 for connecting to Modem(s). Ethernet Ports LAN ports: The remaining ports which are connected to PCs or a Hub. Note: Any port will automatically operate as an “Uplink” port if required. You can use a normal LAN cable to connect to a normal port on another hub. Reset Button When pressed and released, the Multi-WAN VPN Link Balancer will reboot (restart) within 1 second. It will reset to default when pushed and held for more than 3 seconds.
Rear Panel Figure 1-3: Rear Panel AC 100V ~ 240V Connects to AC100~240V / 50~60Hz with supplied AC power cord. Default Settings When the Multi-WAN VPN Link Balancer has finished booting, all configuration settings will be set to the factory defaults, including: • IP Address set to its default value of 192.168.1.1, with a Network Mask of 255.255.255.
• Enter the name of the firmware upgrade file located on your PC, or click the "Browse" button to locate the file. • Enter the LAN IP address of the Multi-WAN VPN Link Balancer in the "Server IP" field. • Click "Upgrade Firmware" to send the file to the Multi-WAN VPN Link Balancer. 3. When the upgrade is finished, the Multi-WAN VPN Link Balancer should work normally. The factory default settings will be applied.
2: Basic Setup Overview Basic Setup of your Multi-WAN VPN Link Balancer involves the following steps: 1. Attach the Multi-WAN VPN Link Balancer to a PC using any LAN port (5 to16) and configure it for your LAN. 2. Install your Multi-WAN VPN Link Balancer in your LAN and connect the Broadband Modem(s). 3. Configure your Multi-WAN VPN Link Balancer for Internet Access. 4. Configure PCs on your LAN to use the Multi-WAN VPN Link Balancer.
7. Enter admin for the "User Name" and leave the "Password" field blank. • The "User Name" is always set as admin • For security, it is highly recommended that you set a password. You may do this using the Admin Setup screen. 8. After logging in, you will see the Administrator Password setup in the Admin Setup screen, as shown below. Assign a password by entering it in the "Password" and "Verify Password” Fields. Figure 2-2: Home Screen (Admin.
9. Select LAN & DHCP from the menu. You will see a screen like in the example below. Figure 2-3: LAN & DHCP Setup 10. If your LAN already has a DHCP Server and you wish to continue using it, the following configuration is required: • The DHCP Server function in the Multi-WAN VPN Link Balancer must be disabled. You will find this setting in the LAN & DHCP screen. • Your DHCP Server must be configured to provide the Multi-WAN VPN Link Balancer's LAN IP Address as the "Default Gateway".
Settings – LAN & DHCP LAN IP Configuration Optional Configuration DHCP Configuration View DHCP List • IP Address – IP address for the Multi-WAN VPN Link Balancer, as seen from the Local LAN. Use the default value unless the address is already in use or your LAN is using a different IP Address range. • Subnet Mask –The default value 255.255.255.0 is standard for small (class "C") networks. For other networks, use the Subnet Mask for the LAN segment to which the Multi-WAN VPN Link Balancer is attached.
2. Installing the Multi-WAN VPN Link Balancer in your LAN Figure 2-4: Installation Diagram 1. Ensure that the Multi-WAN VPN Link Balancer and any DSL/Cable modem(s) are powered-OFF. Leave the modem or modems connected to their data lines. 2. Connect the Broadband modem(s) to the Multi-WAN VPN Link Balancer. • If using only one (1) Broadband modem, connect it to port 1. • Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable. 3.
• For each PC connected to the LAN ports, the corresponding LAN LED (either 10/Yellow or 100/Green) should be ON. 3. Configuring the Multi-WAN VPN Link Balancer for Internet Access To configure access to the Internet, first decide how many WAN ports you are going to use. The pull down menu on the MAX WAN web page (Figure 2-5) will let you setup the WAN port numbers. You can choose from two (2), up to eight (8) WAN ports. Once you have selected how many ports you are going to use, click on Submit.
Figure 2-5: Primary Setup Settings – Primary Setup Connection Mode Connection Type • Interface – A pull down menu for each WAN port that you are going to connect to the Internet. • Connect Mode – Enable – Select this if you have connected a broadband modem to this port. Disable – Select this if there is no broadband modem connected to this port. Check the data supplied by your ISP and select the appropriate option. • Static IP – Select this if your ISP has provided a Fixed or Static IP address.
Address Information This is for Static IP users only. Enter the address information (IP Address, Subnet Mask, Gateway) provided by your ISP. If your ISP provides multiple IP address, you can use the Multi-DMZ screen to assign any additional IP addresses. PPPoE / PPTP Dialup This is for PPPoE or PPTP users only. • Enter the Username and Password provided by your ISP. • If using PPTP, enable the PPTP Connection checkbox and enter the IP address of the PPTP server.
4: Configure PCs on your LAN Overview For each PC, the following settings may need to be configured: • TCP/IP network settings • Internet Access configuration TCP/IP Settings If using the default Multi-WAN VPN Link Balancer settings and the default Windows 95/98/ME/2000/XP TCP/IP settings, no changes need to be made. Just start (or restart) your PC.
6. Check "Connect using a broadband connection that is always on" and click Next. 7. Click Finish to close the New Connection Wizard. Setup is now completed. Accessing AOL To access AOL (America On Line) through the Multi-WAN VPN Link Balancer, the AOL for Windows software must be configured to use TCP/IP network access rather than a dial-up connection. The configuration process is as follows: • Start the AOL for Windows communication software. Ensure that it is Version 2.5, 3.0 or later.
Fixed IP Address By default, most Unix installations use a fixed IP Address. If you wish to continue using a fixed IP Address, make the following changes to your configuration. • Set your Default Gateway to the IP Address of the Multi-WAN VPN Link Balancer. • Ensure your DNS (Name server) settings are correct. To act as a DHCP Client (recommended) The procedure below may vary depending on your version of Linux and X -windows shell. 1. Start your X Windows client. 2. Select Control Panel - Network 3.
3: Advanced Port Overview • Port Options contains some options which can be set on any WAN port. For most situations, the default values are satisfactory. • Load Balance is only functional if you are using multiple WAN ports. It allows you to determine the proportion of WAN traffic sent through each port. • Advanced PPPoE setup is required if you wish to use multiple sessions on each WAN port. It can also be used to manually connect or disconnect a PPPoE session. Otherwise, this screen can be ignored.
Settings – Port Options Interface Connection Health Check Transparent Bridge • WAN Port – Select a particular WAN port from the pull-down menu to setup WAN port configuration. • MTU – The Maximum Transmission Unit for the Ethernet data. This is used to determine the packet size to be used on the WAN interface. Normally, this does not need to be changed but if your ISP advises you to use a particular MTU, enter it here. The default MTU value is 1500 Bytes.
Load Balance This screen is only operational if using Internet connections on multiple WAN ports Figure 3-2: Load Balance Only functional when using two (2) or more WAN ports - these settings determine the proportion of traffic sent over each port.
Settings – Load Balance Load Balance Configuration • Enable – This enables your Load Balance setting options and must be checked for other settings on this screen to be effective. • Balance Type – You can select the Balance types based on: • • Bytes Tx + Rx – Traffic is measured by Bytes. (Least load) • Packets Tx + Rx – Traffic is measured by Packets. (Least load) • Sessions established – Traffic is measured by Sessions. (Least load) • IP Address – Traffic is measured by IP address.
Advanced PPPoE The Advanced PPPoE screen is required in order to use multiple PPPoE sessions on the same WAN port. It can also be used to manually connect or disconnect a PPPoE session. Figure 3-3: Advanced PPPoE Settings – Advanced PPPoE Select WAN Port & Session WAN Port – Selected WAN port only using PPPoE connection PPPoE Session – ISPs can usually provide multiple floating real IPs for PPPoE.
Options PPPoE Auto Dialup Connection Status • Specified Fix IP Address – If you have a fixed IP address, enter if here. Otherwise, this field should be left at 0.0.0.0. • Assigned Host Name –This field is used by a Host to uniquely associate an access concentrator with a particular Host request. • Auto Dialup (connect-on-demand) – If set to Enable, a connection will be established whenever outgoing WAN traffic is detected. If not enabled, you must establish a connection manually.
Settings – Advanced PPTP WAN Port Select the desired WAN port (click desired WAN on Connection Status). The data of the selected port will then be displayed in the WAN IP Account section. PPTP MTU – Maximum transfer unit for PPTP. The default value is 1460 WAN IP Account PPTP Auto Dialup Connection Status • User Name – The PPTP user name (login name) assigned by your ISP. • Password – The PPTP password associated with the User Name above.
4: Advanced Setup Overview The following features are provided in Advanced Setup: • Host IP • Routing • Virtual Server • Special Application • Dynamic DNS • Multi DMZ • UPnP Setup • NAT Setup • Advanced Feature This chapter contains details on the configuration and use of each of these features. Host IP This feature is used in the following situations: • You have Multi-Session PPPoE and wish to bind each session to a particular PC on your LAN.
Figure 4-1: Host IP Settings – Host IP Host Network Identity This section identifies each Host (PC) • Host name – Enter a suitable name. Generally, you should use the "Hostname" (computer name) as defined on the Host itself. • MAC Address – Also called Physical Address or Network Adapter Address. Enter the MAC address of this Host. • Select Group – Select the group you wish this Host to be included in. (Group 1 ~ Group 7). Default is no group.
Host Network Binding • Binding WAN Port / Session – Select Enable if you wish to associate this PC with a particular PPPoE session. All traffic for that PC will then use the selected PPPoE port and session. • Binding Method – Suppose your PC is bound to WAN1 port and you select “Strict Binding.” If WAN1 port is disconnected, your packets cannot go through another WAN port, if it is still alive.
ARP Status ARP (Address Resolution Protocol) – This is web page is regarding LAN & WAN ARP statistics and information, Figure 4-1 (A): ARP Table • Requests ( In / Out ) – The numbers of system ARP sent to requests. • Reply ( In / Out ) –The numbers of system ARP reply to. • System Time – System starting time. • Global Arp Ageout Time – Arp time out. By default is 600 seconds. If set to “0” means no expire. Arp Table • List all LAN, WAN address resolution and its related info.
Routing This section is only relevant if your LAN has other Routers or Gateways. • If you don't have other Routers or Gateways on your LAN, you can ignore the Static Routing page completely. • If your LAN has other Gateways and Routers, you must configure the Static Routing screen as described below. You also need to configure the other Routers. Figure 4-2: Routing Note: If there is an entry or entries in the Routing table with an Index of zero (0), these are System entries.
Static Routing • Network Address – The network address of the remote LAN segment. For standard class "C" LANs, the network address is the first 3 fields of the Destination IP Address. The 4th (last) field can be left at 0. • Netmask –The Network Mask for the remote LAN segment. For class "C" networks, the default mask is 255.255.255.0 • Gateway – The IP Address of the Gateway or Router that the Multi-WAN VPN Link Balancer must use to communicate with the destination IP address entered above.
For the Multi-WAN VPN Link Balancer Gateway's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments - the Multi-WAN VPN Link Balancer requires 2 entries as follows: Entry 1 (Segment 1) Destination IP Address 192.168.2.0 Network Mask 255.255.255.0 Gateway IP Address 192.168.1.100 Interface LAN Metric 2 Entry 2 (Segment 2) Destination IP Address 192.168.3.0 Network Mask 255.255.255.0 (Standard Class C) Gateway IP Address 192.168.1.
Virtual Server This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: • Your Server's IP address is only valid on your LAN, not on the Internet. • Attempts to connect to devices on your LAN are blocked by the firewall in the Multi-WAN VPN Link Balancer. The "Virtual Server" feature solves these problems and allows Internet users to connect to your servers, as illustrated below. Web Server (192.
• This address should be static, rather than dynamic, to make it easier for Internet users to connect to your Servers. However, you can use the Dynamic DNS feature (explained later in this chapter) to allow users to connect to your Virtual Servers using a URL, instead of an IP Address. e.g. http://my_domain_name.dyndns.org ftp://my_domain_name.dyndns.org This screen allows you to define your own Server types.
Settings – Virtual Server Virtual Server Configuration • Enable – The enable checkbox is to Enable or Disable each Virtual server as required. • Server Name – Enter a suitable name for this server. (By default, 12 well-known virtual servers have been listed on the Custom Virtual Server List) • Protocol – Select the network protocol (TCP/UDP) used by this sever. • IP Address – LAN, Enter the IP address of the server on your LAN which is running the required Server software.
Special Application If you use Internet applications which have non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the firewall in the Multi-WAN VPN Link Balancer. In this case, you can define the application as a "Special Application" in order to make it work.
Settings – Special Application Special Application • Enable – Use this to Enable or Disable the Special Application as required • Name – Enter a descriptive name to identify the Special Application. • Outgoing Protocol –Select the protocol used by the application when sending data to the remote server or PC. • Outgoing Port Range – Enter the beginning and end of the range of port numbers used by the application server for data you send.
Dynamic DNS Dynamic DNS is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change each time you connect to your ISP, making it difficult to connect to you. You must register for the Dynamic DNS service.
Figure 4-7: Dynamic DNS Settings – Dynamic DNS Dynamic DNS Service Additional Settings This pull-down menu can Enable/Disable the Dynamic DNS feature and select the required service provider. • Disable – Dynamic DNS is not used. • TZO – Select this to use the TZO service (www.tzo.com). You must configure the TZO section of this screen. • DynDNS – Select this to use the standard service (from www.dyndns.org or other provider). You must configure the Standard Client section of this screen.
WAN Port Binding • Select the WAN port used by the Dynamic DNS. • The "Force Update" button will update your record on the Dynamic DNS Server immediately.
Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC, allowing unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers. Note: The "DMZ PC" is effectively outside the Firewall, making it more vulnerable to hacker attacks or other intrusions.
Settings – Multi DMZ Multi DMZ Edit Multi DMZ List • Enable – Use this to enable or disable the DMZ setting, as required. • WAN – Select the desired WAN port binding with a particular LAN host. (There are a maximum 8 WAN ports which can be available.) Its connection type may change based on your WAN connection type (Static/DHCP/PPPoE/PPTP). • Name – Enter a name to assist you to remember this setting. This name can be anything you choose and will have no effect on the operation.
UPnP Setup With the UPnP (Universal Plug & Play) function, you can easily setup and configure an entire network as well as enable detection and control of networked devices and services.
Settings – UPnP Setup UPnP Option UpnP Port Mapping List • UpnP (Univeral Plug & Play) can be enabled or disabled for automatic device configuration. If disabled (Default), the router will not allow any device to automatically control the resources. • Advertisement Interval –The Advertisement Interval is how often the router will broadcast its UPnP information. This value can range from 2 to 1440 minutes. The default interval is for 30 minutes.
NAT Setup NAT (Network Address Translation) is the technology which allows one (1) WAN (Internet) IP address to be used by multiple LAN users. Figure 4-10: NAT Setup Settings – NAT Setup NAT Configuration • NAT Routing – You can enable or disable NAT through the check box. If you disable the NAT checkbox, it will act as a bridge or Static Router. Most features will be unavailable. • TCP Timeout – Enter the desired value to use on each WAN port.
NAT Port Option NAT Alias NAT Alias List • Non-Port-Translation –To keep the source port number unchanged for TCP/UDP sessions on the specified Port Range. Some special applications do not allow the source port number to be translated. • Port Range – The Source Port Number Range for TCP and UDP protocol. • Specific TCP / UDP Timeout –To define specific Timeout for TCP/UDP sessions on the specified Port Range.
Advanced Feature • External Filters Configuration – These settings determine whether the Multi-WAN VPN Link Balancer should respond to ICMP (ping) requests received from the WAN port or not. • Interface Binding – Use these settings to ensure that certain traffic is sent by a particular WAN port and thereby a particular ISP account. These settings are only useful on some WAN ports. • Protocol & Port Binding – This allows you to bind any WAN port by selecting the protocol type you want.
Settings – Advanced Feature External Filters Configuration Block Selected ICMP Types – These settings determine whether or not this device should respond to ICMP requests received from the WAN port. If checked, the selected packet types are blocked. Otherwise, the packets are accepted. DNS Loopback Used when you have some servers on the LAN and their domain names have already been registered on public DNS.
5: Security Management Overview • Block URL – Ability to block a specific website by configuring IP address, URL or Keywords. • Access Filter – Ability to block all Internet access, a known port or user defined ports by group access. • Session Limit – Ability to limit users Internet access when the device detects new sessions that exceed the maximum value in the sampling time, for example, virus, syn flood, etc.
Settings – Block URL Access Group Access Item This allows you to have different blocking rules for different Groups of PCs. • All PCs (users) are in the Default Group unless moved to another specified group on the Host IP screen. • If you want the same restrictions to apply to everyone, select Default for the Group. In this case, there is no need to enter any Hosts in the Host IP screen.
Figure 5-2: Access Filter Settings – Access Filter Access Group This allows you have different access rights for different Groups of PCs. • If you want the same restrictions to apply to everyone, select Default for the Group. In this case, there is no need to enter any Hosts on the Host IP screen. • If you wish to apply different restrictions to different Groups, select the desired Group. The screen will update data for the selected Group.
Filter Setting Select the desired option for this Group: • No filtering – Nothing is blocked, Internet access is not restricted. • Block All Access – Everything is blocked, Internet access is not available. • Block selected items – Items selected on this screen are blocked. You can block known services by using the checkboxes, or you may define your own filters.
Figure 5-3: Session Limit Settings – Session Limit Sampling Time The time interval specified by you for new sessions. Only the new sessions that have recently occurred are counted according to the sampling time entered. (Default is 400 mil-sec) Maximum of Total New session The maximum total number of new sessions in the system which is acceptable in the sampling time. Any new incoming sessions will be dropped after the number of new sessions has been exceeded.
SysFilter Exception System Filter Exception - This will reject every packet with an unrecognized port to block port scan programs from hackers. This, however, also incurs problems in some situations where servers (e.g. SMTP server port 113) or WAN clients need to send a response packet to verify the activity of their communication peers.
6: VPN Configuration Overview Virtual Private Network (VPN) uses encryption to create the connection between two end points (computers or networks). It allows private data to be sent securely over a public network or the Internet without the risk of outside intruders gaining unauthorized access. VPN establishes a private network that can send data securely between two networks. We call this by creating a “tunnel”.
Settings – IKE Global Setup Global List (Phase 1) The list will only show the approximate information of all Global Settings on each WAN port. You can modify it by clicking on a selected row. Global Parameters • Enable Setting – If set to Enable, it enables the VPN function to work. • ISAkmp Port – Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify and delete security associations and their attributes.
Planning the VPN When planning your VPN, you must make the following choices first: 1. If the remote site is a LAN network, the two end-point networks must have different LAN IP address ranges. If the remote end-point is a single PC running a VPN client, its destination address must be a single IP address with subnet mask of 255.255.255.255 2. Will you be using the Internet Key Exchange (IKE) setup, or Manual Keying? Whichever method is used, you must specify each phase of the connection. 3.
Settings – IPSec Policy Setup IPSec Traffic Binding Traffic Selector Security Level • Tunnel Name – In order to distinguish the tunnel, you have to give “Tunnel” a name. • Tunnel – If set to Enable, this will allow the tunnel to connect. • WAN port – You can choose any WAN port to make the VPN connection. • PPPoE Session – If you are using a multi-session PPPoE connection, you can select which PPPoE session will create a VPN tunnel between two sites.
Key Management Key Type – Two key types are available for the key exchange management - Manual Key and Auto Key: • • Manual Key – If manual key is selected, no key negotiation is needed. The following fields to be set are: 1. Encryption Key –This field specifies a key to encrypt and decrypt IP traffic. 2. Authentication Key – This field specifies a key to use to authenticate IP traffic. 3. Inbound/out bound SPI (Security Parameter Index) – This information is carried on the ESP header.
Figure 6-3: IPSec Policy Options Settings – IPSec Policy Options Dead Peer Detection Feature • Dead Peer Detection (DPD) – If set to Enable, a device will periodically send HELLO/ACK messages to check if the tunnel is alive when both peers of a VPN tunnel provide DPD mechanism. Once a dead peer is detected, a device will end the connection so it can be re-established. This is the primary method of VPN failover or backup.
passes - a Detection packet is sent to the peer. Options • Retry Times – The number of times a device will attempt to send the Detection packet before the Check After Idle time expires. • Action – This will execute one of the following actions after the Detection is determined: Failover - ignores the dead tunnel. Remove Tunnel - disconnects the dead tunnel. Keep Tunnel Alive - attempts to keep the tunnel alive. • Logging – If set to Enable, all DPD activity of will show up in the VPN log.
Mesh Group Setup The Multi-WAN VPN Link Balancer not only provides VPN failover and backup but is also capable of offering VPN load balance. If you have setup IPSec policy on the “IPSec Policy Setup” web page, then you don’t have to enter IPSec policy setup again here. You can press the “Scan Policies” button to copy the IPSec Policy into the Mesh Group Setup web page. You also can configure your IPSec Policy on the Mesh Group web page by pressing the “Create” button.
Figure 6-5: Mesh Group Configuration Settings –Mesh Group Configuration Aggregation Group This will display all the VPN connections that are using for VPN load balancing. You should enable the check box before you make a VPN load balance connection. • Delete Button – This button can delete one or all IPSec Policies. • Set Button – Once you have enabled/disabled the check box, you have to press the Set button to submit it. • Edit Button – The Edit button will let you edit the IPSec policy.
VPN Logs You can monitor the VPN status through the VPN Logs web page. The log level (priority) can be chosen from the VPN IKE Global Settings web page. Figure 6-6: VPN Logs Data – VPN Logs Message Status Undefined Messages • Time – Indicates when the message was created according to system time. • Priority – Indicates the priority level of a message for analysis. • Module – Denotes the module responsible for the message sent in the IPSec architecture.
7: QoS Configuration Overview The Load Balancer provides QoS, which supports the high quality of network service. Because it will classify outgoing packets based on some policies defined by users, make some real-time applications to get better response or performance. QoS Setup The following web page management are guiding you how to setup QoS and make QoS work. Figure 7-1:QoS Setup Data – QoS Setup. QoS Feature • Enable QoS – Users can choose to Enable QoS (Quality of Service).
IP TOS ( Type of Service) Feature • Process TOS Field –An 8 bits field in the IP packet header designed to contain values indicating how each packet should be handled in the network. If you choose "enable" then it will enable this function to process IP Type of Service field.
Data – Policy Configuration. Policy Priority • Policy Name –The name of a policy which is used to classify the received packets based on the following types for your memory. • Source/Destination Address, Port – Specify a packet based on source/destination address or port. Address has two types: IP address and MAC address. By default, the IP address is 0.0.0.0 for all IP Addresses but the MAC address is 00-00-00-00-00-00 which cannot be used to classify.
8: Bandwidth Configuration Overview The Multi-WAN VPN Link Balancer incorporates a QoS (Quality of Service) utility to provide high quality network support service. Because it classifies outgoing packets based on policies defined by users, real-time applications should respond or perform better. Bandwidth Setup The following web page instructs you on setting up and enabling QoS.
Settings – QoS Setup. QoS Feature Enable QoS – Checkbox allows users enable QoS mechanism. If set to "enable" QoS. QoS will allocate Inbound/Outbound bandwidth to pass through the device. • WAN Inbound / Outbound Bandwidth –This allows you to set the maximum inbound or outbound bandwidth, maximizing your network's performance.
Settings – QoS Policy WAN Inbound / Outbound Policy • Policy Name –The name of a policy which is used to classify the received packets based on the following types for your memory • Local / Remote Address, Port –Specify a packet based on Local/Remote address or port. Address has two types: IP address and MAC address. By default, the IP address is 0.0.0.0 for all IP Addresses but the MAC address is 00-00-00-00-00-00 which cannot be used to classify.
1. First, you have to “Enable” QoS, once you have enabled it. It will start QoS mechanisms. 2. From now on, you can dispatch the network bandwidth (inbound /outbound) to the WAN ports. By default, the device dispatches each WAN port for inbound & outbound is 6400 kbit/sec (51200/8)=6400 kbit/Sec. However, your local ISP provides the real bandwidth for each WAN bandwidth. Therefore, you fill-out the inbound & outbound bandwidth that your local ISP offer to you. 3.
1. Policy Name: Give a name of your bandwidth control policy. 2. Local Address: It is you LAN side IP address. ( by default 0.0.0.0 To 0.0.0.0 mean all local LAN IP addree) If you choose MAC (00-00-00-00-00-00) by pull-down menu does not mean all local MAC address. 3. Protocol type and local/remote port: Port and Protocol Type define all packets for special applications. 4. The total Bandwidth is the WAN port bandwidth that you define on your WAN port previously. 5.
9: DNS Configuration Overview DNS configuration sed if you want to use Incoming Load Balance mechanism in your network environment. You must know how to change IP addresses of your DNS server to WAN any port IP addresses of a device which will replace your DNS server; make DNS requests to redirect to this device (e.g. set A, NS, CNAME, MX) and set SOA resource records in the Configure DNS & Map Host URL pages.
DNS Configuration Setup Domain Domain List – The device supports multi-domains. SOA (Start Of Authority) • Record • NS (Name Server) Record • Serial Number/Refresh Interval/Retry Interval/Expiration /Minimum TTL –These are referenced in RFC1035 or set by the default value. • Pri. Name Server/Sec. Name Server –IP Address of your DNS server. Public WAN IP Address –By default, this is: 0.0.0.0. This device will use the current WAN port IP address the same as DNS index. e.g. DNS1 Pri./Sec.
Map Host URL Other than set up DNS configuration, It is necessary for users to select an URL to map to the IP address of a local host. It is the URL to be mapped. Its FQDN is the combination of URL and domain name. Figure 9-2: Map Host URL Map Host URL A Record • Host URL List –You select a URL to map to the IP address of a local host. • Host URL –The URL to be mapped. If its value is "www" and domain name is xyz.com. its FQDN is the combination of URL and domain name (www.xyz.com.).
10: Management Assistant Overview The following advanced features are provided: • Admin. Setup • Email Alert • SNMP • Syslog • Upgrade Firmware This chapter contains details of the configuration and use of each of these features. Admin. Setup Remote Access Configuration – This feature allows you to manage the Multi-WAN VPN Link Balancer via the Internet. You can restrict access to a specified IP address or address range.
Settings – Admin. Setup Remote Access Configuration • Remote Upgrade – If enabled, you can use the supplied Windows utility to remotely upgrade the firmware. If not enabled, the upgrade must be performed by a PC on the LAN. • Remote Setup – If enabled, access to the web-based interface is available via the Internet (See below for details). If not enabled, access is only available by a PC on the LAN. • Access port – The port number used when connecting remotely. The default port number is 8080.
Management password Enter the desired password, re-enter it in the Verify Password field, then save it. When you connect to The VPN Link Balancer with your Browser, you will be prompted for the password when you connect, as shown below. Figure 10-2: Password Dialog • Enter "Admin" for the User Name. • Enter the password for The VPN Link Balancer, as set on the Admin Password screen above.
Email Alert This feature will send a warning Email to the system administrator when any WAN port is disconnected, has received excessive ping flooding, exceeded session limitation, etc. Figure 10-3: Email Alert Settings – Email Alert Global Setting • Enable & Link down – To enable or disable the Alert Mail sending in the event one of the WAN ports is disconnected. • Excessive ping –This function is useful to prevent ICMP packets attacks from WAN or LAN onk the device.
Email Alert Configuration Email Alert Configuration list The purpose of email alert is in the event a WAN port is disconnected or mal-functions, it will send an email message to inform the recipient. • Email (SMTP) Server Address – The e-mail server address. (ex: mail.yourdomain.com) • User Name –The user name of an e-mail sender address for authentication. (ex: abc) • Password –The password of an e-mail sender address for authentication. (ex:12345) • Sender Address – The email address of the sender.
SNMP This section is only useful if you have SNMP (Simple Network Management Protocol) software on your PC. If you have SNMP software, you can use a standard MIB II file with the Multi-WAN VPN Link Balancer. Figure 10-4: SNMP Settings – SNMP System Information Community Trap Targets • Contact Person – The name of the person responsible for this device. • Device name – The name of this device. • Physical Location – The location of the device.
Syslog This feature can send the real time system information to a web page or to specified PCs. Syslog Configuration – Syslog Configuration allows you to select whether to send the system information to another machine or not. Up to three machines can be chosen to send the system log to. Message Status – Messages are only sent and kept when “Keep Sent Message” is enabled. Currently 100 messages are retained in RAM and will be cleared when the system is rebooted or powered off.
Settings – Syslog Syslog Delivery • Sending Out – Set to “Enable”, if you want to send system log messages to other machines (PCs). • Keep Sent Message – If set to Enable, it means you want to keep sent messages; otherwise the sent messages will be deleted. • Syslog Server – Up to 3 syslog servers can be used. • IP Address: The IP address(es) of the syslog server(s) that you want to send to. • Port: If your syslog server does not use the default port, you can change it.
Upgrade Firmware The Upgrade Firmware Screen allows you to upgrade the firmware or backup the system configuration. Figure 10-6: Upgrade Firmware You can backup your system configuration by pressing the Save System Configuration “Save” button. This will save the system configuration for future use. You also can upgrade the firmware by inputting the correct password, browsing to the firmware upgrade file and then pressing the “Upgrade” button.
11: Network Info Operation Once the Multi-WAN VPN Link Balancer and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required. Refer to Chapter 4 - Advanced Setup for further details. System Status Use the System Status link on the main menu to view this screen.
System Status WAN Interface LAN Interface Device Information • Connection Type – The type of connection used – DHCP, Fixed IP, PPPoE or PPTP. • Connection Status – Either "Connected" or "Disconnected”. • "Force Renew" button– Only available if using a dynamic IP address (DHCP). Clicking this button will perform a DHCP "Renew" transaction with the ISP's DHCP server. This will extend the period for which the current WAN IP address is allocated to you.
Device Statistics Buttons • System UpTime – The time since the device system was last reinitialized. • CPU Usage – The current CPU percentage usage. • Memory Heap – The current Memory percentage usage (Heap & Queue). • Packet Queue – The current Packet Queue percentage usage. • Refresh – Updates the on-screen data. • Restart – Restarts (reboots) the Multi-WAN VPN Link Balancer. • Restore Factory Defaults – This will delete all existing settings and restore the factory default settings.
WAN Status Use the WAN Status link on the main menu to view this screen. Figure 11-3: WAN Status WAN Status Current Statistics Current loading share for WAN1, WAN2, WAN3, WAN4 Accumulated Statistics The statistics for calculate WAN1 to WAN4 packets with a period of time.
NAT Status This screen is displayed when you click the "Check NAT Detail" button on the WAN Status screen.
Data – NAT Status Active Interface IP Info • Interface – LAN and WAN interface of the VPN Link Balancer. • IP Address – The WAN (Internet) & LAN IP Address of the VPN Link Balancer. • Subnet Mask – The Network Mask (Subnet Mask) for the IP Address above NAT Timeouts This displays the current timeout values for TCP and UDP connections. TCP Prosperity This displays the MSS (Maximum Segment Size) and Maximum Windows size for TCP packets.
Appendix A Specifications Model Multi-WAN VPN Link Balancer Dimensions 423mm (W) x 155mm (D) x 43mm (H) Operating Temperature 0° C to 40° C Storage Temperature -10° C to 70° C Network Protocol: TCP/IP Network Interface: 16 *10/100 BaseT (RJ45) Auto-switching Hub ports for WAN / LAN devices. LEDs 1 power LED. 2 status LEDs. 16 LEDs for WAN/LAN Power Supply Internal AC 100V ~ 240V / 50 ~ 60 Hz FCC Statement This device complies with Part 15 of the FCC Rules.
Appendix B Windows TCP/IP Setup Overview TCP/IP Settings If using the default Multi-WAN VPN Link Balancer settings and the default Windows 95/98/ME/2000 TCP/IP settings, no changes need to be made. • By default, the Multi-WAN VPN Link Balancer will act as a DHCP Server, automatically providing a suitable IP Address (and related information) to each PC when the PC boots. • For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client.
Figure B-2: IP Address (Win 95) Ensure your TCP/IP settings are correct as follows: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Restart your PC to ensure it obtains an IP Address from the Multi-WAN VPN Link Balancer.
• On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the field beside the Add button, then click Add. Figure B-4: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure B-5: Network Configuration (Win 2000) 3.
Figure B-6: TCP/IP Properties (Win 2000) 5. Ensure your TCP/IP settings are correct: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Restart your PC to ensure it obtains an IP Address from the Multi-WAN VPN Link Balancer.
Checking TCP/IP Settings - Windows XP: 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure B-7: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button.
Figure B-8: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Restart your PC to ensure it obtains an IP Address from the Multi-WAN VPN Link Balancer. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.
Appendix C Troubleshooting Overview This chapter covers some common problems that may be encountered while using the Multi-WAN VPN Link Balancer and some possible solutions to them. If you follow the suggested steps and the Multi-WAN VPN Link Balancer still does not function properly, contact your dealer for further advice. General Problems Problem 1: Can't connect to the Multi-WAN VPN Link Balancer to configure it.
Problem 2: Some applications do not run properly when using the Multi-WAN VPN Link Balancer. Solution 2: The Multi-WAN VPN Link Balancer processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applications which are not functioning correctly. If this does solve the problem, you can use the DMZ function. This should work with most applications, however: • It is a security risk, since the firewall is disabled for the DMZ PC.