FriendlyNET® VR2004 Series VPN Security Routers User’s Manual
Before You Start Thank you for purchasing the Asanté FriendlyNET VR2004 Series VPN Security Router. Your router has been designed to provide a lifetime of trouble-free operation. However, to ensure a smooth installation, you must have the following items before you begin: • • • • • • Internet connection: Valid ISP account and Cable/DSL modem with 10BaseT Ethernet port. Peripheral port for back up dial-up (v.
Quick Start Guide This section will guide you through setting up the Asanté FriendlyNET router with your Cable/DSL modem. Setting up your router requires three basic steps: 1. 2. 3. Determine the TCP/IP settings for your computer and record them in the table provided. Set up your hardware. You MUST power up the router FIRST after attaching any devices to the router. Configure your router. 1. Determine Your TCP/IP Settings You should already have a working Internet connection using a Cable/DSL modem.
Item No. TCP/IP Control Panel Description 1 Configure Manually or Using DHCP Server Static IP Address or Dynamic IP Address 2 IP Address WAN IP Address 3 Subnet Mask WAN Subnet Mask 4 Router Address WAN Gateway 5 Name Server Address Primary and Secondary DNS 6 Host Name (DHCP Server Client ID No. Only) 4. Your Setting Once the information has been recorded, choose Using DHCP Server from the Configure: pull-down menu. Close the dialog box and save your changes.
4. Item No. TCP/IP Control Panel Description 1 Configure Manually or Using DHCP Server Static IP Address or Dynamic IP Address 2 IP Address WAN IP Address 3 Subnet Mask WAN Subnet Mask 4 Router Address WAN Gateway 5 Name Server Address Primary and Secondary DNS 6 Host Name (DHCP Server Only) Client ID No. Your Setting Once the information has been recorded, select Configure: Using DHCP. You will receive an IP address automatically from your DHCP server.
3. 4. Expand this dialog box by clicking on the More Info >> button. Complete the information in this table: Item No. IP Configuration Description 1 Host Name Host Name 2 DNS Servers Primary DNS 3 Your Setting Secondary 4 Adapter Address MAC Address 5 IP Address WAN IP Address 6 Subnet Mask WAN Subnet Mask 7 Default Gateway WAN Gateway Tip: Next to the DNS Servers field, click the button to show the Secondary DNS (if available). 5. 6. 7. 8.
Item No. IP Configuration Description 1 Host Name Host Name 2 Primary DNS Primary DNS 3 Physical Address MAC Address 4 IP Address WAN IP Address 5 Subnet Mask WAN Subnet Mask 6 Default Gateway WAN Gateway Your Setting Windows XP 1. 2. 3. 4. 5. 6. From the Start button, select Settings/Control Panel. Click on Network and Internet Connections. Click the Network Connections icon. Double-click on the network. Under the Support tab, click on the Details… button.
The TCP/IP configuration of your computer is now complete. Repeat steps 1 – 4 and 7 – 10 to configure additional PCs on your network. Red Hat Linux In order to gather the information necessary to complete the table, you will need to run the /sbin/ipconfig command. You will also need to examine the following files: • • /etc/sysconfig/network /etc/resolv.conf. Please refer to your Linux documentation for information on accessing these files. 2.
3. Configure Your Router From your computer, use your browser to configure the router for your network. 1. 2. 3. 4. 5. 6. Start your web browser. Type http://192.168.123.254 into your browser’s address or location field and press Enter. In a few moments you’ll see the Login screen for the router. Enter the default username, admin (the default password is blank), and click OK. Click the Setup Wizard button from the top of the page.
FriendlyNET VPN Security Router
Table of Contents Before You Start Quick Start Guide 2 3 Chapter 1. Introduction Chapter 2. Configuration Chapter 3. Advanced Settings Chapter 4. VPN Configuration 13 17 27 41 Appendix A. Warranty Statement and FriendlyCare Support Appendix B. FCC Statement Appendix C. Troubleshooting Appendix D. Renewing Client IP Addresses Appendix E. Service Ports Appendix F. Hardware and Software Compatibility Appendix G. Specifications Appendix H. Configuring a System Log Server Appendix I. Your 802.
FriendlyNET VPN Security Router
Chapter 1. Introduction Thank you for purchasing the FriendlyNET VR2004 Series VPN Security Router. The router provides an easy, affordable way to communicate over the Internet, while ensuring a secure connection to another VR2004 (or other compatible VPN solution). Whenever data is intended for the remote site, the router automatically encrypts the data and sends it to the remote site over the Internet, where it is automatically decrypted and forwarded to the intended destination.
• • • • • • • Hacker Attack Logging: Supports general hacker attack pattern monitoring and logging High Performance 32-bit RISC CPU Engine: With the most advanced 32-bit RISC CPU engine, the router has full compatibility with present and future Cable/DSL technologies PPPoE Client: Supports PPPoE client function to connect to the remote PPPoE server Virtual Server: Allows an internal server to be accessible from the Internet Upgradeable: Allows new features to be added in the future VPN Support: Supports L
• DMZ (Demilitarized Zone): Allows you to place one server or workstation outside the firewall, to allow outside parties unrestricted access to the server 1.2 Package Contents Please compare the items included in your package to the list below. The following items should be included: • • • FriendlyNET VR2004 Series VPN Security Router Power adapter User’s Manual (this document) If any of the above items are damaged or missing, please contact your dealer immediately. 1.
LED Link/Activity LAN ports 1 to 4 Color Green Blinking Off Description A valid link has been established on the port. Port is transmitting or receiving packets. No link has been established on the port. Wireless (VR2004AC model only) Green COM Green A valid link has been established. Off No link has been established. Green A valid link has been established. Off No link has been established. Blinking Yellow The router is booting up, or a firmware upgrade is taking place.
Chapter 2. Configuration Power up the router first, before powering up the attached devices. Launch your web browser and type the default IP address (192.168.123.254) in the browser’s address box. Press Enter. The login window will appear. Type the default username admin and press OK. By default, the password for the router is blank. We strongly recommend that you assign a password to your router. See page 35 for more details.
• • • • • • Time Zone Settings Device IP Settings ISP Settings Additional ISP Settings Modem Settings VPN Settings Important! You must save and restart the router in the Save & Restart screen for your configurations to take effect. 2.1.1 Time Zone Settings From the drop down menu, choose the local time zone. Click Next to enter the data and to proceed to Device IP Settings. 2.1.
Quick Start Guide), and click Next to enter the data. If you use a dynamic IP Address, check the Dynamic IP radio button and click Next to continue to Additional ISP Settings. 2.1.4 Additional ISP Settings In this page, you can enable the type of WAN connection you are using. Your ISP may require you to use any of PPPoE, PPTP or AT&T-like authentication.
ISPs use the information for authentication purposes, so you must select the check box and enter the requested information for your WAN type. Item Description User Name Account name (assigned by your ISP). Password Password for the account (assigned by your ISP). Idle Time Router attempts to keep the connection on (“keep alive”) until it has reached a specified idle time; enter a 0 to disable the keep alive feature.
Click Next to enter the new data and to proceed to the Wireless Settings page (VR2004AC model only) or to the Modem Settings page. 2.1.5 Wireless Settings (VR2004AC only) The VR2004AC is designed to function as a wireless access point using the default settings shown. If you wish to use more than one router in your wireless network, you have the option of having one network with multiple access points (routers), or separate networks.
Encryption Most internal LAN traffic does not require additional security measures. If you are transferring sensitive files or other material over the wireless LAN, you may enable the WEP Security Settings. WEP stands for "Wired Equivalent Protocol". Click on either the "40(64) bit" or the "128-bit” radio button to select which Shared Key you will use, and enter a 10 digit hexadecimal number into the Key 1 field. Hexadecimal numbers may be alphanumeric (numerals 0-9 or letters a-f).
2.1.7 VPN Settings The router can be used as an ordinary unencrypted connection to the Internet, or as a secure connection to another VPN router. To set up a Virtual Private Network (VPN), you must enable the VPN feature, which allows a secure connection to the Internet. Please refer to Chapter 4. VPN Configuration for detailed information. 2.1.8 Save and Restart After stepping through the Setup Wizard’s configuration pages, you must save and restart the router through the Save & Restart page.
2.2 Device Information This page displays the current settings of the router: • • • • • Device Name: The host name of the router IP Address: The IP address of the router LAN MAC Address: The MAC address of the router’s LAN port WAN MAC Address: The MAC address of the router’s WAN Ethernet port Firmware Version: The current firmware installed 2.3 Device Status This page displays the current connection status of the router, and refreshes itself about every 14 seconds.
• • VPN Status: View the IPSec Connection Status for VPN tunnels DHCP Status: Click to refresh the DHCP log 2.4 System Tools From the Main Menu, select the System Tools button to display the status of the router.
• • 26 Upgrade Firmware: Allows you to upgrade the router to the latest version of firmware Reset Device: Restarts the router FriendlyNET VPN Security Router
Chapter 3. Advanced Settings From the main menu, click on the corresponding button to access the Advanced Settings screen.
IP Address Pool Range This pool contains the range of IP addresses that will automatically be assigned to the clients on your network. The default setting is 192.168.123.2 to 192.168.123.100. Increase the range if you have more than 98 computers on your network. IP Address Reservation You can configure client computers with static addresses outside the range of the router’s DHCP server, or use this option to provide fixed (static) IP addresses to devices on your network, such as printers or computers.
Enter the IP addresses of the network servers and the Service Port Range to allow remote access to the desired ports. The Server Port is a TCP or UDP port number. See Appendix E for a list of common service ports. A single server or workstation can be placed outside the protective firewall to allow unrestricted access to the server and to ensure complete Internet application compatibility, even if specified ports are not known.
3.3 Wireless Access Control Settings * This feature should only be used by users with an extensive knowledge of TCP/IP. By default, all users on the router have full access to local and wide area networks. If necessary, network managers can control LAN and WAN access by entering the MAC addresses of clients into a table.
To delete a MAC address, select the corresponding checkbox and click the Del button. The maximum number of entries allowed in the table is 32. Note: At least one client must have full access in order to perform administrative tasks. Click Submit to have your changes take effect. 3.4 Routing Settings * This feature should only be used by users with an extensive knowledge of TCP/IP. This screen allows you to enter the Static and Dynamic Routing settings. 3.4.
To specify that gateway you need to define a static route. • • • Destination IP Address: The network address of the remote network Subnet Mask: The subnet mask of the remote network Gateway IP Address: The IP address to be used as a gateway to the remote network 3.4.2 Dynamic Routing Settings The router is capable of exchanging routing information with other routers on a LAN. It does this by exchanging packets using the Routing Information Protocol (RIP).
3.5 Filter Settings Filter Settings give you additional control over what users on your local network can see on the Internet, or what users on the Internet can connect to on your local network. LAN filters control what resources on the Internet your local users can connect to. WAN filters allow extra control (beyond what the built-in firewall provides) over what users on the Internet can see on your local network. LAN and WAN filters may be enabled separately. By default they are both disabled.
Your selections should look like this: • • • • • • LAN Side Filter Enabled: Enabled Default LAN Side Filter: Pass Filter Entry: Block Protocol: TCP IP Address Range: 192.168.123.10 to 192.168.123.20 Destination Port Range: 119-119 Click Save to add the filter rule (to delete a filter rule, check the “del” box and click the del button). This filter will prevent any LAN user whose IP address is in the indicated range from using NNTP. 3.5.
3.6 Administrative Settings In this screen, you can set several administrative options for the router simply by entering a password or checking various options that are listed. 3.6.1 Password Settings To prevent unauthorized access to the router, it is highly recommended that you change from no password (default) to a password of your choosing, and keep it in a safe place. Simply enter the new password in the New Password field and retype it for verification.
3.6.2 Remote System Administration You may configure your router to allow a user on the Internet to administer it. The default setting 0.0.0.0 means that a user from any IP address may administer the router. You should carefully consider the possible security risks of leaving this setting at the default. It is safer to enter the IP address of a known computer on the Internet. For example, you may set up the router so that you are able to administer it from your computer at work.
ISP sets the limit on packet size for PPPoE connection, in which case, you will have to change the MTU setting. See your ISP for details on packet size limits. 3.7 Dynamic DNS Settings Ordinarily, a static IP address is required if you want users on the Internet to be able to find you with a name for your computer rather than a numerical address. Dynamic DNS providers arrange for users who get a dynamic IP address to be able to use a name.
may enable the Use wildcards feature. 3.8 URL Filter Settings This feature allows you to block access to certain websites on the Internet. You can specify words or letters that, if they appear in the website name (the URL) or newsgroup name, will cause the site to be blocked by the router. Click the check box to enable the URL Filter function, and enter a key word into the Filter String field. Press Add. After entering all of the desired strings, click Submit to enter the data. 3.
To enable this feature, access the E-mail Alert screen from the Advanced Settings page and check the box Enable E-mail Notification. Next, enter the IP address of the outgoing mail server and the destination e-mail address in the given fields and select the frequency for receiving E-mail alerts. 3.10 Save and Restart Each time you submit or add or change data, the Save & Restart page will appear. To continue configuration, select the appropriate option to be taken back to that page.
FriendlyNET VPN Security Router
Chapter 4. VPN Configuration If you require more than an ordinary, unencrypted connection to the Internet, the router supports IPSec to allow secure communications from a network to another network, or from a client to a network. The Virtual Private Network (VPN) protects your data by encrypting it while it is sent across the Internet. Additionally, it assures that the traffic you are receiving is actually from the computer you are expecting to exchange traffic with.
LAN 1 VR2004 A Internet VR2004 B LAN 2 WAN IP: 172.16.0.123 Netmask: 255.255.255.0 LAN IP: 192.168.123.254 WAN IP: 10.10.0.123 Netmask: 255.255.255.0 LAN IP: 192.168.100.254 You will require three pieces of information about each LAN that is taking part in a VPN connection: 1. 2. 3. The remote Network IP address of the LAN. This will usually be the same as the address of the LAN port of the router, with the last segment of the address changed to ‘0’. The remote IP Netmask.
VR2004 ‘A’ (West end) • • • • • • • Connection Name: West-East Local IPSec Identifier: West (Allows you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel. May be left blank. The default value is Local.) Remote IPSec Identifier: East (Allows you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel. Maybe left blank. The default value is Remote.) Remote IP Network: 192.168.100.254 Remote IP Netmask: 255.255.
• • • • Remote IP Network: 192.168.123.0 Remote IP Netmask: 255.255.255.0 Remote Gateway IP: 172.16.0.123 Network Interface: WAN ETHERNET 4.2 Client-to-Network To connect a remote client PC to your network, use one of the following configurations based on the type of IP address of the client: Mode 1— Dynamic IP Address The remote PC obtains a dynamic IP address, and the user has to setup the IPSec Client software (i.e. SSH).
Internet PC A WAN IP: 172.16.0.123 Netmask: 255.255.255.0 Virtual LAN IP: 192.168.123.0 VR2004 WAN IP: 10.10.0.123 Netmask: 255.255.255.0 LAN IP: 192.168.100.254 Mode 2 • • • • • • Remote IP Network: 192.168.123.0 Remote Netmask: 255.255.255.0 Remote Gateway IP: 172.16.0.123 Network Interface: The interface on the router used to communicate with the remote network.
The preferred way to do this is with automatic keying using the Internet Key Exchange Protocol (IKE). This requires that your ISP or firewall allows traffic for TCP port 500. Check with your ISP or network administrator if you are not sure if traffic for TCP port 500 is allowed. If IKE is impossible for some reason, you can set up the router’s keys for each tunnel manually. This is described in more detail below (see section 4.4).
4.3.3 Pre-Shared Key IKE can establish a key for the two ends of the tunnel to use to encrypt the traffic bound for the other network, but it cannot guarantee that the router on the other end of the tunnel can be trusted. The Pre-Shared key is used to establish that trust. Enter an alphanumeric name to be the Pre-Shared Key (max. length is 256 characters). The value must match the key name of the remote device. 4.3.
The following sections describe the parameters that will need to be entered for a manually keyed tunnel. 4.4.1 Incoming and Outgoing SPI (Security Parameter Index) The SPI is a 32-bit field that the router will use to identify the Secure Association. Enter a different 8 hexadecimal digit (such as “12abcdef” or “01234567”) into each the Incoming SPI and Outgoing SPI fields. The incoming SPI MUST match the outgoing SPI at the other end of the tunnel.
4.4.5 Authentication Key This string is used as key authentication. Use an alpha-numeric value of 16 characters (MD5) or 20 characters (SHA-1). Note: The value entered must match that used by the remote device. After configuring all the VPN values that are required, click on the Save button. This accesses the Save & Restart page. Click the Save & Restart button. Do not turn off the router while it is saving. To further edit or delete a VPN tunnel, access the VPN Settings page from the Setup Wizard.
FriendlyNET VPN Security Router
Appendix A. Warranty Statement and FriendlyCare Support Subject to the limitations and exclusions below, Asanté warrants to the original end user purchaser that the covered products will be free from defects in title, materials and manufacturing workmanship for a period of two years from the date of purchase. This warranty excludes fans, power supplies, non-integrated software and accessories.
LOSS, DAMAGE TO PROPERTY AND, TO THE EXTENT PERMITTED BY LAW, DAMAGES FOR PERSONAL INJURY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE). THESE LIMITATIONS SHALL APPLY EVEN IF ASANTE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF THIS WARRANTY IS FOUND TO FAIL OF ITS ESSENTIAL PURPOSE.
Appendix B. FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
FriendlyNET VPN Security Router
Appendix C. Troubleshooting Before beginning the troubleshooting process, please check the System Requirements found in Chapter 1 have been met. If not, resolve the System Requirement deficiencies before attempting to troubleshoot further. C.1 Troubleshooting with the Status LEDs Consult Chapter 1.4 for information on the normal operation of the LEDs. For brevity, this table only shows abnormal or unusual status conveyed by the LEDs.
C.2 Problems Accessing Router If you have problems accessing the router, please check the following: 1. 2. 3. Can you ping 192.168.123.254? If so, disable the proxy in your browser's setting. If http://192.168.123.254 does not work, try http://192.168.123.254:88. If you are unable to ping the router, do the following: a. Check the configuration of the computer. It must be on the same subnet as the router (192.168.123.xxx).
C.3 Cabling Problems Network cables connect devices in an Ethernet network, such as computers, printers, hubs, routers and Cable/DSL modems. The network connections provided by Ethernet cabling allow the devices to share information, and allow a LAN to access the Internet. Faulty Ethernet cables can cause problems in an otherwise healthy network, creating periods of downtime which can be both frustrating and costly. Follow the steps below if you suspect the problem is with your cabling: 1. 2. 3.
2. 3. If the port functions correctly, make sure the router is attached to an Uplink Port on the hub or switch. If there is an Uplink button on the hub or switch, make sure it is in the Uplink position. If there is no uplink port on the hub or switch, then you will need to purchase a crossover cable from your electronics dealer. Note: Most workstation cables purchased from computer or electronic stores will be wired to T568A or T568B specifications.
Appendix D. Renewing Client IP Addresses Perform the following to renew the IP addresses of client computers after configuring your VR2004 Series Router: D.1 Windows 98/Me Perform the following steps to Release and Renew the IP Address on each client attached to the router: 1. 2. 3. 4. 5. 6. 7. Go to the Start Button on the lower menu bar. Select Programs/DOS Prompt from the menu. At the DOS Prompt, type winipcfg and press Enter. Select your adapter card from the list shown. Click the Release All button.
FriendlyNET VPN Security Router
Appendix E. Service Ports The table below lists some of the more common TCP and UDP service ports.
FriendlyNET VPN Security Router
Appendix F. Hardware and Software Compatibility Protocols Supported TCP/IP, NAT, DHCP, PPP, PPPoE, VPN Network and Client Platforms compatibility Windows 95/98/NT/2000/Workstation Microsoft Windows NT Server UNIX System (Linux, OpenBSD, SCO-UNIX) Application Software Compatibility Microsoft Internet Explorer Netscape Navigator/Communicator FTP related software ICQ NetMeeting V3.
FriendlyNET VPN Security Router
Appendix G. Specifications Connectors: VR2004AC Status Indicators: Wireless (VR2004AC only) ports. LAN: 4 Fast Ethernet (100BaseTX, 10BaseT): RJ-45 WAN: 1 Fast Ethernet (100BaseTX, 10BaseT): RJ-45 COM: Serial (analog modem or ISDN TA): DB9 WLAN: 11 Mbps (802.
Advanced Settings DHCP: Virtual Server: Static Routing: Dynamic Routing: LAN Filtering: WAN Filtering: Administration: Dynamic DNS: URL Filtering: Email Alert: System Tools Intruder Detection: Routing Table: System Status: Settings: Upgrade Firmware: Reset Device: Security Features Firewall: 66 Dynamic host configuration protocol automatically assigns IP address to specified clients. Choose address pool range. Reserve LAN IP addresses for selected devices (by MAC addresses).
Intrusion: Access Control: Business Controls: Applications Interoperability Microsoft: Apple: Messaging: Others: Tournament Standards Compliance Network: VPN Encryption: Triple DES (3DES) Wireless Encryption: Authentication: secure hash algorithm (NIS94c) Password: and MSCHAP Key Management: ISAKMP, Oakley, and Skeme Routing: 2 (RFC 1721) Translation: Transmission: User’s Manual Detects 11 types of denial of service (DOS) attacks including: ping of death (illegal ping packet), SYN flood (detects if SYN
Performance Processor: Memory: LAN: WAN: WLAN: Physical Characteristics Dimensions: Weight: Environmental Range Operating Temperature: Relative Humidity: Power: (100~240 VAC, 0.6 A) Emissions: Support Product Warranty Technical Support: Product Updates: 68 32-bit RISC CPU Upgradeable FLASH firmware from web browser 10/100 Mbps 10/100 Mbps Up to 11 Mbps 7.9 x 5.9 x 1.7 inches (201 x 151 x 44 mm) VR2004C: 1.0 pounds (0.45 Kg) VR2004AC: 1.01 pounds (0.
Appendix H. Configuring a System Log Server Because the router’s memory cannot hold as many messages as a computer with a hard drive, you can have the router send its System Log messages to a server on the network. The ability to receive system log messages is most common on Unix-type systems. The following section describes how to set up a syslog server on Red Hat Linux. H.
# /etc/init.d/syslog restart 4. A default install of a recent version of Red Hat Linux has probably also configured a firewall that may be blocking access to the syslog port. Usually ipchains is used by default. To add a rule to the firewall for ipchains, edit the file /etc/sysconfig/ ipchains and add a rule allowing access to UDP port 514: #Allow router to send syslog messages: -A input -s 192.0.2.
ConsoleMessage "Starting system log" if [ -f /etc/syslog.conf ]; then if ! pid=$(GetPID syslog); then rm -f /dev/log syslogd fi else echo "Warning: syslogd was not started" fi } -2. Add a parameter -u to the end of the line that starts the daemon: syslogd -u 3. 4. Save the file. We also want to configure the system logger to use a specific file for messages from the router. We'll assume that the router has been configured to use facility local5. Edit /etc/syslog.
8. Select Other under Port Name. Enter 514 and syslog in the Port Number and Description fields, and click OK. You should now see messages begin to appear in the selected router.log file. Note: The default firewall tool provided by Mac OS X doesn't provide a way to limit access only to one IP address. You can download a third party utility that will allow you to create more complicated rules (for example, sunShield, found at http://homepage.mac.com/opalliere/shield_us. html). H.
Appendix I. Your 802.11b Wireless Network Thank you for choosing Asanté for your wireless networking solutions. In order to make wireless networking as safe and easy as possible, please consider the following information when setting up and using your wireless network. Optimum Performance The quality of your wireless network performance depends on numerous factors, including the distance from the access point, structural interference, and the placement and orientation of the wireless device(s).
• • The type of walls, windows, doorways or other building structures will affect the range of the wireless signal.
MAC Address Control Every network device has a unique hardware address known as a media access control (MAC) address. Enabling MAC address control allows you to control LAN and WAN access for each client in your network. Hackers will be denied access using outside devices. WEP Encryption Wired Equivalency Privacy (WEP) security protocol offers basic privacy protection, but should be used to make it more difficult for hackers to intercept data or access your network.
Asanté Technologies, Inc. 821 Fox Lane San Jose, CA 95131 FriendlyNET VR2004 Series VPN Security Router User’s Manual SALES 800-662-9686 Home/Office Solutions 800-303-9121 Enterprise Solutions 408-435-8388 TECHNICAL SUPPORT 801-566-8991 Worldwide 801-566-3787 FAX www.asante.com Copyright © 2003 Asanté Technologies, Inc. Asanté is a registered trademark of Asanté Technologies, Inc. FriendlyNET is a trademark of Asanté Technologies, Inc.