Network Router User Manual

ManualsBrandsMultitech ManualsNetwork RouterROUTEFINDER RF820-AP

RouteFinder

SOHO

SOHO Security Appliance

RF820 & RF820-AP

RF830 & RF830-AP

User Guide

Summary of content (94 pages)

PAGE 1
RouteFinder® SOHO SOHO Security Appliance RF820 & RF820-AP RF830 & RF830-AP User Guide
PAGE 2
Copyright and Technical Support User Guide RouteFinder SOHO Security Appliance Models: RF820 & RF820-AP RF830 & RF830-AP Document Product Number S000399E, Revision E Copyright © 2006-2009 This publication may not be reproduced, in whole or in part, without prior expressed written permission from MultiTech Systems, Inc. All rights reserved. Multi-Tech Systems, Inc.
PAGE 3
Table of Contents Contents Chapter 1 – Introduction and Description ................................................................................................ 4 Key Features ......................................................................................................................................... 4 Feature Details ...................................................................................................................................... 5 RouteFinder Ship Kit Contents ........
PAGE 4
Chapter 1 – Introduction and Description Chapter 1 – Introduction and Description Welcome to the world of Internet security. Your Multi-Tech RouteFinder SOHO security appliances, models RF820 and RF830, and RouteFinder wireless security appliances, models RF820-AP and RF830-AP, are ideal for the small office or home office (SOHO) that needs secure access to a corporate LAN.
PAGE 5
Chapter 1 – Introduction and Description Feature Details • • Secure VPN Connections. The RouteFinder SOHO security appliance uses the IPSec or PPTP industry standard protocol, data encryption, and the Internet to provide high-performance, secure VPN connections. For LAN connectivity, the RouteFinder SOHO security appliance utilizes the IPSec protocol to provide up to 15 tunnels with strong 3DES or AES encryption using IKE and PSK key management.
PAGE 6
Chapter 1 – Introduction and Description RouteFinder Ship Kit Contents The RouteFinder shipping box contains the following items: • One SOHO RouteFinder • Power Supply • 2.4 GHz 5dBi SWI-Reverse-F Swivel Access Point Antenna (Included with the wireless models only) • Ethernet cable (included with the RF830 model) • This Quick Start Guide • IPSec VPN Client 30-day evaluation software on CD (not the full working version) • One RouteFinder CD which contains RouteFinder documentation and Adobe Acrobat Reader.
PAGE 7
Chapter 1 – Introduction and Description Telecom Warnings for the Modem 1. 2. 3. 4. 5. 6. 7. 8. 9. Never install telephone wiring during a lightning storm. This product must be disconnected from the telephone network interface when servicing. This product is to be used with UL and cUL listed computers. Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface. Use caution when installing or modifying telephone lines.
PAGE 8
Chapter 1 – Introduction and Description Back Panels RF820 RF820-AP RF830 RF830-AP Connector Description Antenna Connector Connector for the 2.4 GHz 5dBi SWI-Reverse-F antenna. Note: The antenna must be attached in order for the RouteFinder to be operational. WAN The WAN (10/100BaseT) port connects the DSL modem or cable modem. The RF820 and 820-AP have one WAN port and the RF830 and RF830-AP have two WAN ports. LAN Ports There are 4 LAN ports.
PAGE 9
Chapter 1 – Introduction and Description Typical Applications Remote User. The client-to-LAN application replaces traditional dial-in remote access by allowing a remote user to connect to the corporate LAN through a secure tunnel over the Internet. The advantage is that a remote user can make a local call to an Internet Service Provider, without sacrificing the company’s security, as opposed to a long distance call to the corporate remote access server. Branch Office.
PAGE 10
Chapter 1 – Introduction and Description Specifications These specifications are for the RF820/820-AP and RF830/830-AP. See the next page for the 802.11b/g specifications.
PAGE 11
Chapter 1 – Introduction and Description Specifications for 802.11b/g Interface Specifications RF8230AP and RF830AP Network Standards IEEE 802.11b IEEE 802.11g 2.400-2.4835GHz Frequency Band Data Rate Media Access Control Channel IEEE 802.11b (auto-fallback): • CCK: 11, 5.5 Mbps • QPSK: 2 Mbps • BPSK: 1 Mbps IEEE 802.11g (auto-fallback): • OFDM: 54, 48, 36, 24, 18, 12, 9 and 6 Mbps CSMA/CA with ACK IEEE 802.11b Ch. 1 to 11 – North America Ch. 1 to 14 – Japan Ch. 1 to 13 – Europe ETSI Ch.
PAGE 12
Chapter 2 – Installation Chapter 2 – Installation Cabling Your RouteFinder Your RouteFinder requires making the appropriate connections to PCs, a cable or xDSL modem, an analog modem or ISDN TA, and AC power. After your device is properly cabled, it must be configured. See Chapter 3 for basic directions. For advanced configurations, see the User Guide. RF820 1. Turn the power off on all network devices (PCs, cable modems, DSL modems, analog modems, ISDN TAs, and the router). 2.
PAGE 13
Chapter 2 – Installation RF830 1. Turn the power off on all network devices (PCs, cable modems, DSL modems, analog modems, ISDN TAs, and the router). 2. Plug one end of a RJ-45 cable into the Ethernet port on the PC and other into one of the LAN port on the RouteFinder. (If you have more than one PC, connect the others in the same way to the other LAN ports). 3. Connect a network cable from the DSL modem or cable modem to the WAN port on the RouteFinder.
PAGE 14
Chapter 3 – Setting up a Workstation and Starting the RouteFinder Chapter 3 – Setting up a Workstation and Starting the RouteFinder This section of the User Guide covers the steps for setting up TCP/IP communication on the PC(s) connected to the RouteFinder, starting up the RouteFinder, and opening the RouteFinder Web Management program. Establish TCP/IP Communication Notes: The RouteFinders have built-in DHCP server functionality, so you can set the PC to obtain a dynamic IP address.
PAGE 15
Chapter 3 – Setting up a Workstation and Starting the RouteFinder 4. The Local Area Connection Properties dialog box displays. • Select Internet Protocol [TCP/IP]. • Click the Properties button. 5. Once you click the Properties button, the following screen displays (below) . To have your DCHP client obtain a dynamic IP address, click the button for Obtain an IP address automatically. 6. Close out of the Control Panel. 7. Repeat these steps for each PC on your network.
PAGE 16
Chapter 3 – Setting up a Workstation and Starting the RouteFinder Open a Web Browser Note: Be sure that the RouteFinder is cabled and that the power is connected as shown in Chapter 2. Bring up a Web browser on the PC. 1. Type the default gateway address line: http://192.168.2.1 2. Press Enter. Note: Make sure your PC’s address is on the same network as the router’s address. IPCONFIG is a tool for finding out a PC’s IP configuration (the default gateway and the MAC address).
PAGE 17
Chapter 3 – Setting up a Workstation and Starting the RouteFinder Web Management Software Opens This is the Home screen from which you can access all setup functions. Note: Only the top portion of the Home screen is shown here. Navigating the Screens Before using the software, you may find the following information about navigating through the screens and the structuring of the menus helpful. Menu Bar Sub Menu Other Options Screen Name Input Area Multi-Tech Systems, Inc.
PAGE 18
Chapter 3 – Setting up a Workstation and Starting the RouteFinder Menu Bar See menu categories and their submenus below. Sub-Menus Each Menu Bar selection has its own sub-menu, which displays on the left side of the screen. When you click one of the Main Menu choices, the first screen listed in the sub-menu displays. You can choose other sub-menu options/screens by clicking on your sub-menu choice. This is an example of the Administration sub-menu. It displays when you click Administration.
PAGE 19
Chapter 4 – Configuring the RouteFinder Chapter 4 – Configuring the RouteFinder Now that the cabling is completed and each PC on the network is configured to accept the IP addresses that the RouteFinder will provide, you are ready to configure your RouteFinder. Note: The antenna must be attached in order for the RouteFinder to be operational. About the Browser Interface Initial configuration is required in order for you to begin operation. The browser-based interface eases configuration and management.
PAGE 20
Chapter 4 – Configuring the RouteFinder Using the Wizard Setup Screen to Configure Your RouteFinder Using the Wizard Setup is a quick way to enter the basic configuration parameters to allow communication between the LAN workstation(s) and the Internet as shown in the example below. Important Note: An initial configuration must be completed for each type of RouteFinder functions: firewall configuration, LAN-to-LAN configuration, a LAN-to-Remote Client configuration.
PAGE 21
Chapter 4 – Configuring the RouteFinder Wizard Setup RF820/RF820-AP and RF830/RF830-AP Wizard Setup Click the Wizard Setup button located under the Menu Bar. The following screen displays. Use the same directions for the RF820/RF820-AP and RF830/RF830-AP. Screen Notes: • PPP Client for Cellular/Analog Modem Backup is available on the RF820/RF820-AP only. • The RF830/RF830-AP has two WAN ports; the RF820/RF820-AP only one.
PAGE 22
Chapter 4 – Configuring the RouteFinder Wizard Setup ISP Settings WAN 1 Select the way the IP Address should be assigned for the WAN link. The default is DHCP Client. When you select Static IP or PPPoE, the input fields change. • WAN 1 DHCP Client Choice DHCP (Dynamic Host Configuration Protocol) is a protocol that allows individual devices on an IP network to get their own network configuration information (IP address, subnet mask, broadcast address, etc.) from a DHCP server.
PAGE 23
Chapter 4 – Configuring the RouteFinder Wizard Setup • WAN 1 PPPoE Choice PPPoE (Point-to-Point over Ethernet) is a specification for connecting multiple computer users on an Ethernet local area network to a remote site through DSL or cable modems or wireless connection to the Internet. The following fields display when you select PPPoE: User Name Enter the user name give by the ISP. Example: user1@xyz.com or user 1 Password Enter the user’s password. These characters are not allowed: <, >.
PAGE 24
Chapter 4 – Configuring the RouteFinder Wizard Setup • WAN 1 PPPoE Choice (Continued) MTU A Maximum Transmission Unit (MTU) is the size (in bytes) of the largest packet that can be passed onwards. To read more about MTU, see the following Web site: The default for this field is 1412, which should be acceptable for most applications. http://en.wikipedia.org/wiki/Maximum_transmission_unit Also see the hyperlinked references listed on this Web site.
PAGE 25
Chapter 4 – Configuring the RouteFinder Wizard Setup Save & Restart Button Under Menu Bar Select the Save and Restart button located just under the menu bar. The Save and Restart screen displays. Save to Flash Memory If a connection is established, then the settings have been entered correctly and your basic configuration is now complete. Now, you must save your settings to the Flash Memory; this saves the current settings in the flash prom and prevents settings from getting lost at the next power up.
PAGE 26
Chapter 5 – Configuration Using Web Management Software Administration > System Setup Chapter 5 – Configuration Using Web Management Software This chapter takes you screen-by-screen through the software. Administration Administration > System Setup In the Administration part of the software, you can set the RouteFinder general system-based parameters. System Setup includes the setting the Administrator's email address and the types of email notifications that will be sent to the System Administrator.
PAGE 27
Chapter 5 – Configuration Using Web Management Software User Name If your mail server accepts connection only after a user name and password are authenticated, enter your user name. Password If your mail server accepts connection only after a user name and password are authenticated, enter your password. Email Address Enter the email address of the administrator who will receive the email notifications. Enter it in proper user@domain format. Click Save.
PAGE 28
Chapter 5 – Configuration Using Web Management Software Administration > Administrative Access Administration > Administrative Access The networks and hosts that are allowed to have administrative access are selected on this screen. This is a good way to regulate access to the configuration tools. Screen Note: If you are using the AP build and you select Independent Subnet on the Network Setup > Wireless LAN screen, WLAN Interface is available in the drop down list box of Available Networks/Hosts.
PAGE 29
Chapter 5 – Configuration Using Web Management Software Administration > Administrative Access Change Password You should change the password immediately after initial installation and configuration, and also change it regularly thereafter. Old Password, New Password, Confirmation To change the password, enter the existing password in the Old Password field, enter the new password into the New Password field, and confirm your new password by re-entering it into the Confirmation entry field.
PAGE 30
Chapter 5 – Configuration Using Web Management Software Administration > System Logs Administration > Remote Syslog Administration > System Logs Screen Notes: • PPP Dial Backup Logging is available on the RF820/RF820-AP only. • The RF830/RF830-AP has two WAN ports; the RF820/RF820-AP only one. RF820 Screen RF830 Screen Enable System Logs To enable the RouteFinder System Logs, place a checkmark across from the log you want enabled. Then click the Save button.
PAGE 31
Chapter 5 – Configuration Using Web Management Software Administration > SNTP Client Administration > SNTP Client SNTP (Simple Network Time Protocol) is an internet protocol used to synchronize the clocks of computers on the network. Clicking the SNTP Client check box enables the firewall to act as a SNTP client. SNTP Configuration General Configuration SNTP Client Enable or disable the SNTP Client to contact the configured server on the UDP port 123 and set the local time. Default is Disable.
PAGE 32
Chapter 5 – Configuration Using Web Management Software Administration > SNTP Client Time Zone Configuration Time Zone Enter your time zone. Default = UTC (Universal Coordination). See the following Web site for Time Zone information: http://wwp.greenwichmeantime.com/info/timezone.htm Time Zone Offset Enter +/- hh:mm. Default = +00:00. Offset is the amount of time varying from the standard time of a Time Zone. Daylight Configuration Daylight Saving Enables/disables Daylight Saving mode. Default is Enable.
PAGE 33
Chapter 5 – Configuration Using Web Management Software Administration > Tools Administration > Tools There are three tools that can help you test and maintain network connections and RouteFinder functionality. Ping and Trace Route test the network connections on the IP level.
PAGE 34
Chapter 5 – Configuration Using Web Management Software Administration > Tools Administration > Factory Defaults Trace Route Trace Route is a tool for finding errors in the network routing. It lists each router’s addresses on the way to remote systems. If the path for the data packets is temporarily unavailable, the interruption is indicated by asterisks (*). After a number of tries, the attempt is aborted.
PAGE 35
Chapter 5 – Configuration Using Web Management Software Networks & Services > Network Configuration Networks & Services Networks & Services > Network Configuration The names, addresses, and network masks or hosts are defined here. Edit and Delete options are used for editing or deleting the networks/hosts. However, the name of the network/host cannot be edited. The Edit link has to be clicked in order to change the address or mask entries. When you click Edit, the corresponding address and mask displays.
PAGE 36
Chapter 5 – Configuration Using Web Management Software Networks & Services > Network Configuration RF830/RF830-AP Network Configuration Screen Screen Note: If the AP build is used, it will display the additional networks: WLAN and WLANInterface. Network Configuration Fields Name Enter the name of network or host you want added to the list. This name has to unique; in other words, it should not be present in the displayed list. A space cannot be used in the name; it is considered an invalid character.
PAGE 37
Chapter 5 – Configuration Using Web Management Software Networks & Services > Service Configuration Networks & Services > Services On this screen you can specify the standard set of well known services available on the system. These services enable the configuration of the user defined services. The options to Delete or Edit a service after it has been defined and added are available by using the table at the bottom of the screen. However, standard sets of well known services cannot be edited or deleted.
PAGE 38
Chapter 5 – Configuration Using Web Management Software Networks & Services > Service Configuration Service Configuration Name Enter the name of network or host you want added to the list. This name has to unique; in other words, it should not be present in the displayed list. A space cannot be used in the name; it is considered an invalid character. After you have entered the name, click the Add button. Protocol Select from the following protocols: TCP, UDP, TCP & UDP, ICMP, AH, and ESP.
PAGE 39
Chapter 5 – Configuration Using Web Management Software Network Setup > IP Settings Network Setup Network Setup > IP Settings Screen Notes: Submenu Differences Between the RF820/RF820-AP and RF830/RF830-AP • The RF820/RF820-AP submenu lists a screen for PPP Cellular/Analog Modem Backup. • The RF830/RF830-AP submenu lists a screen for Load Balancing. Screen Differences Between the RF820/RF820-AP and RF830/RF830-AP • The RF830/RF830-AP includes an additional input section for WAN 2.
PAGE 40
Chapter 5 – Configuration Using Web Management Software Network Setup > IP Settings LAN IP Address 192.168.2.1 defaults into this field. Subnet Mask 255.255.255.0 defaults into this field. These should be acceptable for your site. WAN 1 & WAN 2 (WAN 2 is for the RF830/RF830-AP only) Select they way the IP Address should be assigned for the WAN link. The default is DHCP Client. When you select Static IP or PPPoE, the input fields change.
PAGE 41
Chapter 5 – Configuration Using Web Management Software Network Setup > IP Settings WAN Choice: PPPoE PPPoE (Point-to-Point Protocol over Ethernet) is a specification for connecting multiple users on an Ethernet local area network to a remote site through DSL or cable modems or wireless connection to the Internet. The following fields display when you select PPPoE: User Name Enter the ADSL user name give by the ISP. Example: user1@xyz.com or user 1 Password Enter the user’s password.
PAGE 42
Chapter 5 – Configuration Using Web Management Software Network Setup > Wireless LAN Network Setup > Wireless LAN Screen Note: This screen applies to the RF820-AP and RF830-AP only. Use the following screen to setup the wireless LAN (WLAN) interfaces. WLAN Settings Name (SSID) An SSID is the name of a wireless local area network (WLAN). All wireless devices on a WLAN must employ the same SSID in order to communicate with each other.
PAGE 43
Chapter 5 – Configuration Using Web Management Software Network Setup > Wireless LAN > WLAN Security Network Setup > Wireless LAN > WLAN Security Screen Note: This screen applies to RF820-AP and RF830-AP only. Select the Security option for the Wireless LAN network. The default is Disable. WLAN Security Select Security Select the Security option from the drop down box for the Wireless LAN network. Each selection will display a separate set of input fields.
PAGE 44
Chapter 5 – Configuration Using Web Management Software Network Setup > Wireless LAN > WLAN Security WEP Key The WEP Key is used to encrypt/decrypt the data. Enter the Key value based on the WEP Encryption Strength. WEP Key to Index The Key Index shows in which order the WEP Key values are stored. Example: WEP Key Index: 1 This means that the WEP Key is stored as the first WEP Key in the configuration. • Security Selections – WPA-PSK and WPA2-PSK This is the WAP-PSK screen.
PAGE 45
Chapter 5 – Configuration Using Web Management Software Network Setup > Wireless LAN > WLAN Security Idle Timeout (for WPA2-PSK only) Enter the amount of idle time in minutes that will pass before the Key will timeout (for the WPA2-PSK Key only). Group Key Rekeying The encryption keys are automatically changed (called rekeying) and authenticated between devices after a specified period of time or after a specified number of packets has been transmitted. This is called the rekey interval.
PAGE 46
Chapter 5 – Configuration Using Web Management Software Network Setup > Wireless LAN > WLAN Client Filter Network Setup > Wireless LAN > WLAN Client Filter Screen Note: This screen applies to the RF820-AP and RF830-AP only. WLAN Client Filter The WLAN Client Filter is used to Allow/Reject the wireless station's association with the Access Point. Access Control Status Check this box to enable Access Control on the WLAN.
PAGE 47
Chapter 5 – Configuration Using Web Management Software Network Setup > Advanced IP Settings Network Setup > Advanced IP Settings Specify the Host Name, the External Server for the system and the IP Aliases for each of the interfaces. Host Name The Host Name must be defined for your RouteFinder. The name must be entered into this format: FIREWALL.mydomain.com. Click the Save button. Example: Localhost.xscale.com WINS Server Enter a name for the WINS Server. Click the Add button.
PAGE 48
Chapter 5 – Configuration Using Web Management Software Network Setup > PPP Cellular/Analog Backup Network Setup > PPP Cellular/Analog Backup Screen Note: This screen applies to the RF820/RF820-AP only. The PPP link is used as a backup link to the WAN interface. If the Internet Keep-alive URLs (see below) are not reachable through the WAN Ethernet interface, the PPP backup link automatically comes up and the system regains its connection to the ISP.
PAGE 49
Chapter 5 – Configuration Using Web Management Software Network Setup > PPP Cellular/Analog Modem Backup Idle Timeout Enter the amount of time in seconds that you want to elapse before the link will disconnect. The link will stay connected as long as there is traffic. User Name Enter the user name to authenticate the RouteFinder with the ISP. The User Name is optional. Password Enter the user password. These special characters cannot be used: <, >. The Password is optional.
PAGE 50
Chapter 5 – Configuration Using Web Management Software Network Setup > Load Balancing Network Setup > Load Balancing Screen Note: Load Balancing applies to the RF830/RF830-AP only. Load Balancing distributes LAN-to-LAN traffic over two or more WAN links. This allows for the amount of traffic on each line to be based on a specified weighed value so that communication can be made faster and more reliable.
PAGE 51
Chapter 5 – Configuration Using Web Management Software Network Setup > Dynamic DNS Network Setup > Dynamic DNS The DDNS Client is used to update the IP address of the modem/router in a DDNS server for the configured domain name whenever the IP Address changes, thus, leaving the domain name to be pointing to the current IP Address of the modem/router all the time. Screen Notes: • This screen applies to the RF820/RF820-AP and the RF830/RF830-AP.
PAGE 52
Chapter 5 – Configuration Using Web Management Software Network Setup > Dynamic DNS Use Wildcard If this option is enabled, subdomains of the registered domain will also be resolved to the same IP address. For example, if test.dyndns.org has been registered and the IP address it is resolved to is a.b.c.d., all subdomains like dns.test.dyndns.org will also get resolved to a.b.c.d. However, this will work only if the dynamic DNS server supports this option.
PAGE 53
Chapter 5 – Configuration Using Web Management Software Network Setup > Static Routes Network Setup > IP Masquerading Network Setup > Static Routes Routing information is used by every computer connected to a network to identify whether it is sending a data packet directly to the firewall or passing it on to another network. This screen can be used to describe the networks to be reached through a configured gateway. Add Static Routes Static Route Network Select a defined network from the drop down list.
PAGE 54
Chapter 5 – Configuration Using Web Management Software Network Setup > SNAT Network Setup > SNAT The SNAT (Source Network Address Translation) process allows attaching private networks to public networks. SNAT is used when you want to have a LAN using a private IP network to be connected to the internet via a firewall. Since the private IP addresses are not routed on the internet, you have to apply SNAT on the firewall’s external interface.
PAGE 55
Chapter 5 – Configuration Using Web Management Software Network Setup > DNAT Network Setup > DNAT The DNAT (Destination Network Address Translation) process allows placing servers within the protected network and making available for a certain service to the outside world. Normally, the RouteFinder has a network server running in the LAN providing a network service with an address in the specified range, and wants this service accessible to the outside world.
PAGE 56
Chapter 5 – Configuration Using Web Management Software Packet Filters > Packet Filter Rules Packet Filters Packet Filter > Packet Filter Rules Packet filters are used to set firewall rules which define what type of data traffic is allowed across the RouteFinder's firewall. There are certain System Defined Rules that exist by default. In addition, you can specify whether particular packets are to be forwarded through the RouteFinder system or filtered.
PAGE 57
Chapter 5 – Configuration Using Web Management Software Packet Filters > Packet Filter Rules Important Note about the Order of Rules: The order of the rules in the table is essential for the correct functioning of the firewall. By clicking the Move button, the order of execution can be changed. In front of rule to be moved, enter the line number that indicates where the rule should be placed. Confirm by clicking OK. By default, new rules are created at the end of the table.
PAGE 58
Chapter 5 – Configuration Using Web Management Software Packet Filters > Advanced Filters Packet Filters > Advanced Filters This section allows configuration of some advanced filter settings. H323 Packets Passthrough Check this box to enable the forwarding of H323 packets across the firewall. PPTP Packets Passthrough Check this box to enable PPTP Packets Passthrough (PPTP NAT support). This includes two features: • Server behind the firewall and clients on the Internet – DNAT of PPTP packets.
PAGE 59
Chapter 5 – Configuration Using Web Management Software Packet Filters > ICMP Packet Filter > ICMP ICMP (Internet Control Message Protocol) is used to test the network connections and the functionality of the RouteFinder. It is also used for diagnostic purposes. ICMP-on-Firewall and ICMP Forwarding always apply to all IP addresses (Any). When these are enabled, all IP hosts can PING the RouteFinder (ICMP-on-Firewall) or the network behind it (ICMP Forwarding).
PAGE 60
Chapter 5 – Configuration Using Web Management Software VPN > IPSec VPN (Virtual Private Network) VPN > IPSec Introduction to Virtual Private Networks A Virtual Private Network (VPN) is a secure communication connection via an insecure medium – usually the Internet. A VPN is useful in situations where information is sent and received via the Internet and it is important that no third party can read or change that information.
PAGE 61
Chapter 5 – Configuration Using Web Management Software VPN > IPSec > Add IKE Connection Add an IKE Connection This section enables setting IPSec tunnels through an IKE connection. Screen Note: Failover is available on the RF830/RF830-AP only. Add IKE Connection Connection Name Enter a text name that will identify the connection for you. Compression Check the compression checkbox to enable IPCOMP, the compression algorithm.
PAGE 62
Chapter 5 – Configuration Using Web Management Software VPN > IPSec > Add IKE Connection Key Life The duration for which the IPSec SA should last is from successful negotiation to expiration. The default value is 28800 seconds and the maximum is 86400 seconds. Number of Retries Specify the number of retries for the IPSec tunnel. Enter zero for unlimited retries. Left Next Hop Next Hop is the address of the next device in a routing table’s path that moves a packet to it’s destination.
PAGE 63
Chapter 5 – Configuration Using Web Management Software VPN > IPSec > Add Manual Connection Add a Manual Connection This section enables setting IPSec tunnels through manual connection. Screen Note: Failover is available only on the RF830/RF830-AP. Add Manual Connection Connection Name Enter a text name that will identify the connection for you. Compression Check the compression checkbox to enable IPCOMP, the compression algorithm.
PAGE 64
Chapter 5 – Configuration Using Web Management Software VPN > IPSec > Add Manual Connection Left Next Hop Next Hop is the address of the next device in a routing table’s path that moves a packet to it’s destination. This setting can be configured or left as a static value: 0.0.0.0. When not configured, the value is set to the Gateway of the Box/Gateway configured on the Interface/Right IP. The selection is based on the Left and Right IP.
PAGE 65
Chapter 5 – Configuration Using Web Management Software VPN > PPTP VPN > PPTP PPTP (Point-to-Point Tunneling Protocol) is a tunneling protocol meant for tunneling IP packets and non-IP packets through the IP only network (the Internet). PPTP offers connections to PPTP clients so that they can become virtual members of the IP pool owned by the PPTP server. In effect, these clients become virtual members of the local subnet regardless of their real IP address.
PAGE 66
Chapter 5 – Configuration Using Web Management Software VPN > PPTP User Authentication Authentication Type Select the desired user Authentication Type and click the Save button: • Local – Authentication type used when local users have individual access rights. • RADIUS – Authentication type used when access rights comes from a central server for user authentication. Local or RADIUS Local Authentication Input User Name – Enter the user’s name in lowercase.
PAGE 67
Chapter 5 – Configuration Using Web Management Software Proxy > HTTP Proxy Proxy While the packet filter filters the data traffic on a network level, the use of a Proxy (also called an Application Gateway) increases the security of the RouteFinder on the application level, as there is no direct connection between client and server. Proxy > HTTP Proxy The HTTP Proxy is a module built into the RouteFinder to redirect HTTP requests from the clients in the LAN to the Internet.
PAGE 68
Chapter 5 – Configuration Using Web Management Software Proxy > Custom URL Filters Proxy > Custom Filters The custom URL list allows URLs to be filtered or forwarded by the RouteFinder. Custom URL lists are configured here. Sets of URLs to be forwarded/filtered for a particular network/host can also be configured. Default Action for Custom URL Lists Default Action The default action can be set to either Allow or Deny. Click the Save button to set the default action.
PAGE 69
Chapter 5 – Configuration Using Web Management Software Proxy > DNS Proxy Proxy > DNS Proxy DNS Proxy is a module used to redirect DNS requests to name servers. This module supports a caching-only name server which will store the DNS entries for a specified item. So, when there is a query next time, the values will be taken from the cache and the response will be sent from the module itself. This will shorten the waiting time significantly, especially if it is a slow connection.
PAGE 70
Chapter 5 – Configuration Using Web Management Software DHCP Server > LAN Subnet Settings DHCP Server DHCP Server > LAN Subnet Settings DHCP (Dynamic Host Configuration Protocol) is a protocol that allows individual devices on an IP network to get their own network configuration information (IP address, subnet mask, broadcast address, etc.) from a DHCP server. The overall purpose of the DHCP is to make it easier to administer a large network.
PAGE 71
Chapter 5 – Configuration Using Web Management Software DHCP Server > LAN Fixed Addresses DHCP Server > WLAN Subnet Settings DHCP Server > WLAN Fixed Addresses The DHCP server can be made to assign a fixed IP address for a particular system by identifying the MAC address. This binding can be made permanent by configuring it here. The same IP address will not be used for any DHCP client with a different MAC address, even if there is no active DHCP connection with that IP address.
PAGE 72
Chapter 5 – Configuration Using Web Management Software Utilities > Backup Utilities > Firmware Upgrade Utilities Utilities > Backup The Backup function lets you save the RouteFinder settings on a local hard disk or exported to a remote client. With a backup file, you can set a recently installed RouteFinder to the identical configuration level as an existing RouteFinder. This is also useful in case there is a problem with your new settings.
PAGE 73
Chapter 5 – Configuration Using Web Management Software Statistics & Logs > System Information Statistics & Logs Statistics & Logs > System Information The System Information screen provides the following information: 1. System Information • Product Modem Number • Firmware Version • MAC Address 2.
PAGE 74
Chapter 5 – Configuration Using Web Management Software Statistics & Logs > Network Interface Details Statistics & Logs > Packet Filter Log Statistics & Logs > Network Interface Details The screen provides information on the network traffic on all the interfaces. Screen Note: The RF830/RF830-AP screen includes statistics for the WAN2 interface.
PAGE 75
Chapter 5 – Configuration Using Web Management Software Statistics & Logs > IPSec Live Log Statistics & Logs > PPTP Live Log Statistics & Logs > DHCP Server Live Log Statistics & Logs > IPSec Live Log IPSec Live Log gives information on connections that are active. IPSec Statistics gives statistics of transmitted and received packets/bytes. Statistics & Logs > PPTP Live Log The PPTP Live Log gives information about users who are logged in into the PPTP server at any given point in time.
PAGE 76
Chapter 5 – Configuration Using Web Management Software Statistics & Logs > PPP Cellular/Analog Log Statistics & Logs > WLAN Client Live Log Statistics & Logs > PPP Cellular/Analog Log The PPP Cellular/Analog Log gives information about the modem connection: Statistics & Logs > WLAN Client Live Log The WLAN Client Live Log lists current WLAN connections. Multi-Tech Systems, Inc.
PAGE 77
Chapter 5 – Configuration Using Web Management Software Statistics & Logs > Log Traces Statistics & Logs > Log Traces Log Traces provides information about the following connections. Logs DHCP Client Log Traces Click the Show button to view connection events between the DHCP Client and the DHCP Server. PPPoE Client Log Traces Click the Show button to view connection events between the PPPoE Client and the DHCP Server. PPTP Log Traces Click the Show button to view PPTP connection events.
PAGE 78
Chapter 6 – Troubleshooting Chapter 6 – Troubleshooting This chapter provides a list of common problems encountered while installing, configuring or administering the RouteFinder. In the event you are unable to resolve your problem, refer to the Warranty information on the MultiTech Web site. For Technical Support, see the copyright page for information about contacting our Technical Support representatives.
PAGE 79
Chapter 6 – Troubleshooting Problem #4 My RouteFinder dials-up a connection but can’t seem to communicate with the ISP. • Verify that your baud rate is not set too high for your modem or ISDN TA. The maximum baud rate that your modem or ISDN claims it can achieve may not be attainable due to poor line or connection quality. Use the RouteFinder Web browser management interface to set the baud rate to a lower rate and retry the connection. • If your connection still doesn’t work, contact your ISP.
PAGE 80
Chapter 7 – Frequently Asked Questions Chapter 7 – Frequently Asked Questions Where is the xDSL/Cable Router installed on the network? In a typical environment, the Router is installed between the Cable/DSL Modem and the LAN. Plug the Cable/DSL Router into the Cable/DSL Modem’s Ethernet port. Does the Router support IPX or AppleTalk? No. TCP/IP is the only protocol standard for the Internet and has become the global standard for communications.
PAGE 81
Chapter 7 – Frequently Asked Questions Does the Router replace a modem? That is, is there a cable or DSL modem in the router? No. The Router must work in conjunction with a cable or DSL modem. Which modems are compatible with the router? The Router is compatible with any cable modem or DSL modem that supports Ethernet. How do I access the Router’s setup pages with a Mac? The router’s setup pages are accessible to the Mac through a browser. Use the default address 192.168.2.1.
PAGE 82
Appendix A – Table of Commonly Supported Subnets Appendix A – Table of Commonly Supported Subnet Addresses This table lists commonly supported Subnets organized by Address. 255.255.255.128 /25 255.255.255.192 /26 255.255.255.224 /27 255.255.255.240 /28 255.255.255.248 /29 Network Number N.N.N.0 N.N.N.128 Hosts Available N.N.N.1-126 N.N.N.129-254 Broadcast Address N.N.N.127 N.N.N.255 Network Number N.N.N.0 N.N.N.64 N.N.N.128 N.N.N.192 Hosts Available N.N.N.1-62 N.N.N.65-126 N.N.N.129-190 N.N.N.
PAGE 83
Appendix A – Table of Commonly Supported Subnets 255.255.255.252 /30 N.N.N.192 N.N.N.200 N.N.N.208 N.N.N.216 N.N.N.224 N.N.N.232 N.N.N.240 N.N.N.248 N.N.N.193-198 N.N.N.201-206 N.N.N.209-214 N.N.N.217-222 N.N.N.225-230 N.N.N.233-238 N.N.N.241-246 N.N.N.249-254 N.N.N.199 N.N.N.207 N.N.N.215 N.N.N.223 N.N.N.231 N.N.N.239 N.N.N.247 N.N.N.255 Network Number N.N.N.0 N.N.N.4 N.N.N.8 N.N.N.12 N.N.N.16 N.N.N.20 N.N.N.24 N.N.N.28 N.N.N.32 N.N.N.36 N.N.N.40 N.N.N.44 N.N.N.48 N.N.N.52 N.N.N.56 N.N.N.60 N.N.N.
PAGE 84
Appendix B – Antenna for the Wireless RouteFinder Appendix B – Antenna for the Wireless RouteFinder The Antenna Your ship kit for the wireless RouteFinders (RF820-AP and RF830-AP) includes a 2.4 GHz 5dBi SWI-Reverse-F Swivel Antenna. Important Notes: • The antenna for this product must be a reverse polarity SMA antenna. • The antenna must be attached in order for the RouteFinder to be operational.
PAGE 85
Appendix C – Waste Electrical and Electronic Equipment Directive (WEEE) Appendix C – Waste Electrical and Electronic Equipment Directive (WEEE) Waste Electrical and Electronic Equipment (WEEE) Directive The WEEE directive places an obligation on manufacturers, distributors and retailers to take-back electronic products at the end of their useful life.
PAGE 86
Glossary Glossary A AES AES (Advanced Encryption Standard), also known as Rijndael, is a block cipher adopted as an encryption standard. Authentication The process of determining the identity of a user attempting to access a system and the process of verifying that a particular name really belongs to a particular entity. Asynchronous A method of transmitting data which allows characters to be sent at irregular intervals.
PAGE 87
Glossary Dynamic Routing Routing is the process of selecting the correct path for a message. Dynamic routing adjusts automatically to changes in network topologies or traffic. It automatically accomplishes load balancing and optimizes performance of the network “on the fly.” E Encryption In general use, the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended.
PAGE 88
Glossary IP Addresses A computer on the Internet is identified by an IP Address. A computer’s IP address is like a telephone number. It identifies one address or in this case one computing device. Every computer or device on the network must have a different IP address. An IP address consists of four groups of numbers called octets, which are separated by periods. For example, 213 .0.0.1 is an IP address. An IP address consists of a network portion and a host portion.
PAGE 89
Glossary Network Address The network portion of an IP address. For a class A network, the network address is the first byte of the IP address. For a class B network, the network address is the first two bytes of the IP address. For a class C network, the network address is the first three bytes of the IP address. In each case, the remainder is the host address. In the Internet, assigned network addresses are globally unique.
PAGE 90
Glossary Static Routing Involves the selection of a route for data traffic on the basis of routing options preset by the network administrator. Subnet A portion of a network that shares a common address component. On TCP/IP networks, subnets are all devices whose IP Addresses have the same prefix. For example, all devices with IP addresses starting with 213.0.0 are part of the same subnet. Subnet Mask / IP Address Mask Subnet mask is what is used to determine what subnet an IP address belongs to.
PAGE 91
Glossary WLAN (Wireless Local Area Network) A LAN without wires. WPA-PSK Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. WPA is designed for use with an IEEE 802.1x authentication server, which distributes different keys to each user. However, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same passphrase.
PAGE 92
Index Index A Administration > Administrative Access ........... 28 Administration > Factory Defaults .................... 34 Administration > Remote Syslog ...................... 30 Administration > SNTP Client .......................... 31 Administration > System Logs ......................... 30 Administration > System Setup ........................ 26 Administration > Tools ..................................... 33 Administrative Access ...................................... 28 Advanced IP Settings ....
PAGE 93
Index IPSec Definition ................................................ 87 IPSec Live Log ................................................. 75 ISDN TA Definition ........................................... 88 ISP Internet Service Provider Definition........... 88 K Keep-Alive URLs ........................................49, 50 Key Features ...................................................... 4 L LAN Definition .................................................. 88 LAN Fixed Addresses ....................
PAGE 94
Index Standards ......................................................... 10 Static Routes .................................................... 53 Static Routing Definition ................................... 90 Stats & Logs > DHCP Server Live Log ............ 75 Stats & Logs > IPSec Live Log ........................ 75 Stats & Logs > Log Traces ............................... 77 Stats & Logs > Network Interface Details ........ 74 Stats & Logs > Packet Filter Logs ....................