Allnet ALL1294VPN User Manual

Broadband VPN

Router

ALL1294VPN

Broadband Internet Access

4-Port Switching Hub

User's Guide

Table of Contents

CHAPTER 1 INTRODUCTION .............................................................................................1

Broadband VPN Router Features....................................................................................1

Package Contents ..............................................................................................................3

Physical Details..................................................................................................................4

CHAPTER 2 INSTALLATION...............................................................................................6

Requirements.....................................................................................................................6

Procedure...........................................................................................................................6

CHAPTER 3 SETUP ................................................................................................................8

Overview ............................................................................................................................8

Configuration Program ....................................................................................................9

Setup Wizard...................................................................................................................11

WAN Port Configuration Screen...................................................................................14

LAN Screen......................................................................................................................17

CHAPTER 4 PC CONFIGURATION..................................................................................19

Overview ..........................................................................................................................19

Windows Clients..............................................................................................................19

Macintosh Clients............................................................................................................31

Linux Clients....................................................................................................................31

Other Unix Systems.........................................................................................................31

CHAPTER 5 OPERATION AND STATUS.........................................................................32

Operation......................................................................................................................... 32

Status Screen....................................................................................................................32

Connection Status - PPPoE ............................................................................................34

Connection Status - PPTP ..............................................................................................36

Connection Status - Telstra Big Pond............................................................................37

Connection Details - SingTel RAS.................................................................................38

Connection Details - Fixed/Dynamic IP Address .........................................................40

CHAPTER 6 ADVANCED FEATURES..............................................................................42

Overview ..........................................................................................................................42

Advanced Internet Screen ..............................................................................................43

Dynamic DNS (Domain Name Server)..........................................................................48

Virtual Servers.................................................................................................................50

Access Control.................................................................................................................53

Firewall Rules..................................................................................................................57

Scheduling........................................................................................................................61

Services.............................................................................................................................62

CHAPTER 7 VPN...................................................................................................................64

Overview ..........................................................................................................................64

Common VPN Situations................................................................................................66

VPN Configuration .........................................................................................................68

Examples..........................................................................................................................77

Using Certificates ............................................................................................................95

VPN Status.......................................................................................................................99

CHAPTER 8 MICROSOFT VPN .......................................................................................100

Overview ........................................................................................................................100

Server Setup................................................................................................................... 100

Client Database..............................................................................................................101

Status Screen..................................................................................................................103

Windows Client Setup...................................................................................................104

CHAPTER 9 ADMINISTRATIONS...................................................................................112

Overview ........................................................................................................................112

Config File......................................................................................................................113

Logs.................................................................................................................................114

Admin Login..................................................................................................................116

Network Diagnostics .....................................................................................................117

Options...........................................................................................................................118

PC Database...................................................................................................................119

Remote Administration.................................................................................................123

Routing...........................................................................................................................124

Security Options............................................................................................................129

Firmware Upgrade........................................................................................................131

UPnP...............................................................................................................................132

APPENDIX A TROUBLESHOOTING..............................................................................133

Overview ........................................................................................................................133

General Problems..........................................................................................................133

Internet Access...............................................................................................................133

APPENDIX B SPECIFICATIONS......................................................................................135

Broadband VPN Router ...............................................................................................135

FCC Statement ..............................................................................................................135

CE Marking Warning...................................................................................................136

All trademarks and trade names are the properties of their respective owners.

Chapter 1

Introduction

This Chapter provides an overview of the Broadband VPN Router's features and capabilities.

Congratulations on the purchase of your new Broadband VPN Router. The Broadband VPN Router is a multi-function device providing the following services:

Shared Broadband Internet Access for all LAN users.

•

4-Port Switching Hub for 10BaseT or 100BaseT connections.

•

Figure 1: Broadband VPN Router

Broadband VPN Router Features

The Broadband VPN Router incorporates many advanced features, carefully designed to provide sophisticated functions while being easy to use.

Internet Access Features

• Shared Internet Access. All users on the LAN or WLAN can access the Internet

through the Broadband VPN Router, using only a single external IP Address. The local (invalid) IP Addresses are hidden from external sources. This process is called NAT (Network Address Translation).

DSL & Cable Modem Support. The Broadband VPN Router has a 100BaseT Ethernet

•

port for connecting a DSL or Cable Modem. All popular DSL and Cable Modems are supported. SingTel RAS and Big Pond (Australia) login support is also included.

• PPPoE, PPTP, SingTel RAS and Telstra Big Pond Support. The Internet (WAN

port) connection supports PPPoE (PPP over Ethernet), PPTP (Peer-to-Peer Tunneling Protocol), SingTel RAS and Telstra Big Pond (Australia), as well as "Direct Connection" type services.

Fixed or Dynamic IP Address. On the Internet (WAN port) connection, the

•

Broadband VPN Router supports both Dynamic IP Address (IP Address is allocated on connection) and Fixed IP Address.

Broadband VPN Gateway User Guide

Advanced Internet Functions

• Communication Applications. Support for Internet communication applications, such

as interactive Games, Telephony, and Conferencing applications, which are often difficult to use when behind a Firewall, is included.

Special Internet Applications. Applications which use non-standard connections or

•

port numbers are normally blocked by the Firewall. The ability to define and allow such applications is provided, to enable such applications to be used normally.

•

Virtual Servers. This feature allows Internet users to access Internet servers on your

LAN. The required setup is quick and easy.

•

Multi-DMZ. For each WAN (Internet) IP address allocated to you, one (1) PC on your

local LAN can be configured to allow unrestricted 2-way communication with Servers or individual users on the Internet. This provides the ability to ru n programs which are incompatible with Firewalls.

URL Filter. Use the URL Filter to block access to undesirable Web sites by LAN users.

•

Internet Access Log. See which Internet connections have been made.

•

VPN Pass through Support. PCs with VPN (Virtual Private Networking) software

•

using PPTP, L2TP and IPSec are transparently supported - no configuration is required.

LAN Features

• 4-Port Switching Hub. The Broadband VPN Router incorporates a 4-port 10/100BaseT

switching hub, making it easy to create or extend your LAN.

•

DHCP Server Support. Dynamic Host Configuration Protocol provides a dynamic IP

address to PCs and other devices upon request. The Broadband VPN Router can act as a DHCP Server for devices on your local LAN and WLAN.

•

Multi Segment LAN Support. LANs containing one or more segments are supported,

via the Broadband VPN Router 's RIP (Routing Information Protocol) support and built-in static routing table.

DMZ Port. Used when allowing Servers on your LAN to be accessed from the Internet,

•

the DMZ port provides additional protection for both your Servers and your LAN.

Configuration & Management

• Easy Setup. Use your WEB browser from anywhere on the LAN or WLAN for

configuration.

•

Remote Management. The Broadband VPN Router can be managed from any PC on

your LAN. And, if the Internet connection exists, it can also (optionally) be configured via the Internet.

• UPnP Support. UPnP (Universal Plug and Play) allows automatic discovery and

configuration of the Broadband VPN Router. UPnP is by supported by Windows ME, XP, or later.

• Configuration File Backup & Restore. You can backup (download) the Broadband

VPN Router's configuration file to your PC, and restore (upload) a previously-saved configuration file to the Broadband VPN Router.

Security Features

• Password - protected Configuration. Optional password protection is provided to

prevent unauthorized users from modifying the configuration data and settings.

•

NAT Protection. An intrinsic side effect of NAT (Network Address Translation)

technology is that by allowing all LAN users to share a single IP address, the location and even the existence of each PC is hidden. From the external viewpoint, there is no network, only a single device - the Broadband VPN Router.

Stateful Inspection Firewall. All incoming data packets are monitored and all

•

incoming server requests are filtered, thus protecting your network from malicious attacks from external sources.

Protection against DoS attacks. DoS (Denial of Service) attacks can flood your

•

Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. The Broadband VPN Router incorporates protection against DoS attacks.

Rule-based Policy Firewall. To provide additional protection against malicious

•

packets, you can define your own firewall rules. This can also be used to control the Internet services available to LAN users.

VPN Gateway Features

• IPSec.. Support for IPSec standards, including IKE and certificates.

70 Tunnels. Up to 70 VPN tunnels can be created.

•

High performance. High performance encryption engine maintains high throughput

•

even when using 3DES.

Introduction

Microsoft VPN Gateway Support

• PPTP Server. The Broadband VPN Router emulates a Microsoft PPTP VPN Server,

allowing clients to use the Microsoft VPN client provided in Windows.

•

Windows Client Support. Remote users can use the Microsoft VPN client (VPN

Adapter) provided in recent versions of Windows.

•

Easy Setup. For both the Administrator and remote users, the Microsoft VPN is much

easier to configure than IPSec VPN.

Package Contents

The following items should be included:

• The Broadband VPN Router Unit

• Power Adapter

• Quick Installation Guide

• CD-ROM containing the on-line manual.

If any of the above items are damaged or missing, please contact your dealer immediately.

Broadband VPN Gateway User Guide

Physical Details

Front-mounted LEDs

Figure 2: Front Panel

Power On - Power on.

Off - No power.

Status (Red) On - Error condition.

Off - Normal operation. Blinking - This LED blinks during start up.

LAN

WAN On - Connection to the modem attached to the WAN (Internet) port is

PPPoE On - PPPoE connection established.

DMZ

For each port, there are 2 LEDs

• Link/Act

• On - Corresponding LAN (hub) port is active.

• Off - No active connection on the corresponding LAN (hub) port.

• Flashing - Data is being transmitted or received via the

corresponding LAN (hub) port.

• 100

• On - Corresponding LAN (hub) port is using 100BaseT.

• Off - Corresponding LAN (hub) port connection is using

10BaseT, or no active connection.

established.

Flashing - Data is being transmitted or received via the WAN port.

Off - No PPPoE connection.

• Link/Act

•

Blinking – receiving/ transmitting data

• 100

• On -

• Off -

Link at 100Mbps

Link at 10Mbps

Rear Panel

Introduction

Figure 3: Rear Panel

DMZ

Reset Button

WAN port (10/100BaseT)

10/100BaseT LAN connections

Use a standard LAN cable to connect to a normal port on another hub.

This button has two (2) functions:

• Reboot. When pressed and released, the Broadband VPN

Router will reboot (restart).

• Clear All Data. This button can also be used to clear ALL data

and restore ALL settings to the factory default values.

To Clear All Data and restore the factory default values:

1. Power Off.

2. Hold the Reset Button down while you Power On.

3. Keep holding the Reset Button for a few seconds, until the RED LED has flashed TWICE.

4. Release the Reset Button. The Broadband VPN Router is now using the factory default values.

Connect the DSL or Cable Modem here. If your modem came with a cable, use the supplied cable. Otherwise, use a standard LAN cable.

Use standard LAN cables (RJ45 connectors) to connect your PCs to these ports.

Note:

Any LAN port on the Broadband VPN Router will automatically function as an "Uplink" port when required. Just connect any port to a normal port on the other hub, using a standard LAN cable.

Power port

Connect the supplied power adapter here.

Chapter 2

Installation

This Chapter covers the physical installation of the Broadband VPN Router.

Requirements

• Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors.

• TCP/IP protocol must be installed on all PCs.

• For Internet Access, an Internet Access account with an ISP, and either of a DSL or Cable

modem (for WAN port usage)

Procedure

Figure 4: Installation Diagram

1. Choose an Installation Site

Select a suitable place on the network to install the Broadband VPN Router. Ensure the Broadband VPN Router and the DSL/Cable modem are powered OFF.

2. Connect LAN Cables

• Use standard LAN cables to connect PCs to the Switching Hub ports on the Broadband VPN Router. Both 10BaseT and 100BaseT connections can be used simultaneously.

• If required, you can connect any LAN port to another Hub. Any LAN port on the Broadband VPN Router will automatically function as an "Uplink" port when required. Just connect any LAN port to a normal port on the other hub, using a standard LAN cable.

• If desired, connect the DMZ port to a standard port on another Hub. PCs connected this hub will also gain Internet access, but will NOT be able to access the rest of the LAN.

Installation

3. Connect WAN Cable

Connect the DSL or Cable modem to the WAN port on the Broadband VPN Router. Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable.

4. Power Up

• Power on the Cable or DSL modem.

• Connect the supplied power adapter to the Broadband VPN Router and power up.

Use only the power adapter provided. Using a different one may cause hardware damage

5. Check the LEDs

• The Power LED should be ON.

• The Status LED should flash, then turn Off. If it stays on, there is a hardware error.

• For each LAN (PC) connection, the LAN Link/Act LED should be ON (provided the PC is

also ON.)

• The WAN LED should be ON.

For more information, refer to Front-mounted LEDs in Chapter 1.

Using the DMZ Port

Please note the following points regarding the DMZ port.

• The DMZ port is a normal port, not an "uplink" port.

• PCs connected to the DMZ port are on the same LAN segment as PCs connected to the

Hub ports. They must use the same IP address range.

• PCs connected to the DMZ port are NOT visible to PCs on the hub (LAN) ports. So you cannot use Microsoft networking or other networking protocols to connect to PCs on the DMZ.

• PCs connected to the DMZ port still share the WAN port IP address for Internet access.

Advantages of the DMZ Port

If running any Servers on your LAN, you should connect them to the DMZ port, for the following reasons:

• Traffic passing between the DMZ and LAN passes through the firewall. The firewall will protect your LAN if your Server is compromised and used to launch an attack on your LAN.

• When using the Virtual Servers feature, (see Virtual Servers in Chapter 6) a firewall rule to allow incoming traffic from the Internet (WAN) to the DMZ is automatically created. If the Server is connected to the LAN (hub) ports, you must add the firewall rule manually.

Chapter 3

Setup

This Chapter provides Setup details of the Broadband VPN Router.

Overview

This chapter describes the setup procedure for:

• Internet Access

• LAN configuration

PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Configuration.

Other configuration may also be required, depending on which features and functions of the Broadband VPN Router you wish to use. Use the table below to locate detailed instructions for the required functions.

To Do this: Refer to:

Configure PCs on your LAN. Chapter 4:

PC Configuration

Check Broadband VPN Router operation and Status. Chapter 5:

Operation and Status

Use any of the following Internet features:

• Advanced Internet

• Dynamic DNS

• Virtual Servers

• Access Control

• Firewall Rules

• Scheduling

• Services

Use the IPSec VPN features:

• VPN Policies

• Certificates

• CRLs

• VPN Status

Use the Microsoft VPN feature:

• PPTP Server in the Broadband VPN Router.

• User and Client setup.

• Checking VPN connection Status.

Chapter 6: Advanced Features

Chapter 7: VPN

Chapter 8: Microsoft VPN

Setup

Configure or use any of the following:

• Configuration File backup and restore.

• Logs

• Admin Login

• Network Diagnostic

• Options

• PC Database

• Remote Administration

• Routing

• Security Options

• Upgrade Firmware

• UPnP

Where use of a certain feature requires that PCs or other LAN devices be configured, this is also explained in the relevant chapter.

Configuration Program

Chapter 9: Administrations

The Broadband VPN Router contains an HTTP server. This enables you to connect to it, and configure it, using your Web Browser. Your Browser must support JavaScript. The configuration program has been tested on the following browsers:

• Netscape V4.08 or later

• Internet Explorer V4 or later

Preparation

Before attempting to configure the Broadband VPN Router, please ensure that:

• Your PC can establish a physical connection to the Broadband VPN Router. The PC and the Broadband VPN Router must be directly connected (using the Hub ports on the Broadband VPN Router) or on the same LAN segment.

• The Broadband VPN Router must be installed and powered ON.

• If the Broadband VPN Router 's default IP Address (192.168.0.1) is already used by

another device, the other device must be turned OFF until the Broadband VPN Router is allocated a new IP Address during configuration.

Using UPnP

If your Windows system supports UPnP, an icon for the Broadband VPN Router will appear in the system tray, notifying you that a new network device has been found, and offering to create a new desktop shortcut to the newly-discovered device.

• Unless you intend to change the IP Address of the Broadband VPN Router, you can accept the desktop shortcut.

• Whether you accept the desktop shortcut or not, you can always find UPnP devices in My Network Places (previously called Network Neighborhood).

Broadband VPN Gateway User Guide

• Double - click the icon for the Broadband VPN Router (either on the Desktop, or in My Network Places) to start the configuration. Refer to the following section Setup Wizard for

details of the initial configuration pro cess.

Using your Web Browser

To establish a connection from your PC to the Broadband VPN Router:

1. After installing the Broadband VPN Router in your LAN, start your PC. If your PC is already running, restart it.

2. Start your WEB browser.

3. In the Address box, enter "HTTP://" and the IP Address of the Broadband VPN Router, as in this example, which uses the Broadband VPN Router 's default IP Address:

HTTP://192.168.0.1

If you can't connect

If the Broadband VPN Router does not respond, check the following:

• The Broadband VPN Router is properly installed, LAN connection is OK, and it is powered ON. You can test the connection by using the "Ping" command:

• Open the MS-DOS window or command prompt window.

• Enter the command:

ping 192.168.0.1 If no response is received, either the connection is not working, or your PC's IP address is not compatible with the Broadband VPN Router 's IP Address. (See next item.)

• If your PC is using a fixed IP Address, its IP Address must be within the range

192.168.0.2 to 192.168.0.254 to be compatible with the Broadband VPN Router 's default IP Address of 192.168.0.1. Also, the Network Mask must be set to 255.255.255.0. See Chapter 4 - PC Configuration for details on checking your PC's TCP/IP settings.

• Ensure that your PC and the Broadband VPN Router are on the same network segment. (If you don't have a router, this must be the case.)

4. You will be prompted for a username and password, as shown below.

Figure 5: Password Dialog

• Enter admin for the User Name, and leave the Password blank.

• Both the name and password can (and should) be changed, using the Admin Login screen.

Setup

Setup Wizard

The first time you connect to the Broadband VPN Router, the Setup Wizard will ru n automatically. (The Setup Wizard will also run if the Broadband VPN Router's default setting are restored.)

1. Step through the Wizard until finished.

• You need to know the type of Internet connection service used by your ISP. Check the data supplied by your ISP.

• The common connection types are explained in the tables below.

2. On the final screen of the Wizard, run the test and check that an Internet connection can be established.

3. If the connection test fails:

• Check your data, the Cable/DSL modem, and all connections.

• Check that you have entered all data correctly.

• If using a Cable modem, your ISP may have recorded the MAC (physical) address of

your PC. Run the Wizard, and on the Cable Modem screen, use the "Clone MAC address" button to copy the MAC address from your PC to the Broadband VPN Router.

Common Connection Types

Cable Modems

Type Details ISP Data required

Dynamic IP Address

Static (Fixed) IP Address

DSL Modems

Type Details ISP Data required

Dynamic IP Address

Your IP Address is allocated automatically, when you connect to you ISP.

Your ISP allocates a permanent IP Address to you.

Your IP Address is allocated automatically, when you connect to you ISP.

Usually, none. However, some ISP's may

require you to use a particular Hostname, Domain name , or MAC (physical) address.

IP Address allocated to you, mask and gateway (if provided), and DNS address.

Some ISP's may also require you to use a particular Hostname, Domain name , or MAC (physical) address.

None.

Static (Fixed) IP Address

Your ISP allocates a permanent IP Address to you.

IP Address allocated to you, mask and gateway (if provided), and DNS address.

Broadband VPN Gateway User Guide

PPPoE You connect to the ISP only

when required. The IP address is usually allocated automatically.

PPTP Mainly used in Europe.

You connect to the ISP only when required. The IP address is usually allocated automatically, but may be Static (Fixed).

Other Modems (e.g. Broadband Wireless)

Type Details ISP Data required

Dynamic IP Address

Static (Fixed) IP Address

Your IP Address is allocated automatically, when you connect to you ISP.

Your ISP allocates a permanent IP Address to you.

User name and password.

• PPTP Server IP Address.

• User name and password.

• IP Address allocated to

you, if Static (Fixed).

Usually, none. However, some ISP's may

require you to use a particular Hostname, Domain name , or MAC (physical) address.

IP Address allocated to you, mask and gateway (if provided), and DNS address.

Big Pond Cable (Australia)

For this connection method, the following data is required:

• User Name

• Password

• Big Pond Server IP address

SingTel RAS

For this connection method, the following data is required:

• User Name

• Password

• RAS Plan

Setup

Home Screen

After finishing or exiting the Setup Wizard, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below.

Figure 6: Home Screen

Navigation & Data Input

• Use the menu bar on the top of the screen, and the "Back" button on your Browser, for navigation.

• Changing to another screen without clicking "Save" does NOT save any changes you may have made. You must "Save" before changing screens or your data will be ignored.

On each screen, clicking the "Help" button will display help for that screen.

From any help screen, you can access the list of all help files (help index).

Broadband VPN Gateway User Guide

WAN Port Configuration Screen

The WAN Port Configuration screen provides an alternative to using the Wizard. It can be accessed from the Advanced Settings menu. An example screen is shown below.

Identification

Hostname

Domain name

WAN Port MAC Address

IP Address

IP Address is assigned automatically

Figure 7: WAN Port

Normally, there is no need to change the default name, but if your ISP requests that you use a particular “Hostname”, enter it here.

If your ISP provided a domain name, enter it here. Otherwise, this may be left blank.

Also called Network Adapter Address or Physical Address. This is a low-level identifier, as seen from the WAN port.

Normally there is no need to change this, but some ISPs require a particular value, often that of the PC initially used for Internet access.

You can use the Copy from PC button to copy your PC's address into this field, the Default button to insert the default value, or enter a value directly.

Also called Dynamic IP Address. This is the default, and the most common. Leave this selected if your ISP allocates an IP Address to the Wireless Router upon connection.

Setup

Specified IP Address

NAT

Enable NAT

Disable NAT

Also called Static IP Address. Select this if your ISP has allocated you a fixed IP Address. If this option is selected, the following data must be entered.

• IP Address.

The IP Address allocated by the ISP.

• Network Mask (Not required for PPPoE)

This is also supplied by your ISP. It must be compatible with the IP Address above.

• Gateway IP Address (Not required for PPPoE)

The address of the router or gateway, as supplied by your ISP.

• DNS IP Address

The DNS (Domain Name Server) IP Address provided by your ISP. If required, additional DNS entries can be made on the Internet Options screen.

NAT (Network Address Translation) is the technology which allows all PCs on your LAN to share the Internet IP address allocated to the WAN port on this Router. From the Internet, all PCs appear to have the same IP address.

For normal operation, this setting must be ENABLED. Disabling NAT will disable Internet access, unless all PCs have valid

Internet IP addresses.

DNS

Automatically obtain from Serve

Use this DNS

If you wish to use this device for Routing ONLY (and NOT for Internet access), then NAT should be disabled.

The DNS (Domain Name Server) address will be obtained automatically from your ISP's server. Note that if using a fixed IP address, with no login (login is set to "None"), then no Server is used, so this option cannot be used.

If this option is selected, you must enter the IP address of the DNS (Domain Name Server) you wish to use.

Note: If the DNS is unavailable, the "Backup DNS", entered on the "Options" screen, will be used

Broadband VPN Gateway User Guide

Connection Behavior

If your ISP does not use a login method (username, password) for Internet access, leave this at the default value "None (Direct connection)"

Otherwise, check the documentation from your ISP, select the login method used, and enter the required data.

• PPPoE - this is the most common login method, widely used

with DSL modems. Normally, your ISP will have provided some software to connect and login. This software is no longer required, and should not be used.

• PPTP - this is mainly used in Europe. You need to know the

PPTP Server address as well as your name and password.

• Big Pond Cable - for Australia only.

• SingTel RAS - for Singapore only.

The User Name (or account name) provided by your ISP. Enter the password for the login name above. For SingTel customers only, select the RAS plan you are on. If using PPTP or Big Pond Cable, enter the IP address or the Domain

name of your ISP's server. Select the desired option:

• Automatic Connect/Disconnect

An Internet connection is automatically made when required, and disconnected when idle for the time period specified by the "Auto-disconnect Idle Time-out".

• Manual Connect/Disconnect

You must manually establish and terminate the connection.

• Keep alive (maintain connection)

The connection will never be disconnected by this device. If disconnected by your ISP, the connection will be re-established immediately. (However, this does not ensure that your Internet IP address will remain unchanged.)

Auto-disconnect Idle Time-out

Buttons

Default

Copy from PC

Save Cancel

This field has no effect unless using the Automatic Connect/Disconnect setting.

If using this setting, enter the desired idle time-out period (in minutes). After the connection to your ISP has been idle for this time period, the connection will be terminated.

Inserts the default MAC address into the MAC address field. You must click "Save" to actually change the address used.

Inserts the MAC address from your PC into the MAC address field. You must click "Save" to actually change the address used.

Save your changes to the Wireless Router. Reverse any changes made since the last "Save".

LAN Screen

Use the LAN link on the main menu to reach the LAN screen An example screen is shown below.

Figure 8: LAN Screen

Data - LAN Screen

TCP/IP

Setup

IP Address

Subnet Mask

DHCP Server

Buttons

Save

IP address for the Broadband VPN Router, as seen from the local LAN. Use the default value unless the address is already in use or your LAN is using a different IP address range. In the latter case, enter an unused IP Address from within the range used by your LAN.

The default value 255.255.255.0 is standard for small (class "C") networks. For other networks, use the Subnet Mask for the LAN segment to which the Broadband VPN Router is attached (the same value as the PCs on that LAN segment).

• If Enabled, the Broadband VPN Router will allocate IP Addresses to PCs (DHCP clients) on your LAN when they start up. The default (and recommended) value is Enabled.

• If you are already using a DHCP Server, this setting must be Disabled, and the existing DHCP server must be re-configured to treat the Broadband VPN Router as the default Gateway. See the following section for further details.

• The Start IP Address and Finish IP Address fields set the values used by the DHCP server when allocating IP Addresses to DHCP clients. This range also determines the number of DHCP clients supported.

See the following section for further details on using DHCP.

Save the data on screen.

Cancel

The "Cancel" button will discard any data you have entered and reload the file from the Broadband VPN Router.

Broadband VPN Gateway User Guide

DHCP

What DHCP Does

A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request.

• The client request is made when the client device starts up (boots).

• The DHCP Server provides the Gateway and DNS addresses to the client, as well as

allocating an IP Address.

• The Broadband VPN Router can act as a DHCP server.

• Windows 95/98/ME and other non-Server versions of Windows will act as a DHCP

client. This is the default Windows setting for the TCP/IP network protocol. However, Windows uses the term Obtain an IP Address automatically instead of "DHCP Client".

• You must NOT have two (2) or more DHCP Servers on the same LAN segment. (If your LAN does not have other Routers, this means there must only be one (1) DHCP Server on your LAN.)

Using the Broadband VPN Router 's DHCP Server

This is the default setting. The DHCP Server settings are on the LAN screen. On this screen, you can:

• Enable or Disable the Broadband VPN Router 's DHCP Server function.

• Set the range of IP Addresses allocated to PCs by the DHCP Server function.

You can assign Fixed IP Addresses to some devices while using DHCP, provided that the Fixed IP Addresses are NOT within the range used by the DHCP Server.

Using another DHCP Server

You can only use one (1) DHCP Server per LAN segment. If you wish to use another DHCP Server, rather than the Broadband VPN Router 's, the following procedure is required.

1. Disable the DHCP Server feature in the Broadband VPN Router. This setting is on the LAN screen.

2. Configure the DHCP Server to provide the Broadband VPN Router 's IP Address as the Default Gateway.

To Configure your PCs to use DHCP

This is the default setting for TCP/IP under Windows 95/98/ME. See Chapter 4 - Client Configuration for the procedure to check these settings.

Chapter 4

PC Configuration

This Chapter details the PC Configuration required on the local ("Internal") LAN.

Overview

For each PC, the following may need to be configured:

• TCP/IP network settings

• Internet Access configuration

Windows Clients

This section describes how to configure Windows clients for Internet access via the Broadband VPN Router.

The first step is to check the PC's TCP/IP settings. The Broadband VPN Router uses the TCP/IP network protocol for all functions, so it is

essential that the TCP/IP protocol be installed and configured on each PC.

TCP/IP Settings - Overview

If using the default Broadband VPN Router settings, and the default Windows TCP/IP settings, no changes need to be made.

• By default, the Broadband VPN Router will act as a DHCP Server, automatically providing a suitable IP Address (and related information) to each PC when the PC boots.

• For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client.

If using a Fixed (specified) IP address, the following changes are required:

• The Gateway must be set to the IP address of the Broadband VPN Router

• The DNS should be set to the address provided by your ISP.

If your LAN has a Router, the LAN Administrator must reconfigure the Router itself. Refer to Chapter 8 - Other Features and Operations for details.

Broadband VPN Gateway User Guide

Checking TCP/IP Settings - Windows 9x/ME:

1. Select Control Panel - Network. You should see a screen like the following:

Figure 9: Network Configuration

2. Select the TCP/IP protocol for your network card.

3. Click on the Properties button. You should then see a screen like the following.

Figure 10: IP Address (Win 95)

Ensure your TCP/IP settings are correct, as follows:

Using DHCP

To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the Broadband VPN Router will act as a DHCP Server.

Restart your PC to ensure it obtains an IP Address from the Broadband VPN Router.

Using "Specify an IP Address"

If your PC is already configured, check with your network administrator before making the following changes:

PC Configuration

• On the Gateway tab, enter the Broadband VPN Router 's IP address in the New Gateway field and click Add, as shown below. Your LAN administrator can advise you of the IP Address they assigned to the Broadband VPN Router.

Figure 11: Gateway Tab (Win 95/98)

• On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add.

Figure 12: DNS Tab (Win 95/98)

Broadband VPN Gateway User Guide

Checking TCP/IP Settings - Windows NT4.0

1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below.

Figure 13: Windows NT4.0 - TCP/IP

2. Click the Properties button to see a screen like the one below.

PC Configuration

Figure 14: Windows NT4.0 - IP Address

3. Select the network card for your LAN.

4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address, as explained below.

Obtain an IP address from a DHCP Server

This is the default Windows setting. Using this is recommended. By default, the Broadband VPN Router will act as a DHCP Server.

Restart your PC to ensure it obtains an IP Address from the Broadband VPN Router.

Specify an IP Address

If your PC is already configured, check with your network administrator before making the following changes.

1. The Default Gateway must be set to the IP address of the Broadband VPN Router. To set this:

• Click the Advanced button on the screen above.

• On the following screen, click the Add button in the Gateways panel, and enter the

Broadband VPN Router 's IP address, as shown in Figure 15 below.

• If necessary, use the Up button to make the Broadband VPN Router the first entry in

the Gateways list.

Broadband VPN Gateway User Guide

Figure 15 - Windows NT4.0 - Add Gateway

2. The DNS should be set to the address provided by your ISP, as follows:

• Click the DNS tab.

• On the DNS screen, shown below, click the Add button (under DNS Service Search

Order), and enter the DNS provided by your ISP.

PC Configuration

Figure 16: Windows NT4.0 - DNS

Broadband VPN Gateway User Guide

Checking TCP/IP Settings - Windows 2000:

1. Select Control Panel - Network and Dial-up Connection.

2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following:

Figure 17: Network Configuration (Win 2000)

3. Select the TCP/IP protocol for your network card.

4. Click on the Properties button. You should then see a screen like the following.

PC Configuration

Figure 18: TCP/IP Properties (Win 2000)

5. Ensure your TCP/IP settings are correct, as described below.

Using DHCP

Restart your PC to ensure it obtains an IP Address from the Broadband VPN Router.

Using a fixed IP Address ("Use the following IP Address")

If your PC is already configured, check with your network administrator before making the following changes.

• Enter the Broadband VPN Router 's IP address in the Default gateway field and click OK. (Your LAN administrator can advise you of the IP Address they assigned to the Broadband VPN Router.)

• If the DNS Server fields are empty, select Use the following DNS server addresses, and enter the DNS address or addresses provided by your ISP, then click OK.

+ 110 hidden pages