Asante Technologies VR2004 User Manual

FriendlyNET® VR2004 Series
VPN Security Routers
User’s Manual
Before You Start
Thank you for purchasing the Asanté FriendlyNET VR2004 Series VPN Security Router. Your router has been designed to provide a lifetime of trouble-free operation. However, to ensure a smooth in­stallation, you must have the following items before you begin:
Internet connection: Valid ISP account and Cable/DSL mo­dem with 10BaseT Ethernet port. Peripheral port for back up dial-up (v.90 or ISDN TA) modem included (Contact your ISP if you have problems verifying that you have a working Internet connection)
Network connection: Built-in 10/100 Fast Ethernet port or 10/100 Fast Ethernet network adapter for each computer sharing the Internet connection
Cables: 10BaseT or 100BaseTX Fast Ethernet cables to connect computers to the router
Client operating system: Client must be capable of accept­ing an IP address from a DHCP server. Supported operat­ing systems include Apple Mac OS 9 and higher, Microsoft Windows 98/ME/2000/XP Home or Professional, Red Hat Linux
Network protocol: TCP/IP network protocol for each client
Web browser: Microsoft Internet Explorer or Netscape Communicator, version 4.0 or later, or Apple Safari
The following devices are not compatible with the VR2004 Series routers: Cable/DSL modems with USB or Firewire connections, asymmetrical dual media connections, Home PNA or other non­Ethernet compatible communication devices.
FriendlyNET VPN Security Router
Quick Start Guide
This section will guide you through setting up the Asanté FriendlyNET router with your Cable/DSL modem. Setting up your router requires three basic steps:
1. Determine the TCP/IP settings for your computer and record them in the table provided.
2. Set up your hardware. You MUST power up the router FIRST after attaching any devices to the router.
3. Configure your router.
1. Determine Your TCP/IP Settings
You should already have a working Internet connection using a Ca­ble/DSL modem. First you must collect the TCP/IP settings from your computer and your Internet Service Provider (ISP). This infor­mation will be used to configure your new router and any additional computers you wish to add to your new network. The following sec­tions explain how to collect your TCP/IP settings for Macintosh, Windows, and Linux platforms.
Mac OS 9
1. Open your computer’s TCP/IP control panel found under the Apple menu.
2. For Connect via, verify that either Ethernet built-in or the Ethernet adapter installed in your Mac is chosen.
3. Complete the information in the Your Settings portion of the table below.
User’s Manual
Item No. TCP/IP Control Panel Description Your Setting
1 Configure Manually or
Using DHCP Server 2 IP Address WAN IP Address 3 Subnet Mask WAN Subnet Mask 4 Router Address WAN Gateway 5 Name Server Address Primary and Secondary
6 Host Name (DHCP Server
Only)
Static IP Address or Dynamic IP Address
DNS Client ID No.
4. Once the information has been recorded, choose Using DHCP Server from the Configure: pull-down menu. Close the dialog
box and save your changes.
Repeat steps 1, 2, and 4 to configure additional Macs you wish to add to the router.
Mac OS X
1. Go to System Preferences on your desktop and select Net­work. In the Network screen that appears, select Show: Active
Network Ports and click the box to choose the PCI Ethernet card slot where your network card is installed.
2. Click the Apply Now button. The next screen will show the op­tions for your network settings. Be sure that the TCP/IP tab is selected.
3. Before changing your configuration, complete the information in the Your Settings portion of the table below, and save for fu­ture reference.
FriendlyNET VPN Security Router
Item No. TCP/IP Control Panel Description Your Setting
1 Configure Manually or
Using DHCP Server 2 IP Address WAN IP Address 3 Subnet Mask WAN Subnet Mask 4 Router Address WAN Gateway 5 Name Server Addres s Primary and Secon-
6 Host Name (DHCP
Server Only)
Static IP Address or Dynamic IP Address
dary DNS Client ID No.
4. Once the information has been recorded, select Configure: Using DHCP. You will receive an IP address automatically
from your DHCP server.
The TCP/IP configuration of your computer is now complete. Re­peat steps 1, 2 and 4 to configure additional Macs that you wish to add to the router.
Windows 98/Me
1. From the Windows Start button, choose Run. In the dialog box, type winipcfg and click OK.
2. Choose your computer’s Ethernet adapter from the first drop­down list.
Tip: The PPP setting is usually for your dial-up analog modem. Don’t choose this selection.
User’s Manual
3. Expand this dialog box by clicking on the More Info >> button.
4. Complete the information in this table:
Item No. IP Configuration Description Your Settin g
1 Host Name Host Name 2 DNS Servers Primary DNS 3 Secondary 4 Adapter Address MAC Address 5 IP Address WAN IP Address 6 Subnet Mask WAN Subnet Mask 7 Default Gateway WAN Gateway
Tip: Next to the DNS Servers field, click the button to show the Secondary DNS (if available).
5. From the Windows Start button, choose Settings and select Control Panel. Double-click the Network icon.
6. In the Configuration tab, highlight the TCP/IP protocol line as­sociated with your network card adapter.
7. Click Properties to open the TCP/IP Properties dialog. Click the IP Address tab. Select Obtain an IP address automatically. Click OK.
8. Click OK again. Windows will begin copying files to your com­puter. Click Yes to restart your computer with the new settings.
Repeat steps 1-3 and 5-8 to configure additional PCs on your net­work.
Note: Keep your Windows CD handy. You may be asked to insert it so that Windows can copy necessary files.
Windows NT/2000
1. From the Windows Start button, choose Run. In the dialog box, type command and click OK.
2. At the command line, type the command ipconfig /all and press Enter.
3. Fill in the table below with the data from the screen.
FriendlyNET VPN Security Router
Item No. IP Configuration Description Your Setting
1 Host Name Host Name 2 Primary DNS Primary DNS 3 Physical Address MAC Address 4 IP Address WAN IP Address 5 Subnet Mask WAN Subnet Mask 6 Default Gateway WAN Gateway
Windows XP
1. From the Start button, select Settings/Control Panel.
2. Click on Network and Internet Connections.
3. Click the Network Connections icon.
4. Double-click on the network.
5. Under the Support tab, click on the Details… button.
6. Record your information on the table below for future reference.
Item No. IP Configuration Description Your Setting
1 Physical Address MAC Address 2 IP Address WAN IP Address 3 Subnet Mask WAN Subnet Mask 4 Default Gateway WAN Gateway 5 DNS Servers Primary
Secondary
6 WINS Ser vers Primary
Secondary
7. Under the General tab, click the Properties button.
8. Select the Internet Protocol (TCP/IP) and click the Properties button.
9. Select Obtain an IP Address automatically and Obtain DNS server address automatically.
10. Click OK. You will be prompted to restart your computer.
User’s Manual
The TCP/IP configuration of your computer is now complete. Re­peat steps 1 – 4 and 7 – 10 to configure additional PCs on your net­work.
Red Hat Linux
In order to gather the information necessary to complete the table, you will need to run the /sbin/ipconfig command. You will also need to examine the following files:
/etc/sysconfig/network
/etc/resolv.conf.
Please refer to your Linux documentation for information on access­ing these files.
2. Install The Hardware
Follow these steps to connect the router to your network:
1. Turn the power off to your computers, modem and the router.
2. Connect an Ethernet cable from your Cable/DSL modem to the router’s WAN port.
3. Connect an Ethernet cable from your computer’s Ethernet port to one of the LAN ports on the router. Repeat the process to connect other computers to the router. If you have more com­puters to add than you have router ports, simply add a hub or switch to one of the router ports. This creates additional avail­able ports.
4. Optional: Use a DB-9 to DB-25 serial cable to connect a straight through modem cable from your ex ternal backup mo­dem to the router’s COM port.
5. Turn on the power to the router FIRST, and let it power up. The router will enter a self-test mode where the status light will blink for a few seconds and then stop. The router is ready for opera­tion. Now you may turn on the power to the devices that are attached to the router.
FriendlyNET VPN Security Router
3. Configure Your Router
From your computer, use your browser to configure the router for your network.
1. Start your web browser. Type http://192.168.123.254 into your browser’s address or location field and press Enter.
2. In a few moments you’ll see the Login screen for the router. Enter the default username, admin (the default password is blank), and click OK.
3. Click the Setup Wizard button from the top of the page.
4. Step through the configuration screens along the left side of the Setup Wizard page.
5. Enter the required values for the WAN type you will use.
6. Be sure to save your configuration and restart the router from the Save & Restart page in the Setup Wizard.
The basic configuration of your Asanté router is now complete. See Chapters 2, 3 and 4 for more details.
Note: By default, the password for the router is blank. We strongly recommend that you assign a password to your router. See page 35 for more details.
User’s Manual
10
FriendlyNET VPN Security Router
Table of Contents
Before You Start 2 Quick Start Guide 3
Chapter 1. Introduction 13 Chapter 2. Configuration 17 Chapter 3. Advanced Settings 27 Chapter 4. VPN Configuration 41
Appendix A. Warranty Statement and FriendlyCare Support 51 Appendix B. FCC Statement 53 Appendix C. Troubleshooting 55 Appendix D. Renewing Client IP Addresses 59 Appendix E. Service Ports 61 Appendix F. Hardware and Software Compatibility 63 Appendix G. Specifications 65 Appendix H. Configuring a System Log Server 69 Appendix I. Your 802.11b Wireless Network 73
User’s Manual
11
12
FriendlyNET VPN Security Router
Chapter 1. Introduction
Thank you for purchasing the FriendlyNET VR2004 Series VPN Se­curity Router. The router provides an easy, affordable way to com­municate over the Internet, while ensuring a secure connection to another VR2004 (or other compatible VPN solution). Whenever data is intended for the remote site, the router automatically en­crypts the data and sends it to the remote site over the Internet, where it is automatically decrypted and forwarded to the intended destination.
The FriendlyNET VR2004 is available in two configurations:
VR2004C: Router with 4-port 10/100 LAN ports and backup modem port
VR2004AC: Router with 4-port 10/100 LAN ports and backup modem port, plus integrated 802.11b wireless ac­cess point
1.1 Features
Key features of the router include:
Cable/DSL Modem Support: The router is compatible with all major brands of Cable/DSL modem
Asynchronous Port: A dial-up modem (not included) can be attached to the router to automatically provide a backup connection should the Cable/DSL connection fail
DHCP Server: Automatically assigns IP information to net­work users
DHCP Client: Automatically gets IP information from the ISP DHCP server
Firewall Protection: Built-in NAT firewall provides network security
IP Sharing: Supports unrestricted Internet access for each network user at all times
User’s Manual
13
Hacker Attack Logging: Supports gen eral ha cker attack pattern monitoring and logging
High Performance 32-bit RISC CPU Engine: With the most advanced 32-bit RISC CPU engine, the router has full compatibility with present and future Cable/DSL tech­nologies
PPPoE Client: Supports PPPoE client function to connect to the remote PPPoE server
Virtual Server: Allows an internal server to be accessible from the Internet
Upgradeable: Allows new features to be added in the fu­ture
VPN Support: Supports L2TP pass-through function
IPSec Security:
Authentication (MD5 / SHA-1)
DES/3DES Encryption, IP Encapsulating Security Payload (ESP)
Internet Security Association and Key Management Protocol
Internet IP Security Domain of Interpretation for ISAKMP
The NULL Encryption Algorithm and its use with IP­Sec
8 IPSec Tunnels
IPSec LAN to LAN
IPSec Client to LAN
PPTP Support: Support PPTP (Point-to-Point Tunneling Protocol) function
Idle Timer: Lets you set a specified idle-time before auto­matically disconnecting
Routing Protocol: Supports static route, RIP versions 1 and 2
Dial-on Demand: Eliminates the need for manual Dial-up and automatically logs in to your ISP
Web-Based Configuration: Configure your router from any standard web browser
14
FriendlyNET VPN Security Router
DMZ (Demilitarized Zone): Allows you to place one server or workstation outside the firewall, to allow outside parties unrestricted access to the server
1.2 Package Contents
Please compare the items included in your package to the list be­low. The following items should be included:
FriendlyNET VR2004 Series VPN Security Router
Power adapter
User’s Manual (this document)
If any of the above items are damaged or missing, please contact your dealer immediately.
1.3 System Requirements
Before installing the router, you will have need to have met the fol­lowing requirements:
Microsoft I.E 4.0 or later version, Netscape Navigator 4.0 or later version, or Apple Safari
One computer with an built in or installed 10 Mbps, 100 Mbps or 10/100 Mbps Ethernet port
Optional: One Analog Modem or ISDN TA (if a dialup con­nection is needed)
One RJ-45 Cable/DSL Internet connection
TCP/IP protocol installed
UTP network cable (Category 5 or better) with a RJ-45 connection
1.4 Front and Rear Panel Descriptions
The front panel of the router contains the LED Indicators for easy monitoring and troubleshooting of its functioning.
Consult the table below for a description of the LED Indicators.
User’s Manual
15
LED Color Description
Link/Activity LAN ports 1 to 4
Wireless (VR2004AC model only)
COM Green
Internet Green
Status Blinking Yellow
Power Red
Green Blinking Off
Green Blinking Green
Off
Off
Off
Off
A valid link has been established on the port. Port is transmi tting or receiving pack­ets. No link has been established on the port.
A wireless c onnection has been es­tablished. A wireless connection has not been established.
A valid link has been established. No link has been established.
A valid link has been established. No link has been established.
The router is booting up, or a firmware upgrade is taking place.
The router is operating normal ly. The power is on.
The power is off.
Table 1-1 LED Descri pti on
From left to right, the rear panel of the router contains the following:
Power (5 VDC) plug; Internet (WAN) port; COM port; Reset button; and LAN ports 4, 3, 2 and 1.
16
FriendlyNET VPN Security Router
Chapter 2. Configuration
Power up the router first, before powering up the at­tached devices. Launch your web browser and type the default IP address (192.168.123.254) in the browser’s address box. Press Enter. The login window will appear. Type the default user­name admin and press OK. By default, the password for the router is blank. We strongly recommend that you assign a password to your router. See page 35 for more details.
The main menu will appear (screens shown are from both models— the Wireless Settings page will not appear in screenshots from the VR2004C model). Click on the buttons across the top to access the available configuration pages. Within each page, click on the but­tons along the left side to access further pages for configuration (see the sections that follow for more details).
2.1 Setup Wizard
From the main menu, click on the corresponding button to access the Setup Wizard screen. From this screen, it is possible to config­ure the following:
User’s Manual
17
Time Zone Settings
Device IP Settings
ISP Settings
Additional ISP Settings
Modem Settings
VPN Settings
Important! You must save and restart the router in the Save & Re- start screen for your configurations to take effect.
2.1.1 Time Zone Settings
From the drop down menu, choose the local time zone. Click Next to enter the data and to proceed to Device IP Settings.
2.1.2 Device IP Settings
To prevent unauthorized access to the router, you should change the device’s default IP address on your network. This is the internal LAN IP Address, and NOT the WAN IP Address from your ISP. Click Next to enter the new values and to proceed to ISP Settings.
2.1.3 ISP Settings
If your ISP requires that you use a static IP Address, check the Static IP radio button to enable it. If you enable the Static IP Ad­dress, you must then complete the fields with the information pro­vided by your ISP (use the information that you recorded in the
18
FriendlyNET VPN Security Router
Quick Start Guide), and click Next to enter the data. If you use a dynamic IP Address, check the Dynamic IP radio button and click
Next to continue to Additional ISP Settings.
2.1.4 Additional ISP Settings
In this page, you can enable the type of WAN connection you are using. Your ISP may require you to use any of PPPoE, PPTP or AT&T-like authentication.
User’s Manual
19
ISPs use the information for authentication purposes, so you must select the check box and enter the requested information for your WAN type.
Item Description
User Name Account name (assigned by your ISP).
Password Password for t he account (assi gned by your ISP).
Idle Time Router attempts to keep the connection on (“keep alive”)
Enable PPTP Client If you have a P PTP connection, check this box to enable
My IP Address The IP address provided to you by your ISP
Server IP Address The IP address of the PPTP server pr ovided by your ISP
Connection ID/Name Optional (Enter th e connection ID if your ISP requires it)
until it has reached a specified idle time; enter a 0 to dis­able the keep alive feature. Some service s will disconnect the modem when it has exceeded a maximum session time
PPTP client.
PPPoE/PPTP C onnection
Some providers require the Ethernet address (the MAC address) of the computer that is connecting the Cable/DSL modem to authenti­cate the connection. If you are connecting the router to the modem instead, you must select the check box for Device MAC Address and enter the WAN MAC address of the router (found in the Device Status and Device Information pages).
Note: Do not enter the colons between the numbers, as the fields are already separated within the page.
Note: If you have a single computer attached to the Cable/DSL mo­dem, you may also use your computer’s network adapter card MAC Address to allow access to the Internet. Find your card’s MAC Ad­dress from Windows 98/Me by running winipcfg, or from Windows 2000/NT by running ipconfig /all. To find a Macintosh's Ethernet MAC address, select "Get Info” from the File menu of either the AppleTalk or TCP/IP Control Panel. Again, do not enter the colons that appear within the MAC address, as the fields are already sepa­rated within the page.
20
FriendlyNET VPN Security Router
Click Next to enter the new data and to proceed to the Wireless Settings page (VR2004AC model only) or to the Modem Settings page.
2.1.5 Wireless Settings (VR2004AC only)
The VR2004AC is designed to function as a wireless access point using the default settings shown. If you wish to use more than one router in your wireless network, you have the option of having one network with multiple access points (routers), or separate networks.
If you wish to have one big wireless network, leave the SSID and channel settings for each router at the factory default.
SSID (Service Set Identifier): An alpha-numeric name used for identification; the Wireless stations must match the ac­cess point’s SSID
Channel: All Wireless stations must use the same channel as the access points
If you wish to have each router in its own network and wish to keep the networks separate, however, you will need to designate a unique SSID for each router. Enter a unique number from 1 to 11 in the Channel field.
User’s Manual
21
Encryption
Most internal LAN traffic does not require additional security meas­ures. If you are transferring sensitive files or other material over the wireless LAN, you may enable the WEP Security Settings. WEP stands for "Wired Equivalent Protocol".
Click on either the "40(64) bit" or the "128-bit” radio button to select which Shared Key you will use, and enter a 10 digit hexadecimal number into the Key 1 field. Hexadecimal numbers may be alpha­numeric (numerals 0-9 or letters a-f).
Note: Most wireless network cards utilize the 64-bit algorithm, in­cluding the Apple Airport card.
Note: Up to 4 WEP Keys may be configured . Each Key number must be different. Each client must also use the active WEP key to access the wireless network (the def aul t key is 1).
WEP Security and Apple Airport Wireless Cards
The Apple Airport Wireless Card and the router enter and store the WEP Security Key differently. From the Airport icon on your com­puter’s control strip, select the router, and enter $ plus the WEP key in the password field. Click Next to enter the new data and to proceed to the Modem Set- tings page.
2.1.6 Modem Settings
You can configure the router to use a dialup modem if there isn’t a cable/DSL connection, or as a backup for the cable/DS L con nec­tion. To use the modem dialup, you must select the check box to enable the modem settings function and enter the required informa­tion.
Enter the External IP Address only if your ISP requires it, otherwise leave it at the default settings (0.0.0.0). Enter the desired settings for the modem. Refer to the modem’s manual for more help in changing settings.
When you have completed the configuration, click Next to enter the data and to proceed to VPN Settings.
22
FriendlyNET VPN Security Router
2.1.7 VPN Settings
The router can be used as an ordinary unencrypted connection to the Internet, or as a secure connection to another VPN router. To set up a Virtual Private Network (VPN), you must enable the VPN feature, which allows a secure connection to the Internet.
Please refer to Chapter 4. VPN Configuration for detailed informa- tion.
2.1.8 Save and Restart
After stepping through the Setup Wizard’s configuration pages, you must save and restart the router through the Save & Restart page. This process will take a few moments. The progress bar across the bottom of the screen shows when the process is 100% complete. Also, the status LED will blink while the device restarts. The router is ready to proceed when it stops blinking. Do NOT turn off the de­vice until the progress bar completes its cycle, the status LED stops blinking and the Main Menu appears.
User’s Manual
23
Loading...
+ 53 hidden pages