Billion BiPAC 7402, BiPAC 7402W User Manual

Download

BIPAC-7402 / 7402W

(Wireless) ADSL VPN Firewall Router

with 3DES Accelerator

User’s Manual

Version Release 1.54c

Taa

CCHHAAPPTTEERR 11:: IINNTTRROODDUUCCTTIIOONN....................................................1

INTRODUCTION TO YOUR BIPAC-7402(W) ROUTER...............................................................1

FEATURES ...........................................................................................................................1

BIPAC-7402 / 7402W ADSL ROUTER APPLICATION ...........................................................4

CCHHAAPPTTEERR 22:: IINNSSTTAALLLLIINNGG TTHHEE RROOUUTTEERR..............5

IMPORTANT NOTE FOR USING THE BIPAC-7402(W) ADSL ROUTER.......................................5

PACKAGE CONTENTS ...........................................................................................................5

THE FRONT LEDS................................................................................................................6

THE REAR PORTS.................................................................................................................7

CABLING..............................................................................................................................8

bllee ooff

Coo

nttee

nttss

CCHHAAPPTTEERR 33:: BBAASSIICC IINNSSTTAALLLLAATTIIOONN..............................9

CONNECTING YOUR ROUTER..................................................................................................9

CONFIGURING PCS IN WINDOWS .........................................................................................10

For Windows XP.......................................................................................................................... 10

For Windows 2000...................................................................................................................... 11

For Windows 98 / ME.................................................................................................................. 12

For Windows NT4.0..................................................................................................................... 13

FACTORY DEFAULT SETTINGS.............................................................................................14

Username and Password............................................................................................................ 14

LAN and WAN Port Addresses.................................................................................................... 14

INFORMATION FROM YOUR ISP............................................................................................15

CONFIGURING WITH YOUR WEB BROWSER...........................................................................16

CCHHAAPPTTEERR 44:: CCOONNFFIIGGUURRAATTIIOONN............................................117

STATUS .............................................................................................................................18

ARP Table...................................................................................................................................18

Routing Table..............................................................................................................................19

DHCP Table................................................................................................................................20

Leased Table .........................................................................................20

Expired Table ......................................................................................... 20

Permanent Table.................................................................................... 20

PPTP Status................................................................................................................................21

Table of Contents i

IPSec Status ............................................................................................................................... 22

L2TP Status ................................................................................................................................23

Email Status................................................................................................................................23

Event Log.................................................................................................................................... 24

Error Logging .............................................................................................................................. 24

NAT Sessions ............................................................................................................................. 25

UPnP Portmap............................................................................................................................ 25

QUICK START.....................................................................................................................26

CONFIGURATION.................................................................................................................28

LAN (Local Area Network)........................................................................................................... 28

Ethernet..................................................................................................28

Wireless (7402W Only) ..........................................................................29

Wireless Security (7402W Only) ............................................................30

Port Setting ............................................................................................32

DHCP Server .........................................................................................33

WAN (Wide Area Network).......................................................................................................... 35

ISP .........................................................................................................35

DNS........................................................................................................45

ADSL......................................................................................................46

System........................................................................................................................................ 47

Time Zone ..............................................................................................47

Remote Access ...................................................................................... 48

Firmware Upgrade..................................................................................49

Backup / Restore.................................................................................... 50

Restart Router........................................................................................51

User Management..................................................................................52

Firewall and Access Control........................................................................................................53

General Settings ....................................................................................55

Packet Filter ...........................................................................................56

Intrusion Detection .................................................................................62

MAC Address Filter ................................................................................64

URL Filter ...............................................................................................65

Firewall Log............................................................................................67

VPN (Virtual Private Networks)................................................................................................... 68

PPTP......................................................................................................68

IPSec......................................................................................................73

Advanced Option.................................................................................... 76

L2TP.......................................................................................................77

QoS (Quality of Service).............................................................................................................100

Prioritization .........................................................................................101

IP Throttling..........................................................................................102

Virtual Server (“Port Forwarding”)..............................................................................................103

Advanced...................................................................................................................................106

Static Routing.......................................................................................106

Dynamic DNS....................................................................................... 107

Check Emails ....................................................................................... 108

Device Management ............................................................................109

Table of Contents ii

SAVE CONFIGURATION TO FLASH ......................................................................................113

LOGOUT...........................................................................................................................114

CCHHAAPPTTEERR 55:: TTRROOUUBBLLEESSHHOOOOTTIINNGG............................11115

PROBLEMS STARTING UP THE ROUTER ...............................................................................115

PROBLEMS WITH THE WAN INTERFACE .............................................................................115

PROBLEMS WITH THE LAN INTERFACE ..............................................................................116

AAPPPPEENNDDIIXX AA:: PPRROODDUUCCTT SSUUPPPPOORRTT AANNDD CCOONNTTAACCTT IINNFFOORRM

MAATTIIOO

........................................................11117

Table of Contents iii

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 1: Introduction

Introduction to your BIPAC-7402(W) Router

Welcome to the Billion BIPAC-7402(W) Router. Your Billion router is an “all-in-one” unit, combining an ADSL modem, ADSL router and Ethernet network switch, providing everything you need to get the machines on your network connected to the Internet over your ADSL broadband connection. With features such as an ADSL Quick-Start wizard and DHCP Server, you can be online in no time at all and with a minimum of fuss and configuration, catering for first-time users to the guru requiring advanced features and control over their Internet connection and network.

Features

ADSL Multi-Mode Standard

Supports downstream transmission rates of up to 8Mbps and upstream transmission rates of up to 1024Kbps. It also supports rate management that allows ADSL subscribers to select an Internet access speed suiting their needs and budgets. It is compliant with MultiMode standard (ANSI T1.413, Issue 2; G.dmt(G.992.1); G.lite(G992.2)). The Annex A and B are supported in different H/W platforms.

Wireless Ethernet 802.11b (7402W Only)

Provides a wireless Ethernet 802.11b access point for extending the communication

media to WLAN.

Fast Ethernet Switch

A 4-port 10/100Mbps fast Ethernet switch is built in with automatic switching between MDI and MDI-X for 10Base-T and 100Base-TX ports. An Ethernet straight or cross-over cable can be used directly for auto detection.

Multi-Protocol to Establish A Connection

Supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM (bridged or routed), PPP over Ethernet (RFC 2516) and IPoA (RFC1577) to establish a connection with the ISP. The product also supports VC-based and LLC-based multiplexing.

Quick Installation Wizard

Supports a WEB GUI page to install this device quickly. With this wizard, end users can enter the information easily which they get from their ISP, then surf the Internet immediately.

Universal Plug and Play (UPnP) and UPnP NAT Traversal

Chapter 1: Introduction

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

This protocol is used to enable simple and robust connectivity among stand-alone devices and PCs from many different vendors. It makes network simple and affordable for users. UPnP architecture leverages TCP/IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices. With this feature enabled, users can now connect to Net meeting or MSN Messenger seamlessly.

Network Address Translation (NAT)

Allows multi-users to access outside resources such as the Internet simultaneously with one IP address/one Internet access account. Many application layer gateway (ALG) are supported such as web browser, ICQ, FTP, Telnet, E-mail, News, Net2phone, Ping, NetMeeting, IP phone and others.

Firewall

Supports SOHO firewall with NAT technology, automatically detects and blocks Denial of Service (DoS) attacks. URL blocking, packet filtering and SPI (Stateful Packet Inspection) are also supported. The hacker’s attack will be recorded associated with timestamp in the security logging area. More firewall functions will always be implemented through updated firmware releases.

Domain Name System (DNS) relay

Provides an easy way to map the domain name (a friendly name for users such as www.yahoo.com) and IP address. When a local machine sets its DNS server with this router’s IP address, every DNS conversion request packet from the PC to this router will be forwarded to the real DNS in the outside network.

Dynamic Domain Name System (DDNS)

The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname. This dynamic IP address is the WAN IP address. For example, to use the service, you must first apply for an account from a DDNS service like http://www.dyndns.org/. More than 5 DDNS servers are supported.

Virtual Private Network (VPN)

Allows user to make a tunnel with a remote site directly to secure the data transmission among the connection. User can use embedded PPTP and L2TP client/server, IKE and IPSec which are supported by this router to make a VPN connection or users can run the PPTP client in PC and the router already provides IPSec and PPTP pass through function to establish a VPN connection if the user likes to run the PPTP client in his local computer.

Virtual Server (“port forwarding”)

Users can specify some services to be visible from outside users. The router can detect incoming service requests and forward either a single port or a range of ports to the specific local computer to handle it. For example, a user can assign a PC in the LAN acting as a WEB server inside and expose it to the outside network. Outside users can browse inside web servers directly while it is protected by NAT. A DMZ host setting is also provided to a local computer exposed to the outside network, Internet.

Rich Packet Filtering

Not only filters the packet based on IP address, but also based on Port numbers. It will filter packets from and to the Internet, and also provides a higher level of security control.

Dynamic Host Configuration Protocol (DHCP) client and server

In the WAN site, the DHCP client can get an IP address from the Internet Service Provider (ISP) automatically. In the LAN site, the DHCP server can allocate a range of client IP

Chapter 1: Introduction

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

addresses and distribute them including IP address, subnet mask as well as DNS IP address to local computers. It provides an easy way to manage the local IP network.

Static and RIP1/2 Routing

Supports an easy static routing table or RIP1/2 routing protocol to support routing capability.

Simple Network Management Protocol (SNMP)

It is an easy way to remotely manage the router via SNMP.

Web based GUI

Supports web based GUI for configuration and management. It is user-friendly and comes with on-line help. It also supports remote management capability for remote users to configure and manage this product.

Firmware Upgradeable

Device can be upgraded to the latest firmware through the WEB based GUI.

Rich management interfaces

Supports flexible management interfaces with local console port, LAN port, and WAN port. Users can use terminal applications through the console port to configure and manage the device, or Telnet, WEB GUI, and SNMP through LAN or WAN ports to configure and manage the device.

Chapter 1: Introduction

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

BIPAC-7402 / 7402W ADSL Router Application

7402

7402W

Figure 1.1 Application Diagram of 7402

Figure 1.2 Application Diagram of 7402W

Thank you for your purchase, and welcome to the world of broadband Internet!

Chapter 1: Introduction

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 2: Installing the Router

Important note for using the BIPAC-7402(W) ADSL Router

Warning

 DO NOT use the BIPAC-7402(W) in high humidity or high

temperatures.

 DO NOT use the same power source for the BIPAC-7402(W) as

other equipment.

 DO NOT open or repair the case yourself. If the BIPAC-7402(W)

is too hot, turn off the power immediately and have it repaired at a qualified service center.

 Place the BIPAC-7402(W) on a stable surface.

 Only use the power adapter that comes with the package. Using

a different voltage rating power adaptor may damage the router.

ttention

Package Contents

BIPAC-7402(W) ADSL Router

CD-ROM containing the online manual

RJ-11 ADSL/telephone Cable

Ethernet (CAT-5 LAN) Cable

Console (PS2-RS232) Cable

AC-DC power adapter (12V DC, 1A)

Quick Start Guide

Chapter 2: Installing the Router

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

The Front LEDs

LED Meaning

1 PPP / MAIL

Lit steady when there is a PPPoA / PPPoE connection. Lit and flashed periodically when there is email in the Inbox.

2 ADSL

Lit when successfully connected to an ADSL DSLAM (“linesync”).

Lit when connected to an Ethernet device.

Green for 100Mbps; Orange for 10Mbps.

Blinking when data is Transmitted / Received.

LAN Port 1X — 4X

(RJ-45 connector)

WLAN (7402W Only)

Lit green when the wireless connection is established. Flashes when sending/receiving data.

5 SYS Lit when the system is ready.

6 PWR Lit when power is ON.

Chapter 2: Installing the Router

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

The Rear Ports

Port Meaning

Power Switch

PWR

RESET

＊Billion 7402W has a wireless interface and antenna. Billion 7402 router does

not have an antenna or wireless interface.

Power ON/OFF switch

Connect the supplied power adapter to this jack.

After the device is powered on, press it to reset the device or restore to factory default settings.

0-3 seconds: reset the device 6 seconds above: restore to factory default settings (this is used when you cannot login to the router. E.g.: forgot the password)

2 3

Chapter 2: Installing the Router

LAN 1X — 4X

(RJ-45 connector)

CONSOLE

LINE

Connect a UTP Ethernet cable (Cat-5 or Cat-5e) to one of the four LAN ports when connecting to a PC or an office/home network of 10Mbps or 100Mbps.

Connect a PS2/RS-232 cable to this port when connecting to a PC’s RS-232 port (9-pin serial port).

Connect the supplied RJ-11 (“telephone”) cable to this port when connecting to the ADSL/telephone network.

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Cabling

One of the most common causes of problems is bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify that you are using the proper cables.

Ensure that all other devices connected to the same telephone line as your Billion router (e.g. telephones, fax machines, analogue modems) have a line filter connected between them and the wall socket (unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician), and ensure that all line filters are correctly installed and the right way around. Missing line filters or line filters installed the wrong way around can cause problems with your ADSL connection, including causing frequent disconnections.

Chapter 2: Installing the Router

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 3: Basic Installation

The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me, etc. The product provides a very easy and user-friendly interface for configuration.

PCs must have an Ethernet interface installed properly and be connected to the router either directly or through an external repeater hub, and have TCP/IP installed and configured to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as

the router. The default IP address of the router is 192.168.1.254 and the subnet mask is

255.255.255.0 (i.e. any attached PC must be in the same subnet, and have an IP address in the

range of 192.168.1.1 to 192.168.1.253). The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP. If you encounter any problems

accessing the router’s web interface it may also be advisable to uninstall any kind of software

firewall on your PCs, as they can cause problems accessing the 192.168.1.254 IP address of the router. Users should make their own decisions on how to best protect their network.

Please follow the steps below for your PC’s network environment installation. First of all, please check your PC’s network components. The TCP/IP protocol stack and Ethernet network adapter must be installed. If not, please refer to your Windows-related or other operating system manuals.

Any TCP/IP capable workstation can be used to communicate with o

through the BIPAC-7402(W). To configure other types of workstations,

lease consult the manufacturer’s documentation.

Connecting your router

1. Connect the Router to a LAN (Local Area Network) and the ADSL/telephone network.

2. Power on the device.

3. Make sure the PWR and SYS LEDs are lit steadily and that the relevant LAN LED is lit. (For 7402W Only: the WLAN LED will be lit steadily).

Chapter 3: Basic Installation

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Configuring PCs in Windows

For Windows XP

1. Go to Start / Control Panel (in Classic View). In the

Control Panel, double-click Network Connections.

2. Double-click Local Area Connection. (See Figure 3.1)

3. In the LAN Area Connection Status window, click

Properties. (See Figure 3.2)

4. Select Internet Protocol (TCP/IP) and click

Properties. (See Figure 3.3)

5. Select the Obtain an IP address automatically and

Obtain DNS server address automatically radio buttons. (See Figure 3.4)

6. Click OK to finish the configuration.

Figure 3.1: LAN Area Connection

Figure 3.2: LAN Connection Status

Figure 3.3: TCP / IP

Figure 3.4: IP Address & DNS

Configuration

Chapter 3: Basic Installation

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

For Windows 2000

1. Go to Start / Settings / Control Panel. In the Control

Panel, double-click Network and Dial-up

Connections.

2. Double-click Local Area (“LAN”) Connection. (See

Figure 3.5)

3. In the LAN Area Connection Status window, click

Properties. (See Figure 3.6)

4. Select Internet Protocol (TCP/IP) and click

Properties. (See Figure 3.7)

5. Select the Obtain an IP address automatically and

Obtain DNS server address automatically radio buttons. (See Figure 3.8)

6. Click OK to finish the configuration.

Figure 3.5: LAN Area Connection

Figure 3.6: LAN Connection Status

Figure 3.7: TCP / IP

Figure 3.8: IP Address & DNS

Configuration

Chapter 3: Basic Installation

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

For Windows 98 / ME

1. Go to Start / Settings / Control Panel. In the Control

Panel, double-click Network and choose the

Configuration tab.

2. Select TCP / IP -> NE2000 Compatible, or the name of

any Network Interface Card (NIC) in your PC. (See Figure 3.9)

3. Click Properties.

4. Select the IP Address tab. In this page, click the Obtain

an IP address automatically radio button. (See Figure

3.10)

5. Then select the DNS Configuration tab. (See Figure

3.11)

6. Select the Disable DNS radio button and click OK to

finish the configuration.

Figure 3.9: TCP / IP

Figure 3.10: IP Address

Figure 3.11: DNS Configuration

Chapter 3: Basic Installation

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

For Windows NT4.0

1. Go to Start / Settings / Control Panel. In the Control

Panel, double-click Network and choose the Protocols

tab.

2. Select TCP/IP Protocol and click Properties. (See

Figure 3.12)

3. Select the Obtain an IP address from a DHCP server

radio button and click OK. (See Figure 3.13)

Figure 3.12: TCP / IP

Figure 3.13: IP Address

Chapter 3: Basic Installation

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Factory Default Settings

Before configuring your, you need to know the following default settings.

Web Interface:

Username: admin Password: admin

LAN Device IP Settings:

IP Address: 192.168.1.254

Subnet Mask: 255.255.255.0

ISP setting in WAN site:

PPPoE

DHCP server:

DHCP server is enabled. Start IP Address: 192.168.1.100

IP pool counts: 100

Username and Password

The default username and password are “admin” and “admin” respectively.

If you ever forget the password to log in, you may press the RESET button up to 6 seconds to restore the factory default settings.

LAN and WAN Port Addresses

The parameters of LAN and WAN ports are pre-set in the factory. The default values are shown below.

LAN Port WAN Port

IP address Subnet Mask

DHCP server function IP addresses for

distribution to PCs

Chapter 3: Basic Installation

192.168.1.254

255.255.255.0

Enabled

100 IP addresses continuing from

192.168.1.100 through 192.168.1.199

The PPPoE function is enabled

to automatically get the WAN port configuration from the ISP, but you have to set the username and password first.

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Information from your ISP

Before configuring this device, you have to check with your ISP (Internet Service Provider) what kind of service is provided such as PPPoE, PPPoA, RFC1483, or IPoA.

Gather the information as illustrated in the following table and keep it for reference.

PPPoE VPI/VCI, VC-based/LLC-based multiplexing, Username, Password, Service

Name, and Domain Name System (DNS) IP address (it can be automatically

assigned by your ISP when you connect or be set manually).

PPPoA VPI/VCI, VC-based/LLC-based multiplexing, Username, Password, and

Domain Name System (DNS) IP address (it can be automatically assigned by

your ISP when you connect or be set manually).

RFC1483 Bridged VPI/VCI, VC-based/LLC-based multiplexing to use Bridged Mode.

RFC1483 Routed VPI/VCI, VC-based/LLC-based multiplexing, IP address, Subnet mask,

Gateway address, and Domain Name System (DNS) IP address (it is fixed IP

address).

IPoA VPI/VCI, VC-based/LLC-based multiplexing, IP address, Subnet mask,

Gateway address, and Domain Name System (DNS) IP address (it is fixed IP

address).

Chapter 3: Basic Installation

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Configuring with your Web Browser

Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt will appear. The default username

and password are “admin” and “admin”. (See Figure 3.14)

Figure 3.14: User namd & Password Prompt Widonw

Congratulation! You are now successfully logon to the BIPAC-7402 / 7402W ADSL Router!

Chapter 3: Basic Installation

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

At the configuration homepage, the left navigation pane where bookmarks are provided links you directly to the desired setup page, including:

Status (ARP Table, Wireless Association, Routing Table, DHCP Table, PPTP Status,

IPSec Status, L2TP Status, Email Status, Event Log, Error Log, NAT Sessions and UPnP Portmap)

Quick Start Configuration (LAN, WAN, System, Firewall, VPN, QoS, Virtual Server and Advanced) Save Config to FLASH Language (provides user interface in English and German languages).

Please see the relevant sections of this manual for detailed instructions on how to configure your Billion router.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Status

ARP Table

This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s

Firewall – MAC Address Filter function. See the Firewall section of this manual for more

information on this feature.

IP Address: A list of IP addresses of devices on your LAN (Local Area Network). MAC Address: The MAC (Media Access Control) addresses for each device on your LAN. Interface: The interface name (on the router) that this IP Address connects to. Static: Static status of the ARP table entry:

“no” for dynamically-generated ARP table entries “yes” for static ARP table entries added by the user

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Routing Table

Routing Table: Valid: It indicates a successful routing status. Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route.

RIP Routing Table: Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway: The IP address of the gateway that this route will use. Cost: The number of hops counted as the cost of the route.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

DHCP Table

Leased: The DHCP assigned IP addresses information. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). Expired: The expired IP addresses information. Permanent: The fixed host mapping information

Leased Table

IP Address: The IP address that assigned to client. Client UID/hw addr: The MAC address of client. Client Host Name: The Host Name (Computer Name) of client. Expiry: The current lease time of client.

Expired Table

Please refer the Leased Table.

Permanent Table

Name: The name you assigned to the Permanent configuration. IP Address: The fixed IP address for the specify client. MAC Address: The MAC Address that you want to assign the fixed IP address Maximum Lease Time: The maximum lease time interval you allow to clients

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

PPTP Status

This shows details of your configured PPTP VPN Connections.

Name: The name you assigned to the particular PPTP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active. Tunnel Connected: Whether the VPN Tunnel is currently connected. Call Connected: If the Call for this VPN entry is currently connected. Encryption: The encryption type used for this VPN connection.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

IPSec Status

This shows details of your configured IPSec VPN Connections.

Name: The name you assigned to the particular VPN entry. Active: Whether the VPN Connection is currently Active. Connection State: Whether the VPN is Connected or Disconnected. Statistics: Statistics for this VPN Connection. Local Subnet: The local IP Address or Subnet used. Remote Subnet: The Subnet of the remote site. Remote Gateway: The Remote Gateway IP address. SA: The Security Association for this VPN entry.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

L2TP Status

This shows details of your configured L2TP VPN Connections.

Name: The name you assigned to the particular L2TP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active. Tunnel Connected: Whether the VPN Tunnel is currently connected. Call Connected: If the Call for this VPN entry is currently connected. Encryption: The encryption type used for this VPN connection.

Email Status

Details and status for the Email Account you have configured the router to check. Please see

the Advanced section of this manual for details on this function.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Event Log

This page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s ADSL connection is disconnected, as well as Firewall events when you

have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Firewall section of this manual for more details on how to enable

Firewall logging.

Error Logging

Any errors encountered by the router (e.g. invalid names given to entries) are logged to this window.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

NAT Sessions

This section lists all current NAT sessions between interface of types external (WAN) and internal (LAN).

UPnP Portmap

The section lists all port-mapping established using UPnP (Universal Plug and Play). Please

see the Advanced section of this manual for more details on UPnP and the router’s UPnP

configuration options.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Quick Start

For detailed instructions on configuring your WAN settings, please see the WAN section of this

manual.

Usually, the only details you will need for the Quick Start wizard to get you online are your login

(often in the form of username@ispname), your password and the encapsulation type.

Your ISP will be able to supply all the details you need, alternatively, if you have deleted the

current WAN Connection in the WAN – ISP section of the interface, you can use the router’s

PVC Scan feature to attempt to determine the Encapsulation types offered by your ISP.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Click Start to begin scanning for encapsulation types offered by your ISP. If the scan is

successful you will then be presented with a list of supported options:

Select the desired option from the list and click Apply to return to the Quick Start interface to

continue configuring your ISP connection. Please note that the contents of this list will vary, depending on what is supported by your ISP.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Configuration

When you click this item, you get following sub-items to configure the ADSL router.

LAN, WAN, System, Firewall, VPN, QoS, Virtual Server and Advanced

These functions are described below in the following sections.

LAN (Local Area Network)

There are four items within the LAN section: Ethernet, Wireless, Wireless Security, Port Setting and DHCP Server.

Ethernet

The router supports two Ethernet IP addresses in the LAN, and two different LAN subnets through which you can access the Internet at the same time. Users usually only have one subnet in their LAN, so there is no need to configure a Secondary IP address. The default IP address for the router is 192.168.1.254.

RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function.

The Subnet mask of Secondary IP Address depends on the setting o Primary IP Address.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Wireless (7402W Only)

WLAN Service: Default setting is set to Enable. ESSID: Enter the unique ID given to the Access Point (AP), which is already built-in to the

router’s wireless interface. To connect to this device, your wireless clients must have the same ESSID as the device.

ESSID Broadcast:

 Disable: Any client that using the “any” setting cannot discover the Access Point (AP)

in question.

 Enable: Any client that using the “any” setting can discover the Access Point (AP) in

question.

Regulation Domain: There are five Regulation Domains for you to choose from, including North America (N.America), Europe, France, etc. The Channel ID will be different based

on this setting.

Channel ID: Select the ID channel that you would like to use. Reset: Reset the Access Point (AP), which is already built-in to the router’s wireless

interface.

Connected: True or False. That it is the connection status between the system and the

build-in wireless card.

Card Type: The name of Chipset, which is already build-in to the router’s wireless

interface.

AP Firmware Version: The Access Point firmware version. Primary Firmware Version:The initial boot code firmware version in build-in wireless card.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Wireless Security (7402W Only)

You can disable or enable with WPA or WEP for protecting wireless network.

The default mode of wireless security is disabled.

WPA Pre-Shared Key

WPA Algorithms: TKIP (Temporal Key Integrity Protocol) utilizes a stronger encryption

method and incorporates Message Integrity Code (MIC) to provide protection against hackers.

WPA Shared Key: The key for network authentication. The input format is in character

style and key size should be in the range between 8 and 63 characters.

Group Key Renewal: The period of renewal time for changing the security key automatically between wireless client and Access Point (AP).

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

WEP

WEP Encryption: To prevent unauthorized wireless stations from accessing data

transmitted over the network, the router offers highly secure data encryption, known as WEP. If you require high security for transmissions, there are two alternatives to select

from: WEP 64 and WEP 128. WEP 128 will offer increased security over WEP 64. Passphrase: This is used to generate WEP keys automatically based upon the input

string and a pre-defined algorithm in WEP64 or WEP128. You can input the same string in both the AP and Client card settings to generate the same WEP keys. Please note that

you do not have to enter Key (0-3) as below when the Passphrase is enabled.

Default Used WEP Key: Select the encryption key ID, please refer to Key (0-3) below. Key (0-3): Enter the key to encrypt wireless data. To allow encrypted data transmission,

the WEP Encryption Key values on all wireless stations must be the same as the router. There are four keys for your selection. The input format is in HEX style, 5 and 13 HEX codes are required for WEP64 and WEP128 respectively, the separator is “-“. For example, using WEP64, 11-22-33-44-55 is a valid key, whilst 1122334455 is invalid.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Port Setting

This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well allowing users to tweak the performance of their network.

Port # Connection Type: Five options to choose from: Auto, 10M half-duplex, 10M full-

duplex, 100M half-duplex or 100M full-duplex. Sometimes, there are Ethernet compatibility problems with legacy Ethernet devices, and you can configure different types to solve

compatibility issues. The default is Auto, which users should keep unless there are

specific problems with PCs not being able to access your LAN.

IPv4 TOS priority Control (Advanced users): TOS, Type of Services, is the 2

octet of an IP packet. Bits 6-7 of this octet are reserved and bit 0-2 are used to specify the priority (precedence) of the packet, and bits 3-5 are specified the delay, throughput and reliability.

This feature uses bits 0-2 to classify the packet’s priority. If the packet is high priority, it will flow first. Therefore, when this feature is enabled, the router’s Ethernet switch will check

the 2

octet of each IP packet. If the value in the Precedence of TOS field matches the

checked values in the table (0 to 7), this packet will be treated as high priority.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

DHCP Server

You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically.

To disable the router’s DHCP Server, check Disabled and click Next, then click Apply.

When the DHCP Server is disabled you will need to manually assign a fixed IP address to each PCs on your network, and set the default gateway for each PCs to the IP address of the router (by default this is 192.168.1.254).

To configure the router’s DHCP Server, check DHCP Server and click Next. You can then

configure parameters of the DHCP Server including the IP pool (starting IP address and ending IP address to be allocated to PCs on your network), lease time for each assigned IP address (the period of time the IP address assigned will be valid), DNS IP address and the gateway IP address. These details are sent to the DHCP client (i.e. your PC) when it

requests an IP address from the DHCP server. Click Apply to enable this function. If you check “Use Router as a DNS Server”, the ADSL Router will perform the domain name

lookup, find the IP address from the outside network automatically and forward it back to the requesting PC in the LAN (your Local Area Network).

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

If you check DHCP Relay Agent and click Next, then you will have to enter the IP address

of the DHCP server which will assign an IP address back to the DHCP client in the LAN. Use this function only if advised to do so by your network administrator or ISP.

Click Apply to enable this function.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

WAN (Wide Area Network)

WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP

and the Internet. There are two items within the WAN section: ISP, DNS and ADSL.

ISP

The factory default is PPPoE. If your ISP uses this access protocol, click Edit to input

other parameters as below. If your ISP does not use PPPoE, you can change the default

WAN connection entry by clicking Change. A simpler alternative is to select Quick Start from the main menu on the left. Please see

the Quick Start section of the manual for more information.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

RFC 1483 Routed Connections

Description: Your description of this connection. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the

Internet through a single IP account, sharing the single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.

Encapsulation method: Select the encapsulation format, the default is LlcBridged. Select

the one provided by your ISP.

DHCP client: Enable or disable the DHCP client, specify if the Router can get an IP address from the Internet Service Provider (ISP) automatically or not. Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click

Specify an IP address to disable the DHCP client function, and specify the IP address manually. The setting of this item is specified by your ISP.

RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-

specific headers) that IP will attempt to send through the interface.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

PPPoE Connections

Description: A user-definable name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the

Internet through a single ISP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.

Username: Enter the username provided by your ISP. You can input up to 128

alphanumeric characters (case sensitive). This will usually be in the format of “username@ispname” instead of simply “username”.

Password: Enter the password provided by your ISP. You can input up to 128

alphanumeric characters (case sensitive).

Service Name: This item is for identification purposes. If it is required, your ISP will provide you the information. Maximum input is 20 alphanumeric characters.

IP Address: specify if the Router can get an IP address from the Internet Server Provider

(ISP) automatically or not. Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

DHCP client function, and specify the IP address manually. The setting of this item is specified by your ISP.

Authentication Protocol: Default is Chap(Auto). Your ISP will advise you whether to use Chap or Pap.

Connection:

 Always on: If you want the router to establish a PPPoE session when starting up and

to automatically re-establish the PPPoE session when disconnected by the ISP.

 Connect to Demand: If you want to establish a PPPoE session only when there is a

packet requesting access to the Internet (i.e. when a program on your computer attempts

to access the Internet). Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity

on the line for a predetermined period of time.

 Detail: You can define the destination port and packet type (TCP/UDP) without

checking by timer. It allows you to set which outgoing traffic will not trigger and reset the idle timer.

RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-

specific headers) that IP will attempt to send through the interface.

Advanced Options (PPPoE)

LLC Header: Selects encapsulation mode, true for using LLC or false for using VC-Mux. Create Route: This setting specifies whether a route is added to the system after IPCP

(Internet Protocol Control Protocol) negotiation is completed. If set to enabled, a route will be created which directs packets to the remote end of the PPP link.

Specific Route: Specifies whether the route created when a PPP link comes up is a specific or default route. If set to enabled, the route created will only apply to packets for

the subnet at the remote end of the PPP link. The address of this subnet is obtained during IPCP negotiation.

Subnet Mask: sets the subnet mask used for the local IP interface connected to the PPP transport. If the value 0.0.0.0 is supplied, the netmask will be calculated from the class of

the IP address obtained during IPCP negotiation.

Route Mask: Sets the subnet mask used by the route that is created when a PPP link comes up. If it is set to 0.0.0.0, the subnet mask is determined by the IP address of the

remote end of the link. The class of the IP address is obtained during IPCP (Internet Protocol Control Protocol) negotiation.

MRU : Maximum Receive Unit. This is negotiated during the LCP protocol stage. Discover Primary / Secondary DNS: This setting enables/disables whether the

primary/secondary DNS server address is requested from a remote PPP peer using IPCP.

The default setting for this command is enabled.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Give DNSto Relay: Controls whether the PPP Internet Protocol Control Protocol (IPCP)

can request the DNS server IP address for a remote PPP peer. Once IPCP has discovered the DNS server IP address, it automatically gives the address to the local DNS relay so that a connection can be established.

Give DNSto Client: Controls whether the PPP Internet Protocol Control Protocol (IPCP)

can request a DNS server IP address for a remote PPP peer. Once IPCP has discovered the DNS server IP address, it automatically gives the address to the local DNS client so that a connection can be established.

Give DNSto DHCP Server: Similar to the above, but gives the DNS server address to the

DHCP server.

Discover Primary NBNS / Discover Secondary NBNS: This setting enables/disables

whether the primary/secondary NBNS server address is requested from a remote PPP peer using IPCP. The default setting for this command is disabled.

Discover Subnet Mask: Specifies if the subnet mask given by IPCP negotiation process is to be used.

Give Subnet Mask To DHCP Server: Enable to change your DHCP Server settings by using the given information in IPCP negotiation process.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

RFC 1483 Bridged Connections

VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encapsulation method: Select the encapsulation format, this is provided by your ISP. Ether Filter Type: Specify the type of ethernet filtering performed by the named bridge

interface.

All

Pppoe

Allows all types of ethernet packets through the port.

Allows only IP/ARP types of ethernet packets through the port.

Allows only PPPoE types of ethernet packets through the port.

Spanning Bridge Interface: Enable/Disable spanning tree function of modem.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

PPPoA Routed Connections

Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the

Internet through a single IP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.

Username: Enter the username provided by your ISP. You can input up to 128

alphanumeric characters (case sensitive). This will usually be in the format of “username@ispname” instead of simply “username”.

Password: Enter the password provided by your ISP. You can input up to 128

alphanumeric characters (case sensitive).

IP Address: Specify an IP address allowed to logon and access the router’s web server.

Note: IP 0.0.0.0 indicates all users who are connected to this router are allowed to logon

the device and modify data. Authentication Protocol Type: Default is Chap (Auto). Your ISP will advise you whether

to use Chap or Pap.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Connection:

 Always on: If you want the router to establish a PPPoA session when starting up and

to automatically re-establish the PPPoA session when disconnected by the ISP.

 Connect to Demand: If you want to establish a PPPoA session only when there is a

packet requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet).

Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity

on the line for a predetermined period of time.

 Detail: You can define the destination port and packet type (TCP/UDP) without

checking by timer. It allows you to set which outgoing traffic will not trigger and reset the idle timer.

RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-

specific headers) that IP will attempt to send through the interface.

Advanced Options (PPPoA)

LLC Header: Selects encapsulation mode, true for using LLC or false for using VC-Mux. Create Route: This setting specifies whether a route is added to the system after IPCP

(Internet Protocol Control Protocol) negotiation is completed. If set to enabled, a route will be created which directs packets to the remote end of the PPP link.

Specific Route: Specifies whether the route created when a PPP link comes up is a specific or default route. If set to enabled, the route created will only apply to packets for

the subnet at the remote end of the PPP link. The address of this subnet is obtained during IPCP negotiation.

Subnet Mask: sets the subnet mask used for the local IP interface connected to the PPP transport. If the value 0.0.0.0 is supplied, the netmask will be calculated from the class of

the IP address obtained during IPCP negotiation.

Route Mask: Sets the subnet mask used by the route that is created when a PPP link comes up. If it is set to 0.0.0.0, the subnet mask is determined by the IP address of the

remote end of the link. The class of the IP address is obtained during IPCP (Internet Protocol Control Protocol) negotiation.

MRU : Maximum Receive Unit. This is negotiated during the LCP protocol stage. Discover Primary / Secondary DNS: This setting enables/disables whether the

primary/secondary DNS server address is requested from a remote PPP peer using IPCP.

The default setting for this command is enabled. Give DNSto Relay: Controls whether the PPP Internet Protocol Control Protocol (IPCP)

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Give DNSto Client: Controls whether the PPP Internet Protocol Control Protocol (IPCP)

Give DNSto DHCP Server: Similar to the above, but gives the DNS server address to the

DHCP server.

Discover Primary NBNS / Discover Secondary NBNS: This setting enables/disables

whether the primary/secondary NBNS server address is requested from a remote PPP peer using IPCP. The default setting for this command is disabled.

Discover Subnet Mask: Specifies if the subnet mask given by IPCP negotiation process is to be used.

Give Subnet Mask To DHCP Server: Enable to change your DHCP Server settings by using the given information in IPCP negotiation process.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

IPoA Routed Connections

Internet through a single IP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.

DHCP client: Enable or disable the DHCP client, specifying if the router can obtain an IP address from the Internet Service Provider (ISP) automatically or not. Please click Obtain

an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function, and specify the IP address

manually. The setting of this item is specified by your ISP.

RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-

specific headers) that IP will attempt to send through the interface.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

DNS

A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. On the Internet, every host has a unique and user-friendly name (domain name) such as www.abc.com and an IP address. An IP address is a 32-bit number in the

form of xxx.xxx.xxx.xxx, for example 192.168.1.254. You can think of an IP address as a

telephone number for devices on the Internet, and the DNS will allow you to find the telephone number for any particular domain name. As an IP Address is hard to remember, the DNS converts the friendly name into its equivalent IP Address.

You can obtain a Domain Name System (DNS) IP address automatically if your ISP has provided it when you logon. Usually when you choose PPPoE or PPPoA as your WAN ISP protocol, the ISP will provide the DNS IP address automatically. You may leave the configuration field blank. Alternatively, your ISP may provide you with an IP address of their DNS. If this is the case, you must enter the DNS IP address.

If you choose one of the other three protocols ─ RFC1483 Routed/Bridged and IPoA check with your ISP, it may provide you with an IP address for their DNS server. You must enter the DNS IP address if you set the DNS of your PC to the LAN IP address of this router.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

ADSL

Connect Mode: The default is Multimode; it will detect the ADSL line code, G.dmt, G.lite,

and T1.413 automatically. But in some area, it cannot detect the ADSL line code well. At this time, please adjust the ADSL line code to G.dmt or T1.413 first. If it still fails, please try the other values such as ALCTL, ADI, etc.

Activate Line: Aborting (false) your ADSL line and making it active (true) again for taking effect with setting of Connect Mode.

Coding Gain: Configure the ADSL coding gain from 0 dB to 7dB, or automatic. Tx Attenuation: Setting ADSL transmission gain, the value is between 0~12. DSP FirmwareVersion: Current ADSL line code firmware version. Connected: Display current ADSL line sync status. Operational Mode: Display current ADSL mode standard (Operational Mode) your Router

is using when ADSL line has sync. Annex Type: ADSL Annex A, which works over a standard telephone line. Annex B,

which works over an ISDN line. Upstream: Display current upstream rate of your ADSL line. Downstream: Display current downstream rate of your ADSL line.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

System

There are six items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management.

Time Zone

The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network.

Choose your local time zone, click Enable and click the Apply button. After a successful

connection to the Internet, the router will retrieve the correct local time from the SNTP server you have specified. If you prefer to specify an SNTP server other than those in the drop-down list, simply enter its IP address as shown above. Your ISP may provide an SNTP server for you to use.

Resync Poll Interval (in minutes) is the periodic interval the router will wait before it re-

synchronizes the router’s time with that of the specified SNTP server. In order to avoid unnecessarily increasing the load on your specified SNTP server you should keep the poll interval as high as possible – at the absolute minimum every few hours or even days.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Remote Access

To temporarily permit remote administration of the router (i.e. from outside your LAN),

select a time period the router will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI.

If you wish to permanently enable remote access, choose a time period of 0 minutes. This setting cannot be saved into flash when timer set to zero.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Firmware Upgrade

Your router’s “firmware” is the software that allows it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs. Over time this software may be improved and modified, and your router allows you to upgrade the software it runs to take advantage of these changes.

Clicking on Browse will allow you to select the new firmware image file you have

downloaded to your PC. Once the correct file is selected, click Upgrade to update the firmware in your router.

Warning

DO NOT power down the router or interrupt the firmware upgrading while it is still in process. Improper operation could damage the router.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Backup / Restore

These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.

Press Backup to select where on your local PC to save the settings file. You may also

change the name of the file when saving if you wish to keep multiple backups.

Press Browse to select a file from your PC to restore. You should only restore settings

files that have been generated by the Backup function, and that were created when using

the current version of the router’s firmware. Settings files saved to your PC should not be manually edited in any way.

After selecting the settings file you wish to use, pressing Restore will load those settings

into the router.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Restart Router

Click Restart with option Current Settings to reboot your router (and restore your last

saved configuration).

If you wish to restart the router using the factory default settings (for example, after a

firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.

You may also reset your router to factory settings by holding the small Reset pinhole button on the back of your router in for 10-12 seconds whilst the router is turned on.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

User Management

In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. You can set up multiple user accounts, each with their own password.

You are able to Edit existing users and Create new users who are able to access the device’s configuration interface. Once you have clicked on Edit, you are shown the

following options:

You can change the user’s password, whether their account is active and Valid, as well

as add a comment to each user account. These options are the same when creating a user account, with the exception that once created you cannot change the username. You cannot delete the default admin account, however you can delete any other created

accounts by clicking Delete when editing the user. You are strongly advised to change the password on the default “admin” account when

you receive your router, and any time you reset your configuration to Factory Defaults.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Firewall and Access Control

Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this,

when using NAT (Network Address Translation. Please see the WAN configuration section for

more details on NAT) the router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.

Firewall: Prevents access from outside your network. The router provides three levels of

security support:

NAT natural firewall: This masks LAN users’ IP addresses which are invisible to outside users

on the Internet, making it much more difficult for a hacker to target a machine on your network. This natural firewall is on when NAT function is enabled.

When using Virtual Servers your PCs will be exposed to the degree specified in your Virtual Server settings provided the ports specified are opened in your firewall packet filter settings.

Firewall Security and Policy (General Settings): Inbound direction of Packet Filter rules to

prevent unauthorized computers or applications accessing your local network from the Internet.

Intrusion Detection: Enable Intrusion Detection to detect, prevent and log malicious attacks. Access Control: Prevents access from PCs on your local network: Firewall Security and Policy (General Settings): Outbound direction of Packet Filter rules to

prevent unauthorized computers or applications accessing the Internet.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

MAC Filter rules: To prevent unauthorized computers accessing the Internet. URL Filter: To block PCs on your local network from unwanted websites.

You can find six items under the Firewall section: General Settings, Packet Filter, Intrusion Detection, MAC Address Filter, URL Filter and Firewall Log.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

General Settings

You can select disable to disable Firewall feature, to add all filter rules by yourself, or enable the Firewall using preset filter rules and modify the port filter rules as required. The Packet Filter is divided into two sections: Port Filters and Address Filters, used to filter packets based-on Applications (Port) or IP addresses.

There are four options when you enable the Firewall, they are:

All blocked/User-defined: no pre-defined port or address filter rules by default,

meaning that all inbound (Internet to LAN) and outbound (LAN to Internet) packets will be blocked. Users have to add their own filter rules for further access to the Internet.

High/Medium/Low security level: the pre-defined port filter rules for High, Medium

and Low security are displayed in Port Filters of Packet Filter.

Select either High, Medium or Low security level to enable the Firewall. The only

difference between these three security levels is the preset port filter rules in the Packet Filter. Firewall functionality is the same for all levels; it is only the list of preset port filters that changes between each setting.

If you choose the preset security levels and then add custom filters, you may temporarily disable the firewall and recover your custom filter settings by re-selecting the same security level.

The “Block WAN Request” is a stand-alone function and not relate to whether security

enable or disable. Mostly it is for preventing any scan tools from WAN site by hacker.

Any remote user who is attempting to perform this action may result in blocking all the accesses to configure and manage of the device from the Internet.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Packet Filter

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Port Filters

The pre-defined port filter rules for High, Medium and Low security levels are listed. See Table 1.

Table 1: Pre-defined Port Filter

Port Number Firewall - High Firewall - Medium Firewall - Low

Application Protocol

Start End Inbound Outbound Inbound Outbound Inbound Outbound

HTTP(80) TCP(6) 80 80 NO

DNS (53) UDP(17) 53 53 NO

DNS (53) TCP(6) 53 53 NO

FTP(21) TCP(6) 21 21 NO NO NO

Telnet(23) TCP(6) 23 23 NO NO NO

SMTP(25) TCP(6) 25 25 NO

POP3(110) TCP(6) 110 110 NO

NEWS(119) TCP(6) 119 119 NO NO NO

RealAudio

(7070)

PING ICMP(1) N/A N/A NO

H.323(1720) TCP(6) 1720 1720 NO NO NO

T.120(1503) TCP(6) 1503 1503 NO NO NO

UDP(17) 7070 7070 NO NO

YES

YES YES YES YES

YES

YES YES YES

YES

YES YES YES

YES

SSH(22) TCP(6) 22 22 NO NO NO

NTP(123) UDP(17) 123 123 NO

HTTPS(443) TCP(6) 443 443 NO NO NO

ICQ (5190) TCP(6) 5190 5190 NO NO NO

YES

YES YES YES

YES

NO YES YES

Inbound: Internet to LAN Outbound: LAN to Internet.

Chapter 4: Configuration

YES

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Address Filters

Address Filters are used to block traffic to/from particular IP addresses. They can be used to block IP addresses either on the Internet or on your local network. There are no predefined address filter rules; you can add the filter rules to meet your requirements. There are two kinds of address filters, one is inbound, and the other is outbound. The rules can be set to prevent unauthorized users (hosts or network) to access the Internet from LAN (outbound) and/or access LAN from the Internet (inbound).

Host IP Address: This is the IP address you wish to block access to or from. Host Subnet Mask: This is the subnet mask for the IP address range you wish to block. Direction: Whether you want to block access to the Internet (“outbound”), from the

Internet (“inbound”) or both to and from the Internet (“both”).

Tip: To block access to/from a single IP address, enter that IP address as the Host IP

Address and use a Host Subnet Mask of “255.255.255.255”.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Example: Configuring your firewall to allow for a publicly accessible web server

on your LAN

The pre-defined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.

As you can see from the diagram below, when the firewall is enabled with one of the three presets (Low/Medium/High), inbound HTTP access is not allowed.

Configuring Packet Filter

1. Click Packet Filter - you will get the following page:

Click Port Filters

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

2. Click Port Filters. You will then be presented with the pre-defined port filter rules screen (in

this case for the low security level), shown below:

Click Delete

3. Click Delete to delete the existing HTTP rule.

4. Click Add TCP Filter.

Click Add TCP Filter

5. Input the port number (80) and set both Inbound & Outbound to Allow.

Input HTTP port number

Select “Allow”

6. The new port filter rule for HTTP is shown below:

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

HTTP inbound & outbound application

7. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server:

To enable the HTTP service in Virtual Server settings, input the web server PC’s IP address.

Tip: If you wish to setup permanent remote management of your router, you may enter

the router’s IP instead.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Intrusion Detection

The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and

intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.

Blacklist: If the router detects a possible attack, the source IP or destination IP address

will be added to the Blacklist. Any further attempts using this IP address will be blocked for

the time period specified as the Block Duration. The default setting for this function is

false (disabled). Some attack types are denied immediately without using the Blacklist

function, such as Land attack and Echo/CharGen scan.

Block Duration:

DoS Attack Block Duration: This is the duration for blocking hosts that attempt a

possible Denial of Service (DoS) attack. Possible DoS attacks this attempts to block

include Ascend Kill and WinNuke. Default value is 1800 seconds.

Scan Attack Block Duration: This is the duration for blocking hosts that attempt a

possible Scan attack. Scan attack types include X’mas scan, IMAP SYN/FIN scan and similar attempts. Default value is 86400 seconds.

Victim Protection Block Duration: This is the duration for blocking Smurf attacks.

Default value is 600 seconds.

Victim Protection: If enabled, IDS will block Smurf attack attempts. Default is false. Max TCP Open Handshaking Count: This is a threshold value to decide whether a SYN

Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.

Max PING Count: This is a threshold value to decide whether an ICMP Echo Storm is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not.

Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event

Log. It cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Type of

Intrusion Name Detect Parameter Blacklist

Block

Duration

Ascend Kill

WinNuke

Smurf

Land attack

Echo/CharGen Scan

Echo Scan

CharGen Scan

X’mas Tree Scan

IMAP

SYN/FIN Scan

SYN/FIN/RST/ACK

Scan

Net Bus Scan

Back Orifice Scan

SYN Flood

ICMP Flood

ICMP Echo

Ascend Kill data Src IP DoS Yes Yes

TCP

Port 135, 137~139,

Flag: URG

ICMP type 8

Des IP is broadcast

SrcIP = DstIP Yes Yes

UDP Echo Port and

CharGen Port

UDP Dst Port =

Echo(7)

UDP Dst Port =

CharGen(19)

TCP Flag: X’mas Src IP Scan Yes Yes

TCP Flag: SYN/FIN

DstPort: IMAP(143) SrcPort: 0 or 65535

TCP,

No Existing session

And Scan Hosts

more than five.

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

UDP, DstPort =

Orifice Port (31337)

Max TCP Open

Handshaking Count

(Default 100 c/sec)

Max ICMP Count

(Default 100 c/sec)

Max PING Count

(Default 15 c/sec)

Src IP DoS Yes Yes

Dst IP

Yes Yes

Src IP Scan Yes Yes

SrcIP Scan Yes Yes

Yes

Victim

Protection

Src IP: Source IP Src Port: Source Port Dst Port: Destination Port Dst IP: Destination IP

Drop

Packet

Yes Yes

Show Log

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

MAC Address Filter

A MAC (Media Access Control) address is the unique network hardware identifier for each PC on your network’s interface (i.e. its Network Interface Card or Ethernet card). Using your router’s MAC Address Filter function, you can configure the switch to only accept traffic from specified machines, or else to block specific machines from accessing your LAN.

There are no pre-defined MAC address filter rules; you can add the filter rules to meet your requirements

Enable/Disable: To enable or disable the MAC Address Filter function. Allowed/Blocked: To allow or block the following MAC addresses to surf outside network

only. If you check Allowed, please be sure your PC’s MAC address is listed. If you check Blocked, please be sure your PC’s MAC address is not listed.

MAC Address: There are 10 entries to enter the MAC addresses you want manage.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

URL Filter

URL (Uniform Resource Locator – e.g. an address in the form of http://www.abc.com or

http://www.example.com) filter rules allow you to prevent users on your network from

accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements.

Enable/Disable: To enable or disable URL Filter feature. Always Block: Select to always check the URL filter rules (i.e. at all hours of the day). Block from: Specify the time period to check the URL filter rules (e.g. during work hours). Keywords Filtering: Allows blocking by specific keywords within a particular URL rather

than having to specify a complete URL (e.g. to block any image called “advertisement.gif”). When enabled, your specified keywords list will be checked to see if any keywords are present in URLs accessed to determine if the connection attempt should be blocked. Please note that the URL filter blocks web browser (HTTP) connection attempts using port 80 only.

For example, if the URL is

/abcde.html, it will be dropped as the keyword “abcde” occurs in

the URL.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Domains Filtering: This function checks the domain name in URLs accessed against

your list of domains to block or allow. If it is matched, the URL request will be sent (Trusted) or dropped (Forbidden). The checking procedure is:

1. Check the domain in the URL to determine if it is in the trusted list. If yes, the

connection attempt is sent to the remote web server.

2. If not, check if it is listed in the forbidden list, and if present then the connection

attempt is dropped..

3. If the packet does not match either of the above two items, it is sent to the remote web

server.

4. Please be note that the domain only should be specified, not the full URL. For

example to block traffic to

www.sex.com, enter “sex” or “sex.com” instead of

“www.sex.com”. In the example below, the URL request for will be sent to the remote web server because it is listed in the trusted list, whilst the URL request for or

www.sex.com will be dropped, because sex.com is in the forbidden list.

www.sex

Restrict URL Features:

Block Java Applet: This function can block Web content which including the Java

Applet. It is for preventing someone who wants to damage your system via standard HTTP protocol.

Block surfing by IP address: Preventing someone who uses the IP address as URL for

skipping Domains Filtering function.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Firewall Log

Firewall Log display log information of any unexpected action with your firewall settings.

Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

VPN (Virtual Private Networks)

Your router support three main types of VPN (Virtual Private Network), PPTP, IPSec and L2TP,

and these are the two major section choices from the menu on the left.

PPTP

There are two types of PPTP VPN supported, Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to configure a new VPN connection.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Remote Access PPTP Connection

Connection Name: This allows you to identify this particular connection, e.g. “Connection

to office”.

Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.

When configuring your router as a Client, enter the remote Server IP Address (or

Hostname) you wish to connection to.

When configuring your router as a server, enter the Private IP Address Assigned

to Dial in User address.

Username: If you are a Dial-Out user (client), enter the username provided by your Host.

If you are a Dial-In user (server), enter your own username.

Password: If you are a Dial-Out user (client), enter the password provided by your Host.

If you are a Dial-In user (server), enter your own password.

PPP Authentication Type: Default is Auto if you want the router to determine the

authentication type to use, or else manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a server). When using PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that the client has not been replaced by an intruder.

Data Encryption: Data sent over the VPN connection can be encrypted by an MPPE algorithm. Default is Auto, so that this setting is negotiated when establishing a connection, or else you can manually Enable or Disable encryption.

Key Length: The data can be encrypted by MPPE algorithm with 40 bits or 128 bits. Default is Auto, it is negotiated when establishing a connection. 128 bit keys provide

stronger encryption than 40 bit keys.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Mode: You may select Stateful or Stateless mode. The key will be changed every 256

packets when you select Stateful mode. If you select Stateless mode, the key will be changed in each packet.

Idle Time: Auto-disconnect the VPN connection when there is no activity on the

connection for a predetermined period of time. 0 means this connection is always on.

Click Apply after changing settings.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

LAN to LAN PPTP Connection

Connection Name: A user-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a

remote VPN server, e.g. your office server), check Dial In operates as a VPN server.

When configuring your router establish the connection to a remote LAN, enter the

remote Server IP Address (or Hostname) you wish to connection to.

When configuring your router as a server to accept incoming connections, enter the

Private IP Address Assigned to Dial in User address. Peer Network IP: Enter Peer network IP address. Netmask: Enter the subnet mask of peer network based on the Peer Network IP setting. Username: If you are a Dial-Out user (client), enter the username provided by your Host.

If you are a Dial-In user (server), enter your own username.

Password: If you are a Dial-Out user (client), enter the password provided by the your

Host. If you are a Dial-In user (server), enter your own password.

PPP Authentication Type: Default is Auto if you want the router to determine the

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Key Length: The data can be encrypted by MPPE algorithm with 40 bits or 128 bits.

Default is Auto, it is negotiated when establishing a connection. 128 bit keys provide

stronger encryption than 40 bit keys.

Mode: You may select Stateful or Stateless mode. The key will be changed every 256

packets when you select Stateful mode. If you select Stateless mode, the key will be

changed in each packet. Idle Time: Auto-disconnect the VPN connection when there is no activity on the

connection for a predetermined period of time. 0 means this connection is always on.

Click Apply after changing settings.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

IPSec

Click Create to configure a new IPSec VPN connection.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Configure a new VPN Connection

Connection Name: A user-defined name for the connection (e.g. “connection to office”).

Local:

Local Network: Set the IP address, subnet or address range of the local network.

 Single Address: The IP address of the local host.  Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with netmask

255.255.255.0 specifies one class C subnet starting from 192.168.1.1 (i.e. 192.168.1.1

through to 192.168.1.254).  IP Range: The IP address range of the local network. For example, IP: 192.168.1.1,

end IP: 192.168.1.10

Remote:

Secure Gateway Address (or hostname): The IP address or hostname of the remote

VPN device that is connected and establishes a VPN tunnel.

Network: Set the IP address, subnet or address range of the remote network.

Proposal:

Select the IPSec security method. There are two methods of checking the

authentication information, AH (authentication header) and ESP (Encapsulating Security Payload). Use ESP for greater security so that data will be encrypted and authenticated. Using AH data will be authenticated but not encrypted.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Authentication: Authentication establishes the integrity of the datagram and ensures it is

not tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA-1) or NONE. SHA-1 is more resistant to brute-force attacks than

MD5, however it is slower.

 MD5: A one-way hashing algorithm that produces a 128−bit hash.  SHA-1: A one-way hashing algorithm that produces a 160−bit hash.

Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NONE. NONE means it is a tunnel only with no encryption.

3DES and AES are more powerful but increase latency.

 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.  3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an

encryption method.

 AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption

method.

Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-

key cryptography to change encryption keys during the second phase of VPN negotiation. This function will provide better security, but extends the VPN negotiation time. DiffieHellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.

Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to

128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).

Select the Save button to save the setting.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Advanced Option

Click Advanced Option to change the following settings:

IKE Mode: Select IKE mode to Main mode or Aggressive mode.

Local ID:

 Type: Specify local ID type.  Content: Input ID’s information, like domain name

www.ipsectest.com.

Remote ID:

 Type: Specify Remote ID type.  Identifier: Input remote ID’s information, like domain name

www.ipsectest.com.

SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay

active before new encryption and authentication key will be exchanged. There are two kinds of SAs, IKE and IPSec. IKE negotiates and establishes SA on behalf of IPSec, an IKE SA is used by IKE.

Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. The range

can be from 5 to 15,000 minutes, and the default is 240 minutes.

Phase 2 (IPSec): To negotiate and establish secure authentication. The range can be from 5 to 15,000 minutes, and the default is 60 minutes.

A short SA time increases security by forcing the two parties to update the keys. However, every time the VPN tunnel re-negotiates, access through the tunnel will be temporarily

disconnected. Select the Apply button to update the settings.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

L2TP

There are two types of L2TP VPN supported, Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to configure a new VPN connection.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Remote Access L2TP Connection

Connection Name: This allows you to identify this particular connection, e.g. “Connection

to office”.

Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.

When configuring your router as a Client, enter the remote Server IP Address (or

Hostname) you wish to connection to.

When configuring your router as a server, enter the Private IP Address Assigned

to Dial in User address. Username: If you are a Dial-Out user (client), enter the username provided by your Host.

If you are a Dial-In user (server), enter your own username.

Password: If you are a Dial-Out user (client), enter the password provided by your Host.

If you are a Dial-In user (server), enter your own password.

PPP Authentication Type: Default is Auto if you want the router to determine the

Idle Time: Auto-disconnect the VPN connection when there is no activity on the

connection for a predetermined period of time. 0 means this connection is always on.

Click Apply after changing settings.

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

IPSec: Enable for enhancing your LT2P VPN security. Authentication: Authentication establishes the integrity of the datagram and ensures it is

not tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA-1) or NONE. SHA-1 is more resistant to brute-force attacks than

MD5, however it is slower.

 MD5: A one-way hashing algorithm that produces a 128−bit hash.  SHA-1: A one-way hashing algorithm that produces a 160−bit hash.

Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NONE. NONE means it is a tunnel only with no encryption.

3DES and AES are more powerful but increase latency.

 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.  3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an

encryption method.

 AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption

method.

Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-

Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to

Chapter 4: Configuration

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

LAN to LAN L2TP Connection