Billion Electric Company BiGuard 10, BiGuard 2 User Manual

Download

Page 1

BiGuard 10

iBusiness Security Gateway Small-Office

BiGuard 2

iBusiness Security Gateway Home-Office

User’s Manual

Version Release 4.00 (FW:1.05)

Page 2

BiGuard 2/10 User’s Manual

(Updated June 1, 2006)

The contents of this publication may not be reproduced in whole or in part, transcribed, stored, translated, or transmitted in any form or any means, without the prior written consent of Billion Electric Corporation.

Disclaimer

Billion does not assume any liability arising out of the application of use of any products or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. Billion reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

Mac OS is a registered trademark of Apple Computer, Inc. Windows 98, Windows NT, Windows 2000, Windows Me and Windows XP are registered trademarks of Microsoft Corporation.

Page 3

Safety Warnings

Your BiGuard 2/10 is built for reliability and long service life. For your safety, be sure to read and follow the following safety warnings.

• Read this installation guide thoroughly before attempting to set up your BiGuard 2/10.

• Your BiGuard 2/10 is a complex electronic device. DO NOT open or attempt to repair it yourself. Opening or removing the covers can expose you to high voltage and other risks. In the case of malfunction, turn off the power immediately and have it repaired at a qualified service center. Contact your vendor for details.

• Connect the power cord to the correct supply voltage.

• Carefully place connecting cables to avoid people from stepping or tripping on

them. DO NOT allow anything to rest on the power cord and DO NOT place the power cord in an area where it can be stepped on.

• DO NOT use BiGuard 2/10 in environments with high humidity or high temperatures.

• DO NOT use the same power source for BiGuard 2/10 as other equipment.

• DO NOT use your BiGuard 2/10 and any accessories outdoors.

• If you mount your BiGuard 2/10, make sure that no electrical, water or gas pipes

will be damaged during installation.

• DO NOT install or use your BiGuard 2/10 during a thunderstorm.

• DO NOT expose your BiGuard 2/10 to dampness, dust, or corrosive liquids.

• DO NOT use your BiGuar d 2/10 near water.

• Be sure to connect the cables to the correct ports.

• DO NOT obstruct the ventilation slots on your BiGuard 2/10 or expose it to direct

sunlight or other heat sources. Excessive temperatures may damage your device.

• DO NOT store anything on top of your BiGuard 2/10.

• Only connect suitable accessories to your BiGuard 2/10.

• Keep packaging out of the reach of children.

• If disposing of the device, please follow your local regulations for the safe

disposal of electronic products to protect the environment.

Page 4

Chapter 1: Introduction

1.1 Overview

1.2 Product Highlights

1.2.1 Virtual Private Network Support

1.2.2 Advanced Firewall Security

1.2.3 Intelligent Bandwidth Management

1.3 Package Contents

1.3.1 BiGuard 10

1.3.1.1 Front Panel

1.3.1.2 Rear Panel

1.3.1.3 Rack Mounting

1.3.1.4 Cabling

1.3.2 BiGuard 2

1.3.2.1 Front Panel

1.3.2.2 Rear Panel

1.3.2.3 Cabling

Chapter 2: Router Applications

2.1 Overview

2.2 Bandwidth Management with QoS

2.2.1 QoS Technology

2.2.2 QoS Policies for Different Applications

2.2.3 Guaranteed / Maximum Bandwidth

2.2.4 Policy Based Traffic Shaping

2.2.5 Priority Bandwidth Utilization

2.2.6 Management by IP or MAC address

2.2.7 DiffServ (DSCP Marking)

2.3 Virtual Private Networking

2.3.1 General VPN Setup

2.3.2 Concentrator

Page 5

Chapter 3: Getting Started

3.1 Overview

3.2 Before You Begin

3.3 Connecting Your Router

3.4 Configuring PCs for TCP/IP Networking

3.4.1 Overview

3.4.2 Windows XP

3.4.2.1 Configuring

3.4.2.2 Verifying Settings

3.4.3 Windows 2000

3.4.3.1 Configuring

3.4.3.2 Verifying Settings

3.4.4 Windows 98 / ME

3.4.4.1 Installing Components

3.4.4.2 Configuring

3.4.4.3 Verifying Settings

3.5 Factory Default Settings

3.5.1 Username and Password

3.5.2 LAN and WAN Port Addresses

3.6 Information From Your ISP

3.6.1 Protocols

3.6.2 Configuration Information

3.7 Web Configuration Interface

Page 6

Chapter 4: Router Configuration

4.1 Overview

4.2 Status

4.2.1 ARP Table

4.2.2 Routing Table

4.2.3 Session Table

4.2.4 DHCP Table

4.2.5 IPSec Status

4.2.6 PPTP Status

4.2.7 System Log

4.2.8 IPSec Log

4.3 Quick Start

4.3.1 DHCP

4.3.2 Static IP

4.3.3 PPPoE

4.3.4 PPTP

4.3.5 Big Pond

4.4 Configuration

4.4.1 LAN

4.4.1.1 Ethernet

4.4.1.2 DHCP Server

4.4.1.3 LAN Address Mapping

4.4.2 WAN

4.4.2.1 WAN

4.4.2.2 Bandwidth Settings

4.4.2.3 WAN IP Alias

4.4.3 System

4.4.3.1 Time Zone

4.4.3.2 Remote Access

4.4.3.3 Firmware Upgrade

4.4.3.4 Backup / Restore

4.4.3.5 Restart

4.4.3.6 Password

4.4.2.1.1 DHCP

4.4.2.1.2 Static IP

4.4.2.1.3 PPPoE

4.4.2.1.4 PPTP

4.4.2.1.5 Big Pond

Page 7

4.4.3.7 System Log Server

4.4.3.8 E-mail Alert

4.4.4 Firewall

4.4.4.1 Packet Filter

4.4.4.2 URL Filter

4.4.4.3 LAN MAC Filter

4.4.4.4 Block WAN Request

4.4.4.5 Intrusion Detection

4.4.5 VPN

4.4.5.1 IPSec

4.4.5.1.1 IPSec W izard

4.4.5.1.2 IPSec Policy

4.4.5.2 PPTP

4.4.6 QoS

4.4.7 Virtual Server

4.4.7.1 DMZ

4.4.7.2 Port Forwarding

4.4.8 Advanced

4.4.8.1 Static Route

4.4.8.2 Dynamic DNS

4.4.8.3 Device Management

4.4.8.4 IGMP

4.4.8.5 VLAN Bridge

4.5 Save Configuration To Flash

4.6 Logout

Chapter 5: Troubleshooting

5.1 Basic Functionality

5.1.1 Router Won’t Turn On

5.1.2 LEDs Never Turn Off

5.1.3 LAN or Internet Port Not On

5.1.4 Forgot My Password

5.2 LAN Interface

5.2.1 Can’t Access BiGuard 2/10 from the LAN

5.2.2 Can’t Ping Any PC on the LAN

5.2.3 Can’t Access Web Configuration Interface

5.2.3.1 Pop-up Windows

Page 8

5.2.3.2 Javascripts

5.2.3.3 Java Permissions

5.3 WAN Interface

5.3.1 Can’t Get WAN IP Address from the ISP

5.4 ISP Connection

5.5 Problems with Date and Time

5.6 Restoring Factory Defaults

Appendix A: Product Specifications

A.1 BiGuard 10 Product Specifications A.2 BiGuard 2 Product Specifications

Appendix B: Customer Support

Appendix C: FCC Interference Statement

Appendix D: Network, Routing, and Firewall Basics

D.1 Network Basics

D.1.1 IP Addresses

D.1.1.1 Netmask D.1.1.2 Subnet Addressing D.1.1.3 Private IP Addresses

D.1.2 Network Address Translation (NAT) D.1.3 Dynamic Host Configuration Protocol (DHCP)

D.2 Router Basics

D.2.1 What is a Router? D.2.2 Why use a Router? D.2.3 Routing Information Protocol (RIP)

D.3 Firewall Basics

D.3.1 What is a Firewall?

D.3.1.1 Stateful Packet Inspection D.3.1.2 Denial of Service (DoS) Attack

D.3.2 Why Use a Firewall?

Page 9

Appendix E: Virtual Private Networking

E.1 What is a VPN?

E.1.1 VPN Applications

E.2 What is IPSec?

E.2.1 IPSec Security Components

E.2.1.1 Authentication Header (AH) E.2.1.2 Encapsulating Security Payload (ESP) E.2.1.3 Security Associations (SA)

E.2.2 IPSec Modes E.2.3 Tunnel Mode AH E.2.4 Tunnel Mode ESP E.2.5 Internet Key Exchange (IKE)

Appendix F: IPSec Logs and Events

F.1 IPSec Log Event Categories F.2 IPSec Log Event Table

Appendix G: Bandwidth Management with QoS

G.1 Overview G.2 What is Quality of Service? G.3 How Does QoS Work? G.4 Who Needs QoS?

G.4.1 Home Users G.4.2 Office Users

Appendix H: Router Setup Examples

H.1 VPN Configuration

H.1.1 LAN to LAN H.1.2 Host to LAN

H.2 VPN Concentrator H.3 Intrusion Detection H.4 PPTP Remote Access by Windows XP H.5 PPTP Remote Access by BiGuard

Page 10

Chapter 1: Introduction

1.1 Overview

Congratulations on purchasing BiGuard 2/10 Router from Billion. Combining a router with an Ethernet network switch, BiGuard 2/10 is a state-of-the-art device that provides everything you need to get your network connected to the Internet over your Cable or DSL connection quickly and easily. The Quick Start Wizard and DHCP Server will get first-time users up and running with minimal fuss and configuration, while sophisticated Quality of Service (QoS) and traffic management features grant advanced users total control over their network and Internet connection.

This manual illustrates the many features and functions of BiGuard 2/10, and even takes you through the various ways you can apply this versatile device to your home or office. Take the time now to familiarize yourself with BiGuard 2/10.

1.2 Product Highlights

1.2.1 Virtual Private Network Support

BiGuard 2/10 supports comprehensive IPSec VPN protocols for businesses to establish private encrypted tunnels over the Internet to ensure data transmission security among multiple sites, such as a branch office or dial-up connection. Up to 2/10 simultaneous IPSec VPN connections are possible on BiGuard 2/10, with performance of up to 4/20 Mbps.

1.2.2 Advanced Firewall Security

Aside from intelligent broadband sharing, BiGuard 2/10 offers integrated firewall protection with advanced features to secure your network from outside attacks. Stateful Packet Inspection (SPI) determines if a data packet is permitted to enter the private LAN. Denial of Service (DoS) prevents hackers from interrupting network services via malicious attacks. In addition, BiGuard 2/10 firewall can be configured to alert you via email should yo ur network come under fire, offering both tight network security and peace of mind.

Page 11

1.2.3 Intelligent Bandwidth Management

BiGuard 2/10 utilizes Quality of Service (QoS) to give you full control over the priority of both incoming and outgoing data, ensuring that critical data such as customer information moves through y our network, even whil e under a heavy load. Transmission speeds can be throttled to make sure users are not saturating bandwidth required for mission-critical data transfers. Priority t ypes of upload data can also be changed, allowing BiGuard 2/10 to automatically sort out actual speeds for unmatched convenience.

1.3 Package Contents

1.3.1 BiGuard 10

BiGuard 10 iBusiness Security Gateway Small-Office Bracket x 2 (for rack-mounting) Screw x 4 (for rack-mounting) Getting Started CD-ROM Quick Start Guide AC-DC Power Adapter (12VDC, 1A)

1.3.1.1 Front Panel

LED Function

Power

Status

WAN

A solid light indicates a steady connection to a power source.

A blinking light indicates the device is writing to flash memory.

Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps.

Page 12

Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving.

LAN 1 – 8

Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving.

1.3.1.2 Rear Panel

Port Meaning

1 RESET

LAN

1X — 8X

(RJ-45 connector)

WAN

DC12V

After the device is powered on, press it to reset the device or restore to factory default settings.

0-3 seconds: The Status LED will light 6 seconds above: restore to factory default settings (this is used when you cannot login to the router. E.g. forgot the password)

Connect a UTP Ethernet cable (Cat-5 or Cat-5e) to one of the eight LAN ports when connecting to a PC or an office/home network of 10Mbps or 100Mbps.

WAN 10/100M Ethernet port (with auto crossover support); connect xDSL/Cable modem here.

Connect DC power adapter here.(DC12V Power)

Page 13

1.3.1.3 Rack Mounting

To rack mount BiGuard 10, carefully secure the device to your rack on both sides using the included brackets and screws. See the diagram b elow for a more detailed explanation.

1.3.1.4 Cabling

Most Ethernet networks currently use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in four twisted pairs, and terminated with an RJ45 type connector.

One of the most common causes of networki ng probl ems is bad cabl ing. Make s ure that all connected devices are turned on. On the front panel of BiGuard 10, verify that the LAN link and WAN li ne LEDs are lit. If they are not, check to see that you are using the proper cabling.

1.3.2 BiGuard 2

BiGuard 2 iBusiness Security Gateway Home-Office Getting Started CD-ROM Quick Start Guide Ethernet (CAT-5 LAN) Cable AC-DC Power Adapter (12VDC, 1A)

Page 14

1.3.2.1 Front Panel

LED Function

POWER

STATUS

WAN

A solid light indicates a steady connection to a power source.

A blinking light indicates the device is writing to flash memory.

LAN 1 – 8

1.3.2.2 Rear Panel

Page 15

Port Meaning

1 RESET

After the device is powered on, press it to reset the device or restore to factory default settings.

0-3 seconds: The Status LED will light 6 seconds above: restore to factory default settings (this is used when you cannot login to the router. E.g. forgot the password)

LAN

1X — 8X

(RJ-45 connector)

WAN

Connect a UTP Ethernet cable (Cat-5 or Cat-5e) to one of the eight LAN ports when connecting to a PC or an office/home network of 10Mbps or 100Mbps.

WAN 10/100M Ethernet port (with auto crossover support); connect xDSL/Cable modem here.

DC12V

Connect DC power adapter here.(DC12V Power)

1.3.2.3 Cabling

Most Ethernet networks currently use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in four twisted pairs, and terminated with an RJ45 type connector.

One of the most common causes of networking problems is bad cabling. Make sure that all connected devices are turned on. On the front panel of BiGuard 2, verify that the LAN link and WAN line LEDs are lit. If they are not, check to see that you are using the proper cabling.

Page 16

Chapter 2: Router Applications

2.1 Overview

Your BiGuard 2/10 Router is a versatile devi ce that can be configured to not only protect your network from malicious attackers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS). Alternatively, BiGuard 2/10 can also be set to handle secure connections with Virtual Private Networking (VPN).

The following chapter describes how BiGuard 2/10 can work for you.

2.2 Bandwidth Management with QoS

Quality of Service (QoS) gives you full control over which types of outgoing data traffic should be given priority by the router. By doing so, the router can ensure that latency-sensitive applications like voice, bandwidth-consuming data like gaming packets, or even mission critical files efficiently move thr ough the router even under a heavy load. You can throttle the speed at which different types of outgoing data pass through the router . In addition, you can simply change the priority of different types of upload data and let the router sort out the actual speeds.

2.2.1 QoS Technology

QoS generally involves the prioritization of network traffic. QoS is comprised of three major components: Classifier, Meter, and Scheduler. Each of these components has a distinct role in ensuring that incoming and outgoing data is managed according to user specifications.

The Classifier analyses incoming packets and marks each one according to configured parameters. The Meter communicat es the drop priority to the Scheduler and measures the temporal priorities of the output stream against configured parameters. Finally , the Scheduler schedules each packet for tr ansmission based on information from both the Classifier and the Meter.

Page 17

Scheduler

Meter

Classifier

Inbound

Outboun

2.2.2 QoS Policies for Different Applications

By setting different QoS policies according to the applications you a re runn ing, y ou can use BiGuard 2/10 to optimize the band width that is being used on your network.

Restricted PC

VoIP

Normal PCs

Page 18

As illustrated in the diagram above, applications such as Voiceover IP (VoIP) require low network latencies to function properly. If bandwidth is being used by other applications such as an FTP server, users using VoIP will experience network lag and/or service interruptions during use. To avoid this scenario, this network has assigned VoIP with a guaranteed bandwidth and higher priority to ensure smooth communications. The FTP server, on the other hand, has been given a maximum bandwidth cap to make sure that regular service to both VoIP and normal Internet applications is uninterrupted.

2.2.3 Guaranteed / Maximum Bandwidth

Setting a Guaranteed Bandwidth ensures that a particular service receives a minimum percentage of bandwidth. For ex ample, you can configure BiGuard 2/10 to reserve 10% of the ava ilable bandwidth for a pa rticular computer on the network to transfer files.

Alternatively you can set a Maximum Bandwidth to restrict a particular application to a fixed percentage of the total throughput. Setting a Max imum Bandwidth of 20% for a file sharing program will ensure that no more than 20% of the available bandwidth will be used for file sharing.

Page 19

2.2.4 P oli c y Based Traffic Shaping

Policy Based Traffic Shaping allows you to apply specific traffic policies across a range of IP addresses or ports. This is particularly useful for assigning different policies for different PCs on the network. Policy based traffic shaping lets you better manage your bandwidth, providing reliable Internet and network service to your organization.

2.2.5 Priority Bandwidth Utilization

Assigning priority to a certain service allows BiGuard 2/10 to give either a higher or lower priority to traffic from this particular service. Assigning a higher priority to an application ensures that it is processed ahead of applications with a lower priority and vice versa.

Page 20

2.2.6 Management by IP or MAC address

BiGuard 2/10 can also be configured to apply traffic policies based on a particular IP or MAC address. This allows you to quickly assign different traffic policies to a specific computer on the network.

Page 21

2.2.7 DiffServ (DSCP Marking)

DiffServ (a.k.a. DSCP Marking) allows you to classify traffic based on IP DSCP values. These markings can be used to identify traffic within the network. Other interfaces can match traffic based on the DSCP markings. DSCP markings are used to decide how packets should be treated, and is a useful tool to give precedence to varying types of data.

2.3 Virtual Private Networking

A Virtual Private Network (VPN) enables you to send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link. As such, it is perfect for connecting branch offices to headquarter across the Internet in a secure fashion.

The following section discusses Virtual Private Networking with BiGuard 2/10.

2.3.1 General VPN Setup

There are typically three different VPN scenarios. The first is a Gateway to Gateway setup, where two remote gateways communicate over the Internet via a

Page 22

secure tunnel.

The next type of VPN setup is the G ateway to Multiple G ateway setup, where one gateway (Headquarter) is communicating with multiple gateways (Branch Offices) over the Internet. As with all VPNs, data is kept secure with secure tunnels.

The final type of VPN setup is the Client to Gateway. A good example of where this can be applied is when a remote sales person accesses the corpor ate network o ver a secure VPN tunnel.

VPN provides a flexible, cost-efficient, and reliable way for companies of all sizes to stay connected. One of the most important steps in setting up a VPN is proper planning. The following sections demonstrate the various ways of usi ng BiGuard 2/10 to setup your VPN.

2.3.2 Concentrator

The VPN Concentrator provides an easy way for branch offices to connect to headquarter through a VPN tunnel. All br anch office traffic will be redirected to the VPN tunnel to headquarter with the exception of LAN-side traffic. This way, all branch offices can connect to each other t hrough headquarter via the headquarter’ firewall management. You can also configure BiGuard 2/10 to function as a VPN

Page 23

Concentrator:

Please refer to appendix H for example settings.

Local ID Type: Subnet Local subnet: 0.0.0.0 Local mask: 0.0.0.0 Remote ID Type: Subnet Remote subnet: 192.168.3.0 Remote mask: 255.255.255.0

200.200.200.1

Local ID Type: Su bnet Local subnet: 192.168.3.0 Local mask: 255.255.255.0 Remote ID Type: Subnet Remote subnet: 0.0.0.0 Remote mask: 0.0.0.0

192.168.3.x

192.168.2.x

BiGuard 2

Local ID Type: Subnet Local subnet: 0.0.0.0 Local mask: 0.0.0.0 Remote ID Type: Subnet Remote subnet: 192.168.4.0 Remote mask: 255.255.255.0

100.100.100.1

201.201.201.1

Local ID Type: Subnet Local subnet: 192.168.4.0 Local mask: 255.255.255.0 Remote ID Type: Subnet Remote subnet: 0.0.0.0 Remote mask: 0.0.0.0

BiGuard 2

192.168.4.x

Page 24

Chapter 3: Getting Started

3.1 Overview

BiGuard 2/10 is designed to be a powerful and flexible network device that is also easy to use. With an intuitive web-based configuration, BiGuard 2/10 allows you to administer your network via virtually any Java-enabled web browser and is fully compatible with Linux, Mac OS, and Windows 98/Me/NT/2000/XP operating systems.

The following chapter takes you through the very first steps to configuring your network for BiGuard 2/10. T ake a look and see how easy it is to get your network up and running.

3.2 Before You Begin

BiGuard 2/10 is a flexible and powerful networking device. To simplify the configuration process and increase the efficiency of your network, consider the following items before setting up your network for the first time:

1. Plan your network You may need a fully qualified domain name either for convenience or if you have a dynamic IP address. See Chapter 2: Router Applications for more information.

2. Set up your accounts Have access to the Internet and locate the Internet Service Provider (ISP) configuration information.

3. Determine your network management approach BiGuard 2/10 is capable of remote management. Howe ver, this feature is not active by default. If you reset the device, remote administration must be enabled again. If you decide to manage your network remotely, be sure to change the default password to something more secure.

4. Prepare to physically connect BiGuard 2/10 to Cable or DSL modems and a computer.

Page 25

Be sure to also review th e Safety Warnings located in the preface o f th is manual before working with your BiGuard 2/10.

3.3 Connecting Your Router

Connecting BiGuard 2/10 is an easy three-step process:

1. Connect BiGuard 2/10 to your LAN by connecting Ethernet cables from your networked PCs to the LAN ports on the router. Connect BiGuard 2/10 to your broadband Internet connection via router’s WAN port.

2. Plug BiGuard 2/10 to an AC outlet with the included AC Power Adapter.

3. Ensure that the Power and WAN LEDs are solidly lit, and that on any LAN port that has an Ethernet cable plugged in the LED is also solidly lit. The Status LED will remain solid as the device boots. Once the boot sequence is complete, the LED will shut off, indicating that BiGuard 2/10 is ready.

If the router does not power on, please refer to Chapter 5: Troubleshooting for possible solutions.

Page 26

3.4 Configuring PCs for TCP/IP Networking

Now that your BiGuard 2/10 is connected properly to your network, it’s time to configure your networked PCs for TCP/IP networking.

In order for your networked PCs to communicate with your router, they must have the following characteristics:

1. Have a properly installed and functioning Ethernet Network Interface Card (NIC).

2. Be connected to BiGuard 2/10, either directly or through an external repeater hub via an Ethernet cable.

3. Have TCP/IP installed and configured with an IP address.

The IP address for each PC may be a fixed IP address or one that is obtained from a DHCP server. If using a fixed IP address, it is important to remember that it must be in the same subnet as the router. The default IP address of BiGuard 2/10 is

192.168.1.254 with a subnet mask of 255.255.255.0. Using the default configuration, networked PCs must reside in the same subnet, and have an IP address in the range of 192.168.1.1 to 192.168.1.253. However, you’ll find that the quickest and easiest way to configure the IP addresses for your PCs is to obtain the IP addresses automatically by using the router as a DHCP server.

If you are unable to access the web configuration interface, check to se e if you have any software-based firewalls installed on your PCs, as they can cause problems accessing the 192.168.1.254 IP address of BiGuard 2/10.

The following sections outline how to set up your PCs for TCP/IP networking. Refer to the applicable section for your PC’s operating system.

3.4.1 Overview

Before you begin, make sure that the TCP/IP protocol and a functioning Ethernet network adapter is installed on each of your PCs.

The following operating systems already include the necessary software components you need to install TCP/IP on your PCs:

- Windows 95/98/Me/NT/2000/XP

Page 27

- Mac OS 7 and later

- All versions of UNIX/Linux

If you are using Windows 3.1, you must purchase a third-party TCP/IP application package.

Any TCP/IP capable workstation can be used to communicate with or through the BiGuard 2/10. To configure other types of workstations, please consult the manufacturer’s documentation.

3.4.2 Windows XP

3.4.2.1 Configuring

1. Select Start > Settings > Network Connections.

2. In the Network Connections window, right-click Local Area Connection and select Properties.

Page 28

3. Select Internet Protocol (TCP/IP) and click Properties.

4a. To have your PC obtain an IP address automatically, select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons.

Page 29

4b. T o manually assign your PC a fix ed IP address, select the Use the following I P address radio button and enter your desired IP address, subnet mask, and de fault

gateway in the blanks provided. Remember that your PC must reside in the same subnet mask as the router . T o designate a DNS se rver , select the Use the following DNS server and fill in the preferred DNS address.

5. Click OK to finish the configuration.

Page 30

3.4.2.2 Verifying Settings

To verify your settings using a command prompt:

1. Click Start > Programs > Accessories > Command Prompt.

2. In the Command Prompt window, type ipconfig and then press ENTER.

If you are using BiGuard 2/10’s default settings, your PC should have:

- An IP address between 192.168.1.1 and 192.168.1.253

- A subnet mask of 255.255.255.0

Page 31

To verify your settings using the Windows XP GUI:

1. Click Start > Settings > Network Connections.

2. Right click one of the network connections listed and select Status from the pop-up menu.

Page 32

3. Click the Support tab.

If you are using BiGuard 2/10’s default settings, your PC should:

- Have an IP address between 192.168.1.1 and 192.168.1.253

- Have a subnet mask of 255.255.255.0

Page 33

3.4.3 Windows 2000

3.4.3.1 Configuring

1. Select Start > Settings > Control Panel.

2. In the Control Panel window, double-click Network and Dial-up Connections.

Page 34

3. In Network and Dial-up Connections, double-click Local Area Connection.

4. In the Local Area Connection window, click Properties.

Page 35

5. Select Internet Protocol (TCP/IP) and click Properties.

6a. To have your PC obtain an IP address automatically, select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons.

Page 36

6b. T o manually assign your PC a fix ed IP address, select the Use the following IP address radio button and enter your desired IP address, subnet mask, and de fault

7. Click OK to finish the configuration.

3.4.3.2 Verifying Settings

1. Click Start > Programs > Accessories > Command Prompt.

Page 37

2. In the Command Prompt window, type ipconfig and then press ENTER.

If you are using BiGuard 2/10’s default settings, your PC should have:

- An IP address between 192.168.1.1 and 192.168.1.253

- A subnet mask of 255.255.255.0

3.4.4 Windows 98 / Me

3.4.4.1 Installing Components

To prepare Windows 98/Me PCs for TCP/IP networking, you may need to manually install TCP/IP on each PC. To do this, follow the steps below. Be sure to have your Windows CD handy, as you may need to insert it during the installation process.

Page 38

1. On the Windows taskbar, select Start > Settings > Control Panel.

2. Double-click the Network icon. The Network window displays a list of installed components.

Page 39

You must have the following installed:

- An Ethernet adapter

- TCP/IP protocol

- Client for Microsoft Networks

If you need to install a new Ethernet adapter, follow these steps:

a. Click Add.

Page 40

b. Select Adapter, then Add.

c. Select the manufacturer and model of your Ethernet adapter, then click OK.

If you need TCP/IP: a. Click Add.

Page 41

b. Select Protocol, then click Add.

c. Select Microsoft. Æ TCP/IP, then OK.

If you need Client for Microsoft Networks: a. Click Add.

Page 42

b. Select Client, then click Add.

c. Select Microsoft. Æ Client for Microsoft Networks, and then click OK.

3. Restart your PC to apply your changes.

3.4.4.2 Configuring

1. Select Start > Settings > Control Panel.

Page 43

2. In the Control Panel, double-click Network and choose the Configuration tab.

Page 44

3. Select the name of your PC’s TCP/IP Network Interface Card (NIC) and click Properties. TCP/IP > ASUSTeK is illustrated in the example below.

4. Select the IP Address tab and click the Obtain an IP address automat ically radio button.

Page 45

5. Select the DNS Configuration tab and select the Disable DNS radio button.

6. Click OK to apply the configuration.

Page 46

3.4.4.3 Verifying Settings

To check the TCP/IP configuration, use the winipcfg.exe utility:

1. Select Start > Run.

2. Type winipcfg, and then click OK.

Page 47

3. From the drop-down box, select your Ethernet adapter.

The window is updated to show your settings. Using the default BiGuard 2/10 settings, your PC should have:

- An IP address between 192.168.1.1 and 192.168.1.253

- A subnet mask of 255.255.255.0

- A default gateway of 192.168.1.254

3.5 Factory Default Settings

Before configuring your BiGuard 2/10, you need to know the following default settings:

Web Interface: Username: admin Password: admin

LAN Device IP Settings:

Page 48

IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0

ISP setting in WAN site: Obtain an IP Address automatically (DHCP Client)

DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.168.1.199

3.5.1 U sername and Password

The default user name and password are "admin" and "admin" respectively. If you ever forget your user name and/or password, you can restore your BiGuard 2/10 to its factory settings by holding the Reset button on the back of your router until the Status LED begins to blink. Please note that doing this will also erase any previous router settings that you have made. The Status LED will remain solid as the device boots. Once the boot sequence is complete, the LED will shut off, indicating that BiGuard 2/10 is ready.

3.5.2 LAN and WAN Port Addresses

The default values for LAN and WAN ports are shown below:

IP address

Subnet Mask

DHCP server function

IP addresses for distribution to PCs

LAN Port WAN Port

192.168.1.254

255.255.255.0 The DHCP Client is enabled to

Enabled

automatically get the WAN port configuration from the ISP.

100 IP addresses continuing from 192.168.1.100 through

192.168.1.199

Page 49

3.6 Information From Your ISP

3.6.1 Protocols

Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP, Static IP, PPP oE, or PPTP. The following table outlines each of these protocols:

Configure this WAN interface to use DHCP client protocol to get an IP

DHCP

address from your ISP automatically. Your ISP provides an IP address to the router dynamically when logging in.

Static IP

Configure this WAN interface with a specific IP address. This IP address should be provided by your ISP.

PPPoE (PPP over Ethernet) is known as a dial-up DSL or cable service. It

PPPoE

is designed to integrate the broadband services into the current widely deployed, easy-to-use, and low-cost dial-up-access networking infrastructure.

PPTP

If your ISP provides a PPTP connection, you can use the PPTP protocol to establish a connection to your ISP.

Big Pond

If your account uses PPP over Ethernet (PPPoE), you will need to enter your login name and password when configuring your BiGuard 2/10. After the network and firewall are configured, BiGuard 2/10 will login automatically , and you will no longer need to run the login program from your PC.

3.6.2 Configuration Information

If your ISP does not dynamically assign configuration information but instead uses fixed configurations, you will need the following basic information from your ISP:

- An IP address and subnet mask

- A gateway IP address

- One or more domain name server (DNS) IP addresses

The Big Pond login for Telstra cable in Australia.

Page 50

Depending on your ISP, a host name and domain suffix may also be provided. If any of these items are dynamically supplied by the ISP, your BiGuard 2/10 will automatically acquire them.

If an ISP technician configured your computer or if you configured it using instructions provided by your ISP, you need to copy the configuration information from your PC’s Network TCP/IP Properties window before reconfiguring your computer for use with BiGuard 2/10. The following sections describe how you can obtain this information.

This section uses illustrations from Windows XP. However, other versions of Windows will follow a similar procedure. Have your Windows CD handy, as it may be required during the configuration process.

1. Select Start > Settings > Control Panel.

2. Double-click the Network icon.

Page 51

3. In the Network Connections window, right-click Local Area Connection and select Properties.

4. Select Internet Protocol (TCP/IP) and click Properties.

Page 52

5. If an IP address, subnet mask and a Default gateway are shown, write down the information. If no address is present, your account’s IP address is dynamically assigned. Click the Obtain an IP address automatically radio button.

6. If any DNS server addresses are shown, write them down. Click the Obtain DNS server address automatically radio button.

Page 53

7. Click OK to save your changes.

3.7 Web Configuration Interface

BiGuard 2/10 includes a Web Configuration Interface for easy administration via virtually any browser on your network. To access this interface, open your web browser, enter the IP address of your router , which by defaul t is 192.168.1.254, and click Go. A user name and password window prompt will appear. Enter your user name and password (the default user name and password are "admin" and "admin") to access the Web Configuration Interface.

Page 54

If the Web Configuration Interface appears, congratulations! You are now ready to configure your BiGuard 2/10. If you are having trouble accessing the interface, please refer to Chapter 5: Troubleshooting for possible resolutions.

Page 55

Chapter 4: Router Configuration

4.1 Overview

The Web Configur ation Interface make s it easy for you to manage y our network via any PC connected to it. On the Web Configuration homepage, you will see the navigation pane located on the left hand side. From it, you will be able to select various options used to configure your router.

1. Click Apply if you would like to apply the settings on the current screen to the device. The settings will be effective immediately, however the confi g uration is not saved yet and the settings will be erased if you power off or restart the device.

2. Click SAVE CONFIG to save the current settings permanently to the device.

3. Click RESTART to restart the device. There are two options to restart the device.

- Select Current Settings if would like to restart using the current con figuration.

- Select Factory Default Settings if you would like to restart using the factory default configuration.

4. To exit the router’s web interface, click LOGOUT. Please ensure that you have saved your configuration settings before you logout. Be aware that the router is

Page 56

restricted to only one PC accessing the web configuration interface at a t ime. O nce a PC has logged into the web interface, other PCs cannot gain access until the current PC has logged out. If the previous PC forgets to logout, the second PC can access the page after a user-defined period (5 minutes by default).

The following sections will show you how to configure your router using the Web Configuration Interface.

4.2 Status

The Status menu displays the various options that have been selected and a number of statistics about your BiGuard 2/10. In this menu, you will find the following sections:

- ARP Table

- Routing Table

- Session Table

- DHCP Table

- IPSec Status

- PPTP Status

- System Log

- IPSec Log

4.2.1 ARP Table

The Address Resolution Protocol (ARP) Table shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is a quick way to determine the MAC

Page 57

address of your PC’s network interface to use with the router’s Firewall – MAC Address Filter function. See the Firewall section of this chapter for more information on this feature.

No.: Number of the list. IP Address: A list of IP addresses of devices on your LAN. MAC Address: The Media Access Control (MAC) addresses for each device on your LAN. Interface: The interface name (on the router) that this IP address connects to. Static: Static status of the ARP table entry.

NO indicates dynamically-generated ARP table entries. YES indicates static ARP table entries added by the user.

4.2.2 Routing Table

The Routing Table displays the current path for transmitted packets. Both static and dynamic routes are displayed.

Page 58

No.: Number of the list. Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route.

4.2.3 Session Table

The NAT Session Table displays a list of current sessions for both incoming and outgoing traffic with protocol type, source IP, source port, destination IP and destination port, each page shows 10 sessions.

No.: Number of the list. Protocol: Protocol type of the Session. From IP: Source IP of the session. From port: source port of the session. To IP: Destination IP of the session. To port: Destination port of the session.

Sessions:

Filter: when the presented field is filled, please click Filter button. From IP: please input the source IP you would like to filter. From port: please input the source port you would like to filter. To IP: please input the destination IP you would like to filter. To port: please input the destination port you would like to filter. First: To the first page. Previous: To the previous page. Next: To the next page.

Page 59

Last: To the last page. Jump to the session: please input the session number you would like to see and press “GO”

4.2.4 DHCP Table

The DHCP Table displays a list of IP addresses that have been assigned to PCs on your network via Dynamic Host Configuration Protocol (DHCP).

No.: Number of the list. IP Address: A list of IP addresses of devices on your LAN. Device Name: The host name (computer name) of the client. MAC Address: The MAC address of client.

4.2.5 IPSec Status

The IPSec Status window displays the status of the IPSec T unne ls that are currently configured on your BiGuard 2/10.

Name: The name you assigned to the particular IPSec entry.

Page 60

Enable: Whether the IPSec connection is currently Enable or Disable. Status: Whether the IPSec is Active, Inactive or Disable. Local Subnet: The local IP address or subnet used. Remote Subnet: The subnet of the remote site. Remote Gateway: The remote gateway IP address. SA: The Security Association for this IPSec entry. Action: Manually connect or drop the tunnel.

4.2.6 PPTP Status

The PPTP Status window displays the status of the PPTP Tunnels that are currently configured on your BiGuard 2/10.

Name: The name you assigned to the particular PPTP entry. Enable: Whether the PPTP connection is currently Enable or Disable. Status: Whether the PPTP is Active, Inactive or Disable. Type: Whether the Connection type is Remote Access or LAN to LAN Peer Network: The Remote subnet for LAN to LAN as connection type. Connect by: The remote address when connected. Action: Manually drop the tunnel.

4.2.7 System Log

This window displays BiGuard 2/10’s System Log entries. Major events are logged on this window.

Page 61

Refresh: Refresh the System Log.

Clear Log: Clear the System Log.

Send Log: Send the System Log to your email account. You can set the email

address in Configuration > System > Email Alert. See the Email Alert section

for more details.

Save Log: Save the System log to a text file.

4.2.8 IPSec Log

This page displays the router’s IPSec Log entries. Major events are logged to this

window.

Refresh: Refresh the IPSec Log.

Clear Log: Clear the IPSec Log.

Send Log: Send IPSec Log to your email account. You can set the email address in

Configuration > System > Email Alert. See the Email Alert section for more

Page 62

details.

Save Log: Save the IPSec log to a text file.

Please refer to Appendix F: IPSec Log Events for more information on log events.

4.3 Quick Start

The Quick Start menu allows you to quickly configure your network for Internet

access using the most basic settings.

Connection Method: Select your router’s connection to the Internet. Selections

include Obtain an IP Address Automatically, Static IP Settings, PPPoE

Settings, PPTP Settings, and Big Pond Settings.

4.3.1 DHCP

The following is information regarding your ISP that you will need to enter in order

to properly configure your Internet connection. If you select to Obtain an IP Address Automatically, these will be automatically set for you, provided that your

ISP dynamically assigns an IP address.

4.3.2 Static IP

Page 63

IP assigned by your ISP: Enter the assigned IP address from your IP.

IP Subnet Mask: Enter your IP subnet mask.

ISP Gateway Address: Enter your ISP gateway address.

Primary DNS: Enter your primary DNS.

Secondary DNS: Enter your secondary DNS.

Click Apply to save your changes. To reset to defaults, click Reset.

4.3.3 PPPoE

Username: Enter your user name.

Password: Enter your password.

Retype Password: Retype your password.

Connection: Select whether the connection should Always Connect or Trigger on Demand. If you want the router to establish a PPPoE session when starting up and

to automatically re-establish the PPPoE session when disconnected by the ISP,

select Always Connect. If you want to establish a PPPoE session only when there

is a packet requesting access to the Internet (i.e. when a program on your computer

attempts to access the Internet), select Trigger on Demand .

Idle Time: Auto-disconnect the router when there is no activity on the line for a

predetermined period of time. Select the idle t ime from the dr o p d own menu. Acti v e

if Trigger on Demand is selected.

Click Apply to save your changes. To reset to defaults, click Reset.

Page 64

4.3.4 PPTP

Username: Enter your user name.

Password: Enter your password.

Retype Password: Retype your password.

PPTP Client IP: Enter the PPTP Client IP provided by your ISP.

PPTP Client IP Netmask: Enter the PPTP Client IP Netmask provided by your ISP.

PPTP Client IP Gateway: Enter the PPTP Client IP Gateway provided by your ISP.

PPTP Server IP: Enter the PPTP Server IP provided by your ISP.

Connection: Select whether the connection should Always Connect or Trigger on Demand. If you want the router to establish a PPTP session when starting up and to automatically re-establish the PPTP session when disconnected by the ISP, select Always Connect. If you want to establish a PPTP session only when there is a

packet requesting access to the Internet (i.e. when a program on your computer

attempts to access the Internet), select Trigger on Demand .

Idle Time: Auto-disconnect the router when there is no activity on the line for a

predetermined period of time. Select the idle t ime from the dr o p d own menu. Acti v e

if Trigger on Demand is selected.

Click Apply to save your changes. To reset to defaults, click Reset.

4.3.5 Big Pond

Page 65

Username: Enter your user name.

Password: Enter your password.

Retype Password: Retype your password.

Click Apply to save your changes. To reset to defaults, click Reset.

For detailed instructions on configuring WAN settings, please refer to the WAN

section of this chapter.

4.4 Configuration

The Configuration m e n u allo w s you to s e t many of t h e operat i n g param e t ers o f t he

BiGuard 2/10. In this menu, you will find the following sections:

- LAN

- WAN

- System

- Firewall

- VPN

- QoS

- Virtual Server

- Advanced

These items are described below in the following sections.

Page 66

4.4.1 LAN

There are two items within this section: Ethernet ,DHCP Server and LAN Address Mapping.

4.4.1.1 Ethernet

IP Address: Enter the internal LAN IP address for BiGuard 2/10 (192.168.1.254 by

default).

Subnet Mask: Enter the subnet mask (255.255.255.0 by default).

RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP.

4.4.1.2 DHCP Server

In this menu, you can disable or enable the Dynamic Host Configuration Protocol

(DHCP) server. The DHCP protocol allows your BiGuard 2/10 to dynamically assign

IP addresses to PCs on your network if they are configured to automatically obtain

IP addresses.

Page 67

To disable the router’s DHCP Server, select the Disable radio button, and then click Apply. When the DHCP Server is disabled, you will need to manually assign a fixed

IP address to each PC on your network, and set the default gateway for each PC to

the IP address of the router (192.168.1.254 by default).

To configure the router’s DHCP Server, select the Enable radio button, and then

configure parameters of the DHCP Server including the IP Pool (starting IP address

and ending IP address to be allocated to the PCs on your network), DNS Server,

WINS Server, and Domain Name. These details are sent to each DHCP client when

they request an IP address from the DHCP server. Click Apply to enable this

function.

Fixed Host allows specific computer/network clients to have a reserved IP address.

IP Address: Enter the IP address that you want to reserve for the above MAC

address.

MAC Address: Enter the MAC address of the PC or server you wish to be assigned a

Page 68

reserved IP.

Candidates: You can also select the Candidates which are referred from the ARP

table for automatic input.

Click the Apply button to add the configuration into the Host Table. Press the

Delete button to delete a configuration from the Host Table.

4.4.1.3 LAN Address Mapping

LAN Address Mapping is a function that can support multiple subnet and also

multiple NAT, you can specify a subnet and LAN Gateway IP Address and select

associated WAN IP Address specified in WAN IP Alias in Configuration -> WAN ->

WAN IP Alias.

Please click Create to create a LAN Address Mapping rule.

Page 69

Name: Please input the name of the rule.

IP Address: Please input the LAN Gateway IP Address you would like to use.

Netmask: Please input the Netmask you would like to use.

WAN IP Address: Please click Candidates to select the WAN IP address you would

like to use from WAN Alias list.

Click the Apply button to add the configuration into the LAN Address Mapping.

4.4.2 WAN

WAN refers to your Wide Area Network connection. In most cases, this means your

router’s connection to the Internet through your ISP. There are three items within

this section:

Page 70

4.4.2.1 WAN

Connection Method: Select how your router will connect to the Internet. Selections

include Obtain an IP Address Automatically, Static IP Settings, PPPoE Settings, PPTP Settings, and Big Pond Settings. For each WAN port, the factory

default is DHCP. If your ISP does not use DHCP, select the correct connection

method and configure the connection accordingly. Configurable items will vary

depending on the connection method selected.

4.4.2.1.1 DHCP

Host Name: Some ISPs authenticate logins using this field.

MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the

checkbox and enter your MAC address in the blanks below.

Candidates: You can also select the MAC address from the list in the Candidates.

DNS: If your ISP requires you to manually setup DNS settings, check the checkbox

and enter your primary and secondary DNS.

Page 71

RIP: To activate RIP, select Send, Receive, or Both from the drop down menu. To disable RIP, select Disable from the drop down menu.

MTU: Enter the Maximum Transmission Unit (MTU) for your network.

Click Apply to save your changes. To reset to defaults, click Reset.

4.4.2.1.2 Static IP

IP assigned by your ISP: Enter the static IP assigned by your ISP.

IP Subnet Mask: Enter the IP subnet mask provided by your ISP.

ISP Gateway Address: Enter the ISP gateway address provided by your ISP.

MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the

checkbox and enter your MAC address in the blanks below.

Candidates: You can also select the MAC address from the list in the Candidates.

Primary DNS: Enter the primary DNS provided by your ISP.

Secondary DNS: Enter the secondary DNS provided by your ISP.

RIP: To activate RIP, select Send, Receive, or Both from the drop down menu. To disable RIP, select Disable from the drop down menu.

MTU: Enter the Maximum Transmission Unit (MTU) for your network.

Click Apply to save your changes. To reset to defaults, click Reset.

Page 72

4.4.2.1.3 PPPoE

Username: Enter your user name.

Password: Enter your password.

Retype Password: Retype your password.

Connection: Select whether the connection should Always Connect or Trigger on Demand. If you want the router to establish a PPPoE session when starting up and

to automatically re-establish the PPPoE session when disconnected by the ISP,

select Always Connect. If you want to establish a PPPoE session only when there

is a packet requesting access to the Internet (i.e. when a program on your computer

attempts to access the Internet), select Trigger on Demand .

Idle Time: Auto-disconnect the router when there is no activity on the line for a

predetermined period of time. Select the idle t ime from the dr o p d own menu. Acti v e

if Trigger on Demand is selected.

IP Assigned by your ISP: If your IP is dynamically assigned by your ISP, select the

Dynamic radio button. If your IP assigns a static IP address, select the Static radio

button, and input your IP address in the blank provided.

MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the

checkbox and enter your MAC address in the blanks below.

Candidates: You can also select the MAC address from the list in the Candidates.

DNS: If your ISP requires you to manually setup DNS settings, check the checkbox

and enter your primary and secondary DNS.

RIP: To activate RIP, select Send, Receive, or Both from the drop down menu. To disable RIP, select Disable from the drop down menu.

Page 73