Multitech RF600VPN, RF660VPN, RF760 VPN User Guide

RF760VPN RF660VPN RF600VPN

VPN Tunnel Configured for Manual Mode Examples

IP Sec Pass-Through in Manual Mode Examples

Reference Guide

RF760VPN / RF660VPN / RF600VPN

Tunnel Examples in Manual Mode

Copyright © 2003-2005 This publication may not be reproduced, in whole or in part, without prior expressed written permission from MultiTech Systems, Inc. All rights reserved. Multi-Tech Systems, Inc. makes no representations or warranty with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.

Reference Guide Number: S000308D

Revision Date Description

A 07/02/03 Initial release B 08/19/03 Added RF560VPN C 03/19/04 Changed to document the RF760VPN/RF660VPN/RF600VPN only D 11/17/04 & 01/25/05 Changes for software 3.20 and 3.21

The examples on the following pages illustrate:

1. RF760VPN / RF660VPN / RF600VPN connected to another RF760VPN / RF660VPN / RF600VPN

through a VPN tunnel configured for Manual Mode.

2. RF760VPN / RF660VPN / RF600VPN, behind a NAT box, doing IPSec Pass-Through in Manual Mode

to another RF760VPN / RF660VPN / RF600VPN.

The RouteFinder software is pre-installed on the RF760VPN, RF660VPN, and RF600VPN RouteFinders. The RouteFinders use the same software, version 3.21. Initial configuration is required in order for you to run the RouteFinder

The browser-based interface eases VPN configuration and management. The VPN functionality is based on IPSec and PPTP protocols and uses 168-bit Triple DES encryption to ensure that your information remains private.

IMPORTANT: Caution: Use a safe Password! Your first name spelled backwards is not a sufficiently safe password; a password

such as xfT35$4 is better.

software and begin operation.

Multi-Tech Systems, Inc. RF760/660/600VPN Tunnel Examples Reference Guide (S000308D) 2

Example 1 – Overview

Example 1

This example provides a sample RouteFinder configuration and related address scheme for an application employing LAN-to-LAN VPN communication. It shows how to configure an RF660VPN at Site A and an RF660VPN at Site B so that Site A and Site B communicate through a secure connection over the Internet using a VPN tunnel in Manual Mode. This example assumes both VPN gateways have fixed IP addresses.

RF760VPN, RF660VPN or RF600VPN LAN-to-LAN Configuration Diagram:

Multi-Tech Systems, Inc. RF760/660/600VPN Tunnel Examples Reference Guide (S000308D) 3

Example 1 – LAN-to-LAN Configuration Chart

Site A - Static IP Addresses (Input These Parameters

For the RF660VPN in the Home Office).

Site B - Static IP Addresses (Input These Parameters

For the RF660VPN in the Branch Office).

Example 1 – Site A

1. Domain name = site-A.com

2. Public Class C = 204.26.122.x

3. Networks & Services > Networks LAN: 192.168.2.0 – 255.255.255.0 RemoteLAN: 192.168.10.0 – 255.255.255.0 RemoteWAN_IP: 204.26.122.3 – 255.255.255.255

. Network Setup > Interface Default gateway = 204.26.122.1 Host name = RF660VPN.site-A.com Eth0 = LAN, 192,168.2.1, 255.255.255.0 Eth1 = WAN, 204.26.122.103, 255.255.255.0 Eth2 = DMZ (don’t care)

5. Packet Filters > Packet Filter Rules LAN – Any – Any – Accept RemoteLAN – Any – Any – Accept

6. VPN > IPSec Check and Save VPN Status Add a Manual connection:

Connection name = SiteA Authentication Method = ESP3-DES(MD5-96) SPI Base = 0x201 ESP Encryption Key (must be the same at both sites) Authentication Key (must be the same at both sites) Local WAN IP = WAN Local LAN = LAN Remote Gateway IP = RemoteWAN_IP Remote LAN = RemoteLAN

For LAN-to-LAN connectivity, the RouteFinders utilize the IPSec protocol to provide up to 100 tunnels with strong 168-bit 3DES encryption using IKE and PSK key management.

In addition, they provide very high performance up to 50Mbps of 3DES encryption throughput.

1. Domain name = site-B.com

2. Public Class C = 204.26.122.x . Networks & Services > Networks

LAN: 192.168.10.0 – 255.255.255.0 RemoteLAN: 192.168.2.0 – 255.255.255.0 RemoteWAN_IP: 204.26.122.103 – 255.255.255.255

. Network Setup > Interface

Default gateway = 204.26.122.1 Host name = RF660VPN.site-B.com Eth0 = LAN, 192.168.10.1, 255.255.255.0 Eth1 = WAN, 204.26.122.3, 255.255.255.0 Eth2 = DMZ (don’t care)

. Packet Filters > Packet Filter Rules

LAN – Any – Any – Accept RemoteLAN – Any – Any – Accept

6. VPN > IPSec

Check and Save VPN Status Add a Manual connection:

Connection name = SiteB Authentication Method = ESP3-DES(MD5-96) SPI Base = 0x201 ESP Encryption Key (must be the same at both sites) Authentication Key (must be the same at both sites) Local WAN IP = WAN Local LAN = LAN Remote Gateway IP = RemoteWAN_IP

Remote LAN = RemoteLAN

Multi-Tech Systems, Inc. RF760/660/600VPN Tunnel Examples Reference Guide (S000308D) 4

Example 1 – Site A

Example 1 –Address Table

Enter the configuration information (e.g., the Default Gateway and other IP addresses used) into the appropriate field of the Address Table below. Please print this page and use it to fill in your specific RouteFinder information and keep for future reference. (Example information below is shown to match with the diagram pictured above.)

Network Port connected to the internal network (LAN on eth0) Site A.

Network Port connected to the external network (WAN on eth1) Site A

Network Port connected to the internal network (LAN on eth0) Site B

Network Port connected to the external network (WAN on eth1) Site B

LAN-to-LAN Application – Site A: LAN-to-LAN Application – Site B:

1. Domain name = __________

2. Public Class C = ___.___.___.X

3. Networks & Services > Networks LAN: ___.___.___.0, 255.255.255.0 RemoteLAN: ___.___.___.0, 255.255.255.0 RemoteWAN_IP: ___.___.___.___, 255.255.255.255

4. Network Setup > Interfaces Default gateway = ___.___.___.___ Host name = _____________ Eth0 = LAN, ___.___.___.___, 255.255.255.0 Eth1 = WAN, ___.___.___.___, 255.255.255.___ Eth2 = DMZ (don’t care)

IP Address Net Mask Default Gateway

___.___._._

192.168.2.1

___.__.___.___

204.26.122.103

___.___.__._

192.168.10.1

___.__.___._

205.26.122.3

1. Domain name = __________

2. Public Class C = ___.___.___.X

3. Networks & Services > Networks LAN: ___.___.___.0, 255.255.255.0 RemoteLAN: ___.___.___.0, 255.255.255.0

RemoteWAN_IP: ___.___.___.___, 255.255.255.255

4. Network Setup > Interfaces Default gateway = ___.___.___.___ Host name = _____________ Eth0 = LAN, ___.___.___.___, 255.255.255.0 Eth1 = WAN, ___.___.___.___, 255.255.255.___

Eth2 = DMZ (don’t care)

___ ___.___._

255.255.255.0

___.___.___._

255.255.255.0

___.___.___._

255.255.255.0

___.___.___._

255.255.255.0

___.__.___._

204.26.122.1

___.__.___._

204.26.122.1

Multi-Tech Systems, Inc. RF760/660/600VPN Tunnel Examples Reference Guide (S000308D) 5

Example 1 – Site A

Example 1 Site A Configuration

1. Connect a workstation to the RF660VPN’s LAN port via Ethernet for Site A. In this example, the RouteFinder will

be referenced as RF660VPN, but the RF760VPN and RF600VPN can be configured in the same way.

2. Set the workstation IP address to 192.168.2.100 subnet.

3. Turn on power to the RF660VPN RouteFinder and wait until you hear 5 beeps.

4. Bring up your Web browser on the workstation. At the Web browser’s address line, type the default Gateway

address of https://192.168.2.1 and press the Enter key. In some environments, one or more Security Alert screen(s) display.

Note: Make sure your PC’s IP address is in the same network as the router’s IP Address. WINIPCFG and

IPCONFIG are tools for finding a computer’s default gateway and MAC address. In Windows 98/ME you can type WINIPCFG. In Windows 2000/NT, you can type IPCONFIG.

At the initial Security Alert screen, click Yes and follow any additional on-screen prompts. (This step is eliminated when you have generated a CA certificate at Administration > Site Certificate)

5. The Login screen is displayed. Type the default User name of admin (all lower-case), tab to the Password

entry and type the default Password of admin (all lower-case), and click on Login. The User and Password entries are case-sensitive (both must be all lower-case). The password can be up to 12 characters. You will want to change User and Password entries from the default (admin) to something else. (If Windows displays the AutoComplete screen, for security reasons, you may want to click No to tell the Windows OS to not remember the Password.)

Multi-Tech Systems, Inc. RF760/660/600VPN Tunnel Examples Reference Guide (S000308D) 6

+ 12 hidden pages

Multitech RF600VPN, RF660VPN, RF760 VPN User Guide

Specifications and Main Features

Frequently Asked Questions

User Manual