Multi-Tech RouteFinder RF550VPN, RouteFinder RF560VPN Reference Manual

RF550VPN and RF560VPN

FQDN & DDNS Examples

Reference Guide

Multi-Tech Systems, Inc.

How-To: RF550VPN/RF560VPN FQDN & DDNS

Examples

Copyright © 2003

This publication may not be reproduced, in whole or in part, without prior expressed written permission
from Multi-Tech Systems, Inc. All rights reserved. Multi-Tech Systems, Inc. makes no representations or
warranty with respect to the contents hereof and specifically disclaims any implied warranties of
merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the
right to revise this publication and to make changes from time to time in the content hereof without
obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.

Product Number: S000313B

Revision Date Description

A 05/19/03 Initial release
B 08/06/03 Add RF560VPN.

Example 1: Explains how to setup and use Dynamic DNS on the RF550VPN/RF560VPN.

Example 2: A LAN-to-LAN VPN configuration between Two RF550VPN/RF560VPNs. One at Site A and

one at Site B. Both RouteFinders use Fully Qualified Domain Names (FQDN) and dynamic
DNS at each WAN port gateway to create the tunnel. Two versions of this example are
explained by setting the secure association to IKE or Manual mode.

The RouteFinder software is pre-installed on the RF550VPN/RF560VPN RouteFinder. Initial
configuration is required in order for you to run the RouteFinder
browser-based interface eases VPN configuration and management. The VPN functionality is based on
IPSec and PPTP protocols and uses 168-bit Triple DES encryption to ensure that your information
remains private. This example uses firmware version 4.64 on the RF550VPN/RF560VPNs.

Caution: Use a safe Password! Your first name spelled backwards is not a sufficiently safe password; a

password such as

xfT35$4 is better.

software and begin operation. The

RF550VPN/RF560VPN Reference Guide – FQDN and DDNS Examples 2

Multi-Tech Systems, Inc.

Example 1

Dynamic DNS

This example explains how to setup and use Dynamic DNS on the RF550VPN/RF560VPN. DNS
(Domain Name Service) is the “middleman” that translates domain names such as multitech.com or
yahoo.com into numbers. The Dynamic DNS service allows you to alias a dynamic IP address to a static
host name such as
service.

In order to use this Dynamic DNS Settings option, you must sign up with a DNS service provider like

www.dyndns.org or www.orgdns.org

account created at dyndns.org for this example is jmeyerdns. The Dynamic DNS created is

jcmeyer.dyndns.org with an IP address of 204.26.122.103 (RF550VPN/RF560VPN WAN port). No

Wildcards or Backup MX was specified.

1.

To setup the RF550VPN/RF560VPN to support a Dynamic DNS, click the Dynamic DNS Settings

button on the left side of the Advanced Settings screen.

Place a check in the box for Use a dynamic DNS service.

2.

3.

Enter the name of your organization with the new DNS indicator. (Ex: members.dyndns.org)

yourname.dyndns.org or any other name in one of many domains offered by the

. This example will use dyndns.org as the service provider. The

4.

Enter the name of the Host Name in the DNS provider. This is the name you want the world to know

on the Internet. (Ex:

Note: Older versions of RF550VPN/RF560VPN firmware show the examples for
DNS Settings screen incorrectly. Version 4.62 firmware and above shows the notes for this screen
correctly.

Enter the Domain Name for the DNS provider. (Ex: dyndns.org)

5.

6.

Enter the user’s name and password, which is the account login name and password that was

created to login to the dyndns.org service. (Ex:

7.

If wildcards were specified when the Dynamic DNS was created, place a check in the box for Use

Wildcards. For this example wildcards is not enabled.

8.

Once the information has been entered, click on Submit. Then Save and Restart the

RF550VPN/RF560VPN.

jcmeyer)

NOTE2 on the Dynamic

jmeyerdns)

RF550VPN/RF560VPN Reference Guide – FQDN and DDNS Examples 3

Multi-Tech Systems, Inc.

9. Once the RF550VPN/RF560VPN has restarted, test the Dynamic DNS by doing a PING to the
dynamic DNS from a computer on the Internet.

ping jcmeyer.dyndns.org

This ping should show a response from the IP address assigned to the created dynamic DNS.

RF550VPN/RF560VPN Reference Guide – FQDN and DDNS Examples 4

Multi-Tech Systems, Inc.

Example 2

This example provides a sample RouteFinder configuration and related address scheme for an
application employing LAN-to-LAN IPSec VPN communication. This is an example on how to configure
an RF550VPN/RF560VPN at Site A and an RF550VPN/RF560VPN at Site B so Site A and B can
communicate through a secure connection over the Internet. This example assumes both VPN gateways
have fully qualified domain names and use dynamic DNS. This example does explain setting Secure
Association in the VPN Settings as IKE or Manual mode.

LAN-to-LAN FQDN & DDNS Configuration Diagram:

Note: The illustration labels the RouteFinder as the RF550VPN, but it stands for the RF560VPN also.

RF550VPN/RF560VPN Reference Guide – FQDN and DDNS Examples 5

LAN-to-LAN Configuration Chart

Multi-Tech Systems, Inc.

LAN-to-LAN Application – Site A:
RF550VPN/RF560VPN

1. Domain name = Site-A.com

2. FQDN Hostname = jcmeyer.dyndns.org

3. SETUP WIZARD > DEVICE IP SETTINGS

IP Address: 192.168.2.1
IP Subnet Mask: 255.255.255.0

4. SETUP WIZARD > ISP SETTINGS

Select ‘Static IP Settings
IP assigned by your ISP: 204.26.122.103
IP Subnet Mask: 255.255.255.0
ISP Gateway Address: 204.26.122.1

5. SETUP WIZARD > VPN SETTINGS

Connection Name = SiteAtoB_FQDN
Check ‘Disable UID’
Check ‘Enable Keep Alive’
Do not check ‘Enabled NetBIOS Broadcast’
Remote Site = LAN
Remote IP Network = 192.168.10.0
Remote IP Netmask = 255.255.255.0
Remote Gateway IP/FQDN = musky.dyndns.org
Network Interface = WAN ETHERNET
Secure Association = check IKE (RF550)
Secure Association = check Main Mode (RF560)
Perfect Forward Secure = check enabled
Encryption Protocol = select 3DES
Preshared Key = (must match key code at Site B)
Key Life = set to default
IKE Life Time = set to default

LAN-to-LAN Application – Site B:
RF550VPN/RF560VPN

1. Domain name = Site-B.com

2. FQDN Hostname = musky.dyndns.org

3. SETUP WIZARD > DEVICE IP SETTINGS
IP Address: 192.168.10.1
IP Subnet Mask: 255.255.255.0

4. SETUP WIZARD > ISP SETTINGS
Select ‘Static IP Settings
IP assigned by your ISP: 204.26.122.104
IP Subnet Mask: 255.255.255.0
ISP Gateway Address: 204.26.122.1

5. SETUP WIZARD > VPN SETTINGS
Connection Name = SiteBtoA_FQDN
Check ‘Disable UID’
Check ‘Enable Keep Alive’
Do not check ‘Enabled NetBIOS Broadcast’
Remote Site = LAN
Remote IP Network = 192.168.2.0
Remote IP Netmask = 255.255.255.0
Remote Gateway IP/FQDN = jcmeyer.dyndns.org
Network Interface = WAN ETHERNET
Secure Association = check IKE (RF550)
Secure Association = check Main Mode (RF560)
Perfect Forward Secure = check enabled
Encryption Protocol = select 3DES
Preshared Key = (must match key code at Site A)
Key Life = set to default
IKE Life Time = set to default

RF550VPN/RF560VPN Reference Guide – FQDN and DDNS Examples 6

Multi-Tech Systems, Inc.

Address Table

Enter the configuration information (e.g., the Default Gateway and other IP addresses used) into the
appropriate field of the Address Table below. Please print this page and use it to fill in your specific
RF550VPN/RF560VPN information and keep for future reference. (Example information below is shown
to match with the earlier diagram.)

IP Address Net Mask

Network Port connected
to the internal network ___.___.___.___ ___.___.___.___
(LAN ports) Site A 192.168.2.1 255.255.255.0

Network Port connected
to the external network ___.___.___.___ ___.___.___.___ ___.___.___.___
(WAN port) Site A 204.26.122.103 255.255.255.0 204.26.122.1

Network Port connected
to the internal network ___.___.___.___ ___.___.___.___
(LAN ports) Site B 192.168.10.1 255.255.255.0

Network Port connected
to the external network ___.___.___.___ ___.___.___.___ ___.___.___.___
(WAN port) Site B 204.26.122.104 255.255.255.0 204.26.122.1

LAN-to-LAN Application – Site A:
RF550VPN/RF560VPN

1. Domain name = __________

2. Public Class C = ___.___.___.X

LAN-to-LAN Application – Site B:
RF550VPN/RF560VPN

1. Domain name = __________

2. Public Class C = ___.___.___.X

Default Gateway

3. SETUP WIZARD > DEVICE IP SETTINGS
IP Address: ___.___.___.___
IP Subnet Mask: ___.___.___.___

4. SETUP WIZARD > ISP SETTINGS
IP assigned by your ISP: ___.___.___.___
IP Subnet Mask: 255.255.255.___
ISP Gateway Address: ___.___.___.___

5. SETUP WIZARD > VPN SETTINGS
Remote IP Network = ___.___.___.0
Remote IP Netmask = 255.255.255.0
Remote Gateway IP = ___.___.___.___

3. SETUP WIZARD > DEVICE IP SETTINGS
IP Address: ___.___.___.___
IP Subnet Mask: ___.___.___.___

4. SETUP WIZARD > ISP SETTINGS
IP assigned by your ISP: ___.___.___.___
IP Subnet Mask: 255.255.255.___
ISP Gateway Address: ___.___.___.___

5. SETUP WIZARD > VPN SETTINGS
Remote IP Network = ___.___.___.0
Remote IP Netmask = 255.255.255.0
Remote Gateway IP = ___.___.___.___

RF550VPN/RF560VPN Reference Guide – FQDN and DDNS Examples 7

Multi-Tech Systems, Inc.

Software Configuration

Example 2: Configuration Procedure at Site A

1. Connect a workstation to one of the RF550VPN/RF560VPN’s LAN ports via Ethernet at Site A.

2.

Set the workstation IP address to 192.168.2.x subnet.

3. Apply power to the RF550VPN/RF560VPN RouteFinder and allow the LEDs to stabilize on the unit.

Bring up your web browser on the workstation. At the Web browser’s address line, type the Gateway

4.

address http://192.168.2.1 and press the Enter key.

Note: Make sure your workstation’s IP address is in the same network as the router’s address.
WINIPCFG and IPCONFIG are tools for finding a computer’s default gateway and MAC address. In

Windows 98/Me you can type WINIPCFG. In Windows 2000/NT, you can type IPCONFIG.

5.

After typing the IP Address in the Web browser, the RF550VPN/RF560VPN main menu displays.

RF550VPN/RF560VPN Reference Guide – FQDN and DDNS Examples 8