Multitech RouteFinder RF820, RouteFinder RF820-AP, RouteFinder RF830, RouteFinder RF830-AP User Manual

RouteFinder

SOHO Security Appliance

RF820 & RF820-AP

RF830 & RF830-AP

®

SOHO

User Guide

Copyright and Technical Support

User Guide
RouteFinder SOHO Security Appliance
Models: RF820 & RF820-AP

RF830 & RF830-AP
Document Product Number S000399E, Revision E

Copyright © 2006-2007

This publication may not be reproduced, in whole or in part, without prior expressed written permissio n from Multi­Tech Systems, Inc. All rights reserved.

Multi-Tech Systems, Inc. makes no representations or warranties with respect to the contents hereof and specifically
disclaims any implied warranties of merchantability or fitness for any particular purpose. F urthermore, Multi-Tech
Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof
without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.

Revision Date Description

A 04/24/06 Initial release. Software version 1.00
B 06/01/06 Added explanation of Load Balancing on the Network Setup screen.
C 01/03/07 Software version 1.30. Added wireless builds: RF820-AP and RF830-AP. Added

Table of Commonly Supported Subnet Addresses.

D 04/05/07 Updated the Technical Support contact list. Updated the Multi-Tech Warranty

policy.

E 10/23/07 Software version 1.40. Save and Restart functionality cha nged.

Patents

This device is covered by one or more of the following U.S. Patent Numbers: 6,219,708; 5,301,274; 5,309,562;
5,355,365; 5,355,653; 5,452,289; 5,453.986.

Trademarks

The Multi-Tech logo and RouteFinder are registered trademarks of Multi-Tech Systems, Inc.

World Headquarters

Multi-Tech Systems, Inc.
2205 Woodale Drive
Mounds View, Minnesota 55112
Phone: 763-785-3500 or 800-328-9717
Fax: 763-785-9874
Internet Address: http://www.multitech.com

Country By Email By Phone

Europe, Middle East, Africa support@multitech.co.uk +(44) 118 959 7774
U.S., Canada, all others support@multitech.com (800) 972-2439 or +763-717-5863

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 2

Table of Contents

Contents

Chapter 1 – Introduction and Description................................................................................................4

Key Features.........................................................................................................................................4

Feature Details......................................................................................................................................5

RouteFinder Ship Kit Contents .............................................................................................................6

RouteFinder Documentation.................................................................................................................6

Telecom Warnings for the Modem........................................................................................................7

RF820/RF820-AP Front Panel..............................................................................................................7

RF830/RF830-AP Front Panel..............................................................................................................7

Back Panels..........................................................................................................................................8

Typical Applications ..............................................................................................................................9

Specifications......................................................................................................................................10

Specifications for 802.11b/g Interface ................................................................................................11

Chapter 2 – Installation.............................................................................................................................12

Cabling Your RouteFinder ..................................................................................................................12

Chapter 3 – Setting up a Workstation and Starting the RouteFinder..................................................14

Establish TCP/IP Communication.......................................................................................................14

Open a Web Browser..........................................................................................................................16

Login ...................................................................................................................................................16

Web Management Software Opens....................................................................................................17

Navigating the Screens.......................................................................................................................17

Menu Bar.............................................................................................................................................18

Sub-Menus..........................................................................................................................................18

Table of Menus and Sub-Menus.........................................................................................................18

Chapter 4 – Configuring the RouteFinder ..............................................................................................19

About the Browser Interface ...............................................................................................................19

About IPSec........................................................................................................................................19

Start the RouteFinder Configuration...................................................................................................19

Using the Wizard Setup Screen to Configure Your RouteFinder .......................................................20

RF820/RF820-AP and RF830/RF830-AP Wizard Setup....................................................................21

Save & Restart Button Under Menu Bar.............................................................................................25

Important Note About Save and Restart.............................................................................................25

Chapter 5 – Configuration Using Web Management Software.............................................................26

Administration .....................................................................................................................................26

Networks & Services...........................................................................................................................35

Network Setup.....................................................................................................................................39

Packet Filters ......................................................................................................................................56

VPN (Virtual Private Network).............................................................................................................60

Proxy...................................................................................................................................................67

DHCP Server ......................................................................................................................................70

Utilities.................................................................................................................................................72

Statistics & Logs .................................................................................................................................73

Chapter 6 – Troubleshooting...................................................................................................................78

Chapter 7 – Frequently Asked Questions...............................................................................................80

Appendix A – Table of Commonly Supported Subnet Addresses.......................................................82

Appendix B – Antenna for the Wireless RouteFinder...........................................................................84

Appendix C – Warranty and Repairs.......................................................................................................85

Appendix D – Waste Electrical and Electronic Equipment Directive (WEEE) ....................................87

Glossary.....................................................................................................................................................88

Index...........................................................................................................................................................94

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 3

Chapter 1 – Introduction and Description

Chapter 1 – Introduction and

Description

Welcome to the world of Internet security. Your Multi-Tech RouteFinder SOHO security appliances, models
RF820 and RF830, and RouteFinder wireless security appliances, models RF820-AP and RF830-AP, are ideal for
the small office or home office (SOHO) that needs secure access to a corporate LAN.

In addition to providing a WAN Ethernet port for DSL or cable broadband Internet access, these security
appliances also offer both client-to-LAN and LAN-to-LAN VPN connectivity based on the IPSec or PPTP
protocols. The RouteFinder SOHO supports up to 15 VPN tunnels and provides 168-bit 3DES and AES
encryption to ensure that your information remains private. In addition, these security appliances offer secure
Internet firewall services.

Key Features

• One (RF820/RF820-AP) and two (RF830/RF830-AP) WAN Ethernet ports connect to a DSL or cable modem

for shared Internet access.

• Models RF820-AP and RF830-AP allow wireless access.

• Supports IPSec VPN tunnels and PPTP tunnels for secure LAN-to-LAN and Client-to-LAN a ccess over th e

Internet.

• 3DES and AES encryption.

• Dual WAN load balancing (RF830/RF830-AP).

• Internet and VPN failover (RF830/RF830-AP).

• Shared Internet access via PPPoE, DHCP or static IP.

• Serial port for automatic dial-backup if your broadband connection goes down (RF820/RF820-AP).

• Built-in 4-port 10/100M bps switch.

• Stateful Packet Inspection firewall with packet filter rules, DNAT, SNAT and IP MASQUERADE.

• Built-in dynamic DNS client.

• Supports VPN tunneling using FQDN.

• Protects your LAN against Denial of Service (DoS) attacks.

• Network monitoring via Syslog allows network administrator to view all incoming and outgoing packets, statu s

of connections and specific connection events.

• Configuration and management using any Web browser.

• Internet access control tools provide client and site filtering.

• Traffic monitoring and reporting.

• Flash memory of easy updates.

• IP address mapping/port forwarding.

• Two-year warranty.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 4

Chapter 1 – Introduction and Description

Feature Details

• Secure VPN Connections. The RouteFinder SOHO security appliance uses the IPSec or PPTP industry

standard protocol, data encryption, and the Internet to provide high-performance, secure VPN connections.
For LAN connectivity, the RouteFinder SOHO security appliance utilizes the IPSec protocol to provide up to
15 tunnels with strong 3DES or AES encryption using IKE and PSK key management. For Client-to-LAN
connectivity, Multi-Tech provides optional IPSec client software allowing road warriors secure access to the
company’s internal network.

This RouteFinder also supports remote users who want to use the PPTP VPN client built into the Windows
operating system. This provides 40-bit or 128-bit encryption, user name and password authentication.

• Connect Multiple Users to the Internet with Broadband Speed. With the RouteFinder SOHO security

appliance, multiple users can share access to the Internet with only one IP account. The WAN Ethernet
port(s) support DSL or cable speeds of up to 20M bps.

• Built-in 10/100 Switch. The integrated 4-port 10/100M bps switch eliminates the need for an additional hub

or switch to connect users not on a LAN. It ensures high-speed transmission and can serve as a completely
dedicated full duplex backbone.

• Network Security. The RouteFinder SOHO appliance provides network layer security utilizing Stateful

Packet Inspection, the sophisticated firewall technology found in large enterprise firewalls, to protect the
network against intruders and Denial of Service (DoS) attacks. It also uses Network Address Translation
(NAT) to hide internal, non-routable IP addresses and allows internal hosts with unregistered IP addresses to
function as Internet-reachable servers.

• Dual WAN Load Balancing, Internet and VPN Failover. The RouteFinder SOHO security appliance model

RF830/RF830-AP has a second WAN port for Internet access. This allows for two separate ISP connectio ns
giving administrators the ability to balance traffic by distributing it over the two links. In addition, if one port
were to go down, the RouteFinder appliance would automatically re-route all Internet and VPN traffic to the
other connection. The second WAN port greatly enhances performance and system uptime.

• Automatic Dial Backup. The RouteFinder SOHO (RF820/RF820-AP) security appliance also provides an

additional serial port that, when connected to a dial-up modem or ISDN terminal adaptor, can serve as a
backup resource for Internet access if your cable or DSL service goes down. It can also serve as the primary
connection if you do not have broadband connectivity yet in your area.

• Virtual Server Support. In addition to providing shared Internet access, the RouteFinder SOHO security

appliance can support a Web, FTP or other Internet servers. Once configured, it accepts onl y unsolicited IP
packets addressed to the Web, FTP or other specified servers.

• Dynamic DNS Client. The RouteFinder SOHO security appliance has a built-in Dynamic DNS client that is

compatible with DynDNS.org. It automatically sends an update to the DynDNS.org update server if the WAN
IP address changes. A registered Dynamic DNS account allows you to host your own Web site, mail server,
or other services on the Internet without having to obtain a static IP address or keep track of a dynamic IP
address. It also aids in creating static-to-dynamic or dynamic-to-dynamic IPSec VPN tunnels. In addition, with
a Dynamic DNS account, you can establish a PPTP VPN tunnel behind the RouteFinder SOHO security
appliance by configuring your PPTP client to connect to yourhostname.dydns.org instead of a dynamic IP
address.

• Fully Qualified Domain Name (FQDN) Feature.

appliance allows you to utilize a static name in the IPSec VPN setup, like “branchof.ce.dyndns.org”, instead of
a dynamic IP address, to create static-to-dynamic or dynamic-to-dynamic VPN IPSec tunnels. This allows all
of the IPSec VPN connections to act like static-to-static connections. The RouteFinder SOHO security
appliance checks the FQDN IPSec configuration every two minutes for IP address changes. If the IP address
is different than the last time it checked, it drops the current tunnel and creates a new one. This helps to keep
IPSec VPN tunnels readily available with minimal interruptions in data communication.

• Optional VPN Client Software. Multi-Tech provides easy-to-use IPSec VPN client software that

transparently secures Internet communications anytime, anywhere. VPN client software is ideal for business
users who travel frequently or work from home providing secure remote access through the RouteFinder
security appliance for applications such as remote access, file transfer, e-mail, Web browsing, messaging or
IP telephony. Encryption and authentication operations are completely transparent to the end user. In general,
IPSec provides stronger encryption than PPTP resulting in better overall security. A 30-day free trial CD is
included with the RouteFinder SOHO security appliance.

The FQDN featured on the RouteFinder SOHO security

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 5

Chapter 1 – Introduction and Description

RouteFinder Ship Kit Contents

The RouteFinder shipping box contains the following items:

• One SOHO RouteFinder

• Power Supply

• 2.4 GHz 5dBi SWI-Reverse-F Swivel Access Point Antenna (Included with the wireless models only)

• Ethernet cable (included with the RF830 model)

• This Quick Start Guide

• IPSec VPN Client 30-day evaluation software on CD (not the full working version)

• One RouteFinder CD which contains RouteFinder documentation and Adobe Acrobat Reader.

If any of the items is missing or damaged, please contact Multi-Tech Systems, Inc.

RouteFinder Documentation

Quick Start Guide

The Quick Start Guide is a shorter version of this User Guide. The Quick Start is included in printed form with your
RouteFinder. The guide provides the necessary information for a qualified person to unpack, cable, and configure
the device for proper operation.

User Guide

The User Guide can be installed from the RouteFinder CD by clicking Install Manuals on the Installation screen or
downloading the file from our Web site at: http://www.multitech.com

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 6

Chapter 1 – Introduction and Description

Telecom Warnings for the Modem

1. Never install telephone wiring during a lightning storm.

2. This product must be disconnected from the telephone network interface when servicing.

3. This product is to be used with UL and cUL listed computers.

4. Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at

the network interface.

5. Use caution when installing or modifying telephone lines.

6. Avoid using a telephone during an electrical storm. There may be a remote risk of electri cal sho ck from

lightening.

7. Do not use the telephone to report a gas leak in the vicinity of the leak.

8. To reduce the risk of fire, use only No. 26 AWG or larger telecommunications line cord.

9. Never install telephone jacks in a wet location unless the jack is specifically designed for wet locations.

RF820/RF820-AP Front Panel

RF830/RF830-AP Front Panel

LEDs Description

Power
Status

Serial DCD
Serial RXD
LAN10/100M

LAN Link / ACT

Lights when power is being supplied to the RouteFinder.
When functioning normally, the LED blinks. The LED is a solid light when the

RouteFinder is booting up, saving the configuration, restarting, or updating the
firmware.

(RF820/RF820-AP only) Lights when Serial port is connected to a remote site.
(RF820/RF820-AP only) Blinks when Serial port is receiving or transmitting data.
Lights when a successful connection to the 100BaseT LAN is established. Off when

connected to the 10BaseT.
Lights when the LAN port has a valid Ethernet connection.

Blinks when it is receiving or transmitting data.

WAN 10/100M

WAN Link / ACT

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 7

Lights when a successful connection to the 100BaseT WAN is established.
Off when connected to the 10BaseT.

Lights when the WAN port has a valid Internet connection.
Blinks when it is receiving or transmitting data.

Back Panels

RF820

RF820-AP

Chapter 1 – Introduction and Description

RF830

RF830-AP

Connector Description

Antenna Connector

Connector for the 2.4 GHz 5dBi SWI-Reverse-F antenna.

Note: The antenna must be attached in order for the RouteFinder to be operational.

WAN

LAN Ports

Reset

Serial
12VDC Power

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 8

The WAN (10/100BaseT) port connects the DSL modem or cable modem.
The RF820 and 820-AP have one WAN port and the RF830 and RF830-AP have
two WAN ports.

There are 4 LAN ports. You can connect to PCs, FTP servers, printers, or other
devices you want to put on your network.

The Reset button resets the RouteFinder to its factory defaults. Press and hold the
Reset button until the Status LED blinks, and then release it. Do not press this
button unless you want to restore all settings to the factory defaults.

(RF820 and RF820-AP only) The Serial port connects to a standard modem.
The power port connects the AC power adapter.

Typical Applications

Remote User. The client-to-LAN

application replaces traditional dial-in
remote access by allowing a remote
user to connect to the corporate LAN
through a secure tunnel over the
Internet. The advantage is that a
remote user can make a local call to
an Internet Service Provider, without
sacrificing the company’s security, as
opposed to a long distance call to the
corporate remote access server.

Branch Office. The LAN-to-LAN

application sends network traffic over
the branch office Internet connection
instead of relying on dedicated leased
line connections. This can save
thousands of dollars in line costs and
reduce overall hardware and
management expenses.

Chapter 1 – Introduction and Description

Firewall Security. As businesses

shift from dial-up or leased line
connections to always-on broadband
Internet connections, the network
becomes more vulnerable to Internet
hackers. The RouteFinder provides a
full-featured firewall based on Stateful
Packet Inspection technology and
NAT protocol to provide security from
intruders attempting to access the
office LAN.

Load-Balancing. Load Balancing

distributes LAN-to-LAN traffic over
two WAN links. This allows for the
amount of traffic on each line to be
based on a specified weighed value
so that communication can be made
faster and more reliable.

Failover. If one port were to go down,

the RouteFinder appliance would
automatically re-route all Internet and
VPN traffic to the other connection.
The second WAN port greatly
enhances performance and system
uptime.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 9

Chapter 1 – Introduction and Description

Specifications

These specifications are for the RF820/820-AP and RF830/830-AP.
See the next page for the 802.11b/g specifications.

Specifications RF820 and RF820-AP RF830 and RF830-AP

Standards
Ethernet Ports

Recommended
Network Users

Firewall

VPN

Management

Dimensions

Weight

Operating
Temperature

Humidity
Power

Requirements
Certifications

and Approvals

Warranty

10/100BaseT 10/100BaseT

LAN: 4 Ports 10/100BaseT
WAN: 1 Port 10/100BaseT

25 25

Stateful Packet Inspection
Network Address Translation (NAT)
Filtering (Port Number & IP Address)
Virtual Server
Denial of Service Protection (DoS)
Firewall Throughput (20M bps)
H.323 Pass Through

Remote User (Client-to-LAN) IPSec, PPTP
Branch Office (LAN-to-LAN) IPSec
3DES/AES Encryption
IPSEC/PPTP VPN
Encryption Throughput (3M bps)
IKE
VPN Using FQDN
Recommended VPN Tunnels: up to 15

Web-Based (HTTP)
Email Alerts
Local and Remote Management
Syslog
Intrusion Logging

9.75" w x 1.5" h x 6.5" d
(24.8 cm x 3.8 cm x 16.5 cm)

2.4 lbs.
(1.0 kg.)

o

+32

to +120o F (0o to 50o C)

25–85% non-condensing 25–85% non-condensing

Input: 100 ~240V, 0.6A 50-60- Hz
Output: 12VDC, 1A

CE Mark
FCC Part 15 (Class B)
UL 60950

2 years 2 years

LAN: 4 Ports 10/100BaseT
WAN: 2 Ports 10/100BaseT

Stateful Packet Inspection
Network Address Translation (NAT)
Filtering (Port Number & IP Address)
Virtual Server
Denial of Service Protection (DoS)
Firewall Throughput (20M bps)
H.323 Pass Through

Remote User (Client-to-LAN) IPSec, PPTP
Branch Office (LAN-to-LAN) IPSec
3DES/AES Encryption
IPSEC/PPTP VPN
Encryption Throughput (3M bps)
IKE
VPN Using FQDN
Recommended VPN Tunnels: up to 15

Web-Based (HTTP)
Email Alerts
Local and Remote Management
Syslog
Intrusion Logging

9.75" w x 1.5" h x 6.5" d
(24.8 cm x 3.8 cm x 16.5 cm)

2.4 lbs.
(1.0 kg.)

+32o to +120o F (0o to 50o C)

Input: 100 ~240V, 0.6A 50-60- Hz
Output: 12VDC, 1A

CE Mark
FCC Part 15 (Class B)
UL 60950

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 10

Chapter 1 – Introduction and Description

Specifications for 802.11b/g Interface

Specifications RF8230AP and RF830AP

Network Standards

Frequency Band
Data Rate IEEE 802.11b (auto-fallback):

Media Access Control
Channel IEEE 802.11b IEEE 802.11g

Transmission

Modulation IEEE 802.11b (DSSS) IEEE 802.11g (OFDM)

Network Architecture
Antenna
Output Power IEEE 802.11b IEEE 802.11g

Receiver Sensitivity

Range
Security

IEEE 802.11b
IEEE 802.11g

2.400-2.4835GHz

• CCK: 11, 5.5 Mbps

• QPSK: 2 Mbps

• BPSK: 1 Mbps

IEEE 802.11g (auto-fallback):

• OFDM: 54, 48, 36, 24, 18, 12, 9 and 6 Mbps

CSMA/CA with ACK

Ch. 1 to 11 – North America Ch. 1 to 11 – North America
Ch. 1 to 14 – Japan Ch. 1 to 13 – Japan
Ch. 1 to 13 – Europe ETSI Ch. 1 to 13 – Europe ETSI
Ch. 10 to 11 – Spain Ch. 10 to 11 – Spain
Ch. 10 to 13 – France Ch. 10 to 13– France

IEEE 802.11b (DSSS)
IEEE 802.11g (OFDM)

CCK @ 11.1.1 Mbps BPSK @ 6, 9 Mbps
QPSK @ 2 Mbps QPSK @ 12, 18 Mbps
BPSK @ 1 Mbps 16-QAM @ 24, 36 Mbps

64-QAM @ 48, 54 Mbps
Infrastructure Mode
SMA antenna connector

11Mbps; 17.5 +/- 2 dBm 54Mbps; 14.0 +/- 1 dBm
11 Mbps CCK @ 8% PER = -80 dBm

54 Mbps OFDM @ 10% PER = -65 dBm
Up to 400m outdoor operating range
64/128-bit WEP, WPA, TKIP, AES, WPA

2

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 11

Chapter 2 – Installation

Chapter 2 – Installation

Cabling Your RouteFinder

Your RouteFinder requires making the appropriate connections to PCs, a cable or xDSL modem, an analog
modem or ISDN TA, and AC power.

After your device is properly cabled, it must be configured. See Chapter 3 for basic directions. For advanced
configurations, see the User Guide.

RF820

1. Turn the power off on all network devices (PCs, cable modems, DSL modems, analog modems, ISDN

TAs, and the router).

2. Plug one end of a RJ-45 cable into the Ethernet port on the PC and other into one of the LAN port on the

RouteFinder. (If you have more than one PC, connect the others in the same way to the other LAN ports).

3. If using an analog modem, connect it to the RF820’s serial port.

4. Connect a network cable from the DSL modem or cable modem to the WAN port on the RouteFinder.

5. Connect the provided power supply cable to the 12VDC power port on the back of the RouteFinder, and

plug the other end of the power supply into an AC power outlet as shown.

RF820-AP

Use the cabling procedures above and attach the wireless antenna. See the Back Panel section earlier in this
chapter for the location of the antenna connector.

Note: The antenna must be attached in order for the RouteFinder to be operational.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 12

RF830

Chapter 2 – Installation

1. Turn the power off on all network devices (PCs, cable modems, DSL modems, analog modems, ISDN

TAs, and the router).

2. Plug one end of a RJ-45 cable into the Ethernet port on the PC and other into one of the LAN port on the

RouteFinder. (If you have more than one PC, connect the others in the same way to the other LAN ports).

3. Connect a network cable from the DSL modem or cable modem to the WAN port on the RouteFinder. A

second WAN port is provided for connecting a second DSL modem or cable mod em that uses a different
Internet Service Provider (ISP). This gives you the option to switch from one ISP to another in case one
provider is not available.

4. Connect the provided power supply cable to the 12VDC power port on the back of the RouteFinder, and

plug the other end of the power supply into an AC power outlet as shown.

RF830-AP

Use the cabling procedures above and attach the wireless antenna. See the Back Panel section earlier in this
chapter for the location of the antenna connector.

Note: The antenna must be attached in order for the RouteFinder to be operational.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 13

Chapter 3 – Setting up a Workstation and Starting the RouteFinder

Chapter 3 – Setting up a

Workstation and Starting the

RouteFinder

This section of the User Guide covers the steps for setting up TCP/IP communication on the PC(s) connected to
the RouteFinder, starting up the RouteFinder, and opening the RouteFinder Web Management prog ram.

Establish TCP/IP Communication

Notes:

z The RouteFinders have built-in DHCP server functionality, so you can set the PC to obtain a

dynamic IP address.

z The following directions are for Windows 2000+/XP operating systems.

Obtain a Dynamic IP Address

To obtain a dynamic IP address so it can be assigned to the Ethernet port:

1. Make the RouteFinder connections as described on the previous two pa ges.

2. Click Start | Settings | Control Panel. Double-click the Network Connections icon.

3. The Network Connections screen displays. Right-click the Local Area Connection icon and

choose Properties from the drop down list.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 14

Chapter 3 – Setting up a Workstation and Starting the RouteFinder

4. The Local Area Connection Properties dialog

box displays.

• Select Internet Protocol [TCP/IP].

• Click the Properties button.

5. Once you click the Properties button, the following
screen displays (below) . To have your DCHP client
obtain a dynamic IP address, click the button for
Obtain an IP address automatically.

6. Close out of the Control Panel.

7. Repeat these steps for each PC on your network.

To Set a Fixed IP Address

To set a Fixed IP Address, check Specify an IP address instead of Obtain an IP address
automatically. Then click OK.

1. Enter the workstation IP address as 192.168.2.x. Note that the x in the address stands for

numbers 101 and up.

2. Enter the Subnet mask as 255.255.255.0

3. Enter the Default gateway as 192.168.2.1

4. Close out of the Control Panel.

5. Repeat these steps for each PC on your network.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 15

Chapter 3 – Setting up a Workstation and Starting the RouteFinder

Open a Web Browser

Note: Be sure that the RouteFinder is cabled and that the power is connected as shown in Chapter 2.

Bring up a Web browser on the PC.

1. Type the default gateway address line:

http://192.168.2.1

2. Press Enter.

Note: Make sure your PC’s address is on the same network as the router’s address. IPCONFIG

is a tool for finding out a PC’s IP configuration (the default gateway and the MAC address).

Login

The Login screen for the RouteFinder software displays.

• Type admin (admin is the default user name) in the user name box.

• Type admin in the password box.

• Click Login.

Note: The User name and Password entries are case-sensitive (both must be typed in lower-

case). The password can be up to 12 characters. Later, you will want to change the password
from the default (admin) to something else (see the User Guide). If Windows displays the
AutoComplete screen, you may want to click No to tell Windows OS to not remember the
password for security reasons.

Password Caution: Use a safe password! Your first name spelled backwards is not a sufficiently

safe password; a password such as xfT35$4 is better. It is recommended that you change the
default password. Create your own password.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 16

Chapter 3 – Setting up a Workstation and Starting the RouteFinder

Web Management Software Opens

This is the Home screen from which you can access all setup functions.

Note: Only the top portion of the Home screen is shown here.

Navigating the Screens

Before using the software, you may find the following information about navigating through the screens and the
structuring of the menus helpful.

Menu
Bar

Sub
Menu

Other
Options
Screen
Name

Input
Area

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 17

Chapter 3 – Setting up a Workstation and Starting the RouteFinder

A

Menu Bar

See menu categories and their submenus below.

Sub-Menus

Each Menu Bar selection has its own sub-menu, which displays on the left side of the screen.
When you click one of the Main Menu choices, the first screen listed in the sub-menu displays. You can

choose other sub-menu options/screens by clicking on your sub-me nu choice.
This is an example of the Administration sub-menu. It displays when you click Administration.

Table of Menus and Sub-Menus

Administration Networks & Services Network Setup Packet Filters VPN

System Setup

dministrative Access
System Logs
Remote Syslog
SNTP Client
Tools
Factory Defaults

Proxy DHCP Server Utilities Statistics & Logs

HTTP Proxy

Custom Filters

DNS Proxy

Network Configuration
Service Configuration

LAN

LAN Subnet Settings
LAN Fixed Addresses

These menu options:

IP Settings
Wireless LAN

WLAN Security

WLAN Client Filter
Advanced IP Settings
PPP Cellular/Analog Backup

(RF820/RF820-AP only)

Load Balancing

(RF830/RF830-AP only)
Dynamic DNS
Static Routes
IP Masquerading
SNAT
DNAT

Backup
Firmware Upgrade

Wireless LAN:

WLAN Subnet Settings
WLAN Fixed Addresses

display when you go to

Network Setup > Wireless
LAN and select
Independent Subnet

Packet Filter Rules
Advanced Filters
ICMP
Packet Filter Log

System Information
Network Interface Details
Packet Filter Log
IPSec Live Log
PPTP Live Log
DHCP Server Live Log
PPP Cellular/Analog Log

(RF820/RF820-AP only)
WLAN Client Live Log
Log Traces

IPSec
PPTP

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 18

Chapter 4 – Configuring the RouteFinder

Chapter 4 – Configuring the

RouteFinder

Now that the cabling is completed and each PC on the network is configured to accept the IP addresses that the
RouteFinder will provide, you are ready to configure your RouteFinder.

Note: The antenna must be attached in order for the RouteFinder to be operational.

About the Browser Interface

Initial configuration is required in order for you to begin operation. The browser-based interface eases
configuration and management.

About IPSec

The VPN functionality is based on the IPSec protocol and uses 168-bit Triple DES (3DES) encryption to ensure
that your information remains private.

Start the RouteFinder Configuration

1. Connect your workstation.

Be sure your workstation is connected to one of the RouteFinder’s LAN ports and that the antenna is
attached to the RouteFinder.

2. Apply power.

Apply power to the RouteFinder and wait for the Status LED to blink indicating that the unit is ready.

3. Set the workstation IP address.

The directions for setting your workstation IP address are covered in Chapter 3.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 19

Chapter 4 – Configuring the RouteFinder

Using the Wizard Setup Screen to Configure
Your RouteFinder

Using the Wizard Setup is a quick way to enter the basic configuration parameters to allow communication
between the LAN workstation(s) and the Internet as shown in the example below.

Important Note: An initial configuration must be completed for each type of RouteFinder functions: firewall

configuration, LAN-to-LAN configuration, a LAN-to-Remote Client configuration.

RouteFinder Initial Configuration

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 20

Chapter 4 – Configuring the RouteFinder

Wizard Setup

RF820/RF820-AP and RF830/RF830-AP Wizard Setup

Click the Wizard Setup button located under the Menu Bar. The following screen displays.
Use the same directions for the RF820/RF820-AP and RF830/RF830-AP.

Screen Notes:

•

PPP Client for Cellular/Analog Modem Backup is available on the RF820/RF820-AP only.

• The RF830/RF830-AP has two WAN ports; the RF820/RF820-AP only one. A WAN 2 section

displays on the RF830/RF830-AP Wizard Setup screen for configuring this second port.

• If you are using the AP build, a section labeled WLAN (inset shown on the right of the screen

shot) displays after you select Independent Subnet on the Network Setup > Wireless LAN
screen.

LAN

IP Address – 192.168.2.1 defaults into this field.
Subnet Mask – 255.255.255.0 defaults into this field. These should be acceptable for your site.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 21

Chapter 4 – Configuring the RouteFinder

Wizard Setup

ISP Settings

WAN 1

Select the way the IP Address should be assigned for the WAN link. The default is DHCP Client.
When you select Static IP or PPPoE, the input fields change.

• WAN 1 DHCP Client Choice

DHCP (Dynamic Host Configuration Protocol) is a protocol that allows individual devices on
an IP network to get their own network configuration information (IP address, subnet mask,
broadcast address, etc.) from a DHCP server.

Present Status: If the DHCP client is not enabled, the following message displays: Present

Status: IP address is not obtained from DHCP server. If DHCP client is enabled, and if the IP

address has been assigned by the DHCP server, then the following values will display:

Assigned IP Address
Mask
DHCP Server Address
DNS Address
Gateway Address
Renew Time

The time that the DHCP client should begin to contact its server to renew the lease it
has obtained.

Expiry Time

Expiry time is the time that the DHCP client must stop using the lease if it has not been
able to contact a server in order to renew.

Use Peer DNS IP Address

Check this box if you want the DNS server addresses from the peer (DHCP server) is
to be obtained.
Note: The DNS address obtained from the DHCP server will be displayed on the
Network Setup > Interface screen.

Primary DNS

In this field, enter a primary domain server name (DNS). DNS (Domain Naming
System) allows you to enter a name (i.e., mydomain.com) to be used in place of the
computer's numeric IP address.

Secondary DNS

In this field, enter a secondary domain server name

• WAN 1 Static IP Choice

If you choose Static IP for WAN 1, the IP Address (default is 192.168.100.1) and the
Subnet Mask (default is 255.255.255.0) fields displays.
Enter the Default Gateway, the Primary DNS address and the Secondary DNS address for
the IP address provided.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 22

• WAN 1 PPPoE Choice

Chapter 4 – Configuring the RouteFinder

Wizard Setup

PPPoE (Point-to-Point over Ethernet) is a specification for connecting multiple computer
users on an Ethernet local area network to a remote site through DSL or cable modems or
wireless connection to the Internet. The following fields display when you select PPPoE:

User Name

Enter the user name give by the ISP.
Example: user1@xyz.com or user 1

Password

Enter the user’s password.
These characters are not allowed: <, >.
The maximum number of allowed is 18.

Retype Password

Retype the password to confirm the one entered above. Passwords must match in
order to continue. If you receive an error, enter password in both fields again.

Idle Time

This option is available only when the Connection Type is Trigger on Demand. Specify
the inactivity time (in seconds) after which the PPPoE link should be brought down.

Connection Type

Specify the type of connection for the link. Options are:

Always Connect: The link will always be established. It is not dependent on whether

or not there is data or a traffic flow through the RouteFinder. Default.

Trigger on Demand: The link will be established only when there is data or a traffic

flow through the RouteFinder.

Dynamic IP Address from ISP

Check the box to Enable the Dynamic IP address to be provided by the ISP. If enabled,
the IP address obtained from the ISP is dynamic. If disabled, enter the IP address and
subnet mask from the ISP in the following Fixed Address fields:

IP Address
Net Mask

Note: If the ISP does not support the Fixed Address option, then the RouteFinder will
accept the dynamic IP address provided by the ISP.

Accept DNS Address from Peer

Check this box if you want the DNS server address to be obtained from the peer (the
ISP). The DNS address obtained from the ISP will be displayed on the Network Setup
> Interface screen. The details of the address/subnet mask obtained from the ISP are
displayed as the Present Status on this screen.

(Continued on next page)

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 23

Chapter 4 – Configuring the RouteFinder

Wizard Setup

• WAN 1 PPPoE Choice (Continued)

MTU

A Maximum Transmission Unit (MTU) is the size (in bytes) of the largest packet that
can be passed onwards. To read more about MTU, see the following Web site:
The default for this field is 1412, which should be acceptable for most applications.

http://en.wikipedia.org/wiki/Maximum_transmission_unit

Also see the hyperlinked references listed on this Web site.

Primary DNS

In this field, enter a primary domain server name (DNS). DNS (Domain Naming
System) allows you to enter a name (i.e., mydomain.com) to be used in place of the
computer's numeric IP address.

Secondary DNS

If a secondary domain server name is configured, enter its name here. The servers are
consulted in the order in which they are configured.

PPP Client for Cellular/Analog Modem Backup (For RF820/RF820-AP Only)

The PPP link is used as a backup link to the WAN interface. If the Internet Keep-alive URLs (see below)
are not reachable through the WAN Ethernet interface, the PPP backup link automatically comes up and
the system regains its connection to the ISP. The PPP dial backup settings are:

Status

Check this box to enable PPP Dial Backup on WAN interface.

User Name

Enter the user name to authenticate the RouteFinder with the ISP.

Password

Enter the user password. The password is optional. These special characters cannot be used: <, >.

Baud Rate

Select the serial baud rate from the drop down box.

Local IP Status

Check this box to enable support for negotiating an IP address with the ISP (this address will be
enter in the next field).

Local IP Address

Enter the IP address from which the RouteFinder can negotiate for an IP address from the ISP.

Dial Number

Enter the PSTN number to be dialed.

Note

When the backup link comes up or goes down, an email alert is sent to the administrator.

Administrative Access HTTP Port (for RF820/RF820-AP & RF830/RF830-AP)

Select the HTTP port for administrative access. The default is port 80. The port number should be
between 1 and 65535. Well known ports and ports used by the firewall are not allowed.

Admin Password (for RF820/RF820-AP & RF830/RF830-AP)

Change administrator’s Password. Enter the password and a confirmation of the password. These
characters are not allowed: <, >. Also, spaces are not allowed.

Save, Reset (for RF820/RF820-AP & RF830/RF830-AP)

Click Save located at the bottom of the screen to save these entries. Use Reset if you want to change the
entries you have just made.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 24

Chapter 4 – Configuring the RouteFinder

Wizard Setup

Save & Restart Button Under Menu Bar

Select the Save and Restart button located just under the menu bar. The Save and Restart screen displays.

Save to Flash Memory

If a connection is established, then the settings have been entered correctly and your basic configuration is now
complete. Now, you must save your settings to the Flash Memory; this saves the current settings in the flash
prom and prevents settings from getting lost at the next power up.

Restart

This is optional. You do not have to restart the RouteFinder after saving to the flash memory.

Your Basic Configuration Using the Setup Wizard is now Complete.

Important Note About

Save and Restart

After you have completed and saved the settings for other settings within the Web management software, you
must save your settings to the Flash Memory. This is a final step after you have saved the settings on each
individual screen.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 25

Chapter 5 – Configuration Using Web Management Software

Administration > System Setup

Chapter 5 – Configuration Using

Web Management Software

This chapter takes you screen-by-screen through the software.

Administration

Administration > System Setup

In the Administration part of the software, you can set the RouteFinder general system-based para meters.
System Setup includes the setting the Administrator's email address and the types of email notifications that

will be sent to the System Administrator.

Email Notification

SMTP Server

Enter the IP address of the mail server.

SMTP Server

Enter the port number on which the mail server listens.

Server Authentication

Some mail servers accept connection only after a user name and password are authenticated.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 26

Chapter 5 – Configuration Using Web Management Software

User Name

If your mail server accepts connection only after a user name and password are authenticated, enter
your user name.

Password

If your mail server accepts connection only after a user name and password are authenticated, enter
your password.

Email Address

Enter the email address of the administrator who will receive the email notifications. Enter it in proper
user@domain format. Click Save. You can delete the entry and change it at any time, if desired.
At least one email address must be entered in this field.

Configure Email Notification

Select the types of notifications that you want sent (Invalid Telnet Login, Export File Backup, Log File
Full, etc). Click the Add button. The name will then display in the Send Email Notification For box.
You can remove a type by highlighting the type and clicking the Delete button. The name will then
move back to the Don't Send Email Notification For box.

Auto Reboot Timer

Enter the number of hours you want the RouteFinder to automatically reboot. Then click Save.

Note: Setting the value to zero, disables the feature.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 27

Chapter 5 – Configuration Using Web Management Software

Administration > Administrative Access

Administration > Administrative Access

The networks and hosts that are allowed to have administrative access are selected on this screen. This is a
good way to regulate access to the configuration tools.

Screen Note:

If you are using the AP build and you select Independent Subnet on the Network Setup > Wireless
LAN screen, WLAN Interface is available in the drop down list box of Available Networks/Hosts.

Administrative Access

Available Networks/Hosts and Allowed Networks/Hosts

Select the networks/hosts that will be allowed administrative access. Note that the selection box list
will include those networks you enter under Networks & Services > Network Configuration.

You can change access by moving network/hosts names from the Available list to/from the Allowed
list. The RouteFinder will display an ERROR message if you try to delete access to a network that
would cause you to lock yourself out.

Note: Any defaults here for ease of installation. ANY allows administrative access from everywhere

once a valid password is provided.

Caution: As soon as you can limit the location from which the RouteFinder is to be administ ered

(e.g., your IP address in the internal network), replace the entry ANY in the selection menu with a
smaller network. The safest approach is to have only one administrative PC given access to the
RouteFinder. You can do this by defining a network with the address of a single computer from the
Networks and Services > Network Configuration screen.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 28

Chapter 5 – Configuration Using Web Management Software

Administration > Administrative Access

Change Password

You should change the password immediately after initial installation and configuration, and also
change it regularly thereafter.

Old Password, New Password, Confirmation

To change the password, enter the existing password in the Old Password field, enter the new
password into the New Password field, and confirm your new password by re-entering it into the
Confirmation entry field.

Caution: Use secure passwords! For example, your name spelled backwards is not secure enough;

something like xfT35$4 is better.

Web Interface Inactivity Time Out

An automatic inactivity disconnection interval is implemented for security purposes. In the Time
Before Automatic Disconnect entry field, enter the desired time span (in seconds) after which you will

be automatically disconnected from the software program if no operations take place.
After the initial installation, the default setting is 120 seconds.
The smallest possible setting is 60 seconds.
The maximum setting is 3000 seconds.
If you close the browser in the middle of an open configuration session without closing via Exit, the

last session stays active until the end of the time-out and no new administrator can log in.

Administrative Access HTTP Port

This field is used for setting the HTTP port for Web administration. After changing the HTTP port, the
connection is terminated. The browser settings have to be changed for the new port number before
starting the next session.

By default, port 80 is configured for HTTP sessions. The value of the port number should lie between
1 and 65535. Well known ports and ports already used by the firewall are not allowed.

If you want to use the HTTP service for other purposes (e.g., a diversion with DNAT), you must enter
a different TCP port for the interface here. Possible values are 1-65535, but remember that certain
ports are reserved for other services. We suggest you use ports 440-450. To have Administrative
Access after the change, you must append the port to the IP address of the ROUTEFINDER
separated by a colon (e.g., http://192.168.0.1:445)

.

Logo and Version on Logon Page

Check this box if you want the logo and version number to display on the logon page. Click Save.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E) 29