Pace VPN-Lite, Telkom 921VNX User Manual

Download

Telkom VPN-Lite router setup

User Manual

Pace 921VNX

TELKOM VPN-Lite 2.5 ver.100712 Page 2

Contents

Introduction......................................................................................................................................................... 3

Before you start .................................................................................................................................................. 4

VPN-Lite Setup using the Web Browser Wizard ............................................................................................. 5

VPN-Lite Manual Setup Using Telnet ............................................................................................................... 7

Firmware Upgrade ............................................................................................................................................ 13

TELKOM VPN-Lite 2.5 ver.100712 Page 3

Introduction

Welcome to the Telkom VPN Lite router setup user manual. This manual will provide information on how to setup the Telkom VPN Lite service on your Pace 921VNX using the setup utility, the router’s graphical user interface (GUI) and CLI (Telnet or Console connection) commands (advanced user only).

o To ensure that the utility works correctly please temporarily

disabled all software firewall applications. These applications may interfere with the processes needed to successfully complete the router setup. Examples of these applications/programs include: Norton Anti-virus, PC-Cillin, Bit Defender and McAfee.

TELKOM VPN-Lite 2.5 ver.100712 Page 4

Before you start

To enable you to configure the Telkom VPN-Lite service on your Pace Router you first need to register for the VPN-Lite service on the Telkom website (www.telkom.co.za).

On the VPN-Lite registration site you will be able to configure and manage your VPN-Lite sites as shown in the image below.

Here you will retrieve vital information like site Usernames and LAN Subnets and Site Password to configure the VPN-Lite sites. In the below setup sections you will be required to enter these values. Please ensure that you have all the correct information for each site before you start any of the setup sections mentioned in this document. Below is an image to show you what information on the VPNLite setup site needs to be retrieved to enable you to setup you VPN-Lite. You can find this screen in the Manage Sites section.

o This manual assumes that the Pace 921VNX is in its

factory default state. Thus:

LAN IP = 10.0.0.2

o It is recommended to use the utility to setup VPN-Lite

on your Pace 921VNX. The routers graphical user interface or manual setup method is to be used by experienced users only.

o Please ensure that your PC is set to obtain an IP

address automatically from the router’s DHCP server.

TELKOM VPN-Lite 2.5 ver.100712 Page 5

VPN-Lite Setup using the Web Browser Wizard

This section will guide you through the relative steps to setup you VPN-Lite service using the router’s built-in VPN-Lite Wizard in the web browser.

Connection to the router using your web browser

Open a web browser like Internet Explorer or Mozilla Firefox. In the internet address bar type in http://10.0.0.2 and press enter. You will be prompted to supply a username and password. The default user name is admin and the password is admin.

Setup your VPN-Lite

After the router’s graphical user interface was successfully loaded in your web browser, firstly click on Router and then select VPN Lite, in the menu on the left of the screen. The following screen will appear.

TELKOM VPN-Lite 2.5 ver.100712 Page 6

o After you click the “OK” button, the router’s LAN IP

address will change and you will be required to log in using the new LAN IP address (as defined in the set up).

e.g. LAN IP = 10.0.16.2

Click on Enabled, to enable the VPN Lite functionality.

By using the information retrieved from the Telkom VPN-Lite setup website (see page 4) enter your site username, site password and site LAN IP range using the IP slash notation as it appears on the Telkom VPN-Lite website.

The Static Routes for VPN-Lite will be created automatically. Click “OK” to save the settings.

TELKOM VPN-Lite 2.5 ver.100712 Page 7

VPN-Lite Manual Setup Using Telnet

The following section will guide you to setup you VPN-Lite servise using the Telnet command line interface. Before you start please refer to the Before you start section in this document see page 4.

1. IP Management: a. Telnet to the Pace 921VNX using the router’s LAN IP address (default = 10.0.0.2) using this

command: “telnet 10.0.0.2” or an application such as Putty for Windows 7 users. This will access the Pace 921VNX’s CLI interface allowing you to send setup commands. On

successful connection, you will be prompted for a login and password (defaults: admin & nology*/). See screenshot below.

Enter your administration login & password. On successful authentication you will arrive at the admin prompt. (See screenshot below.)

TELKOM VPN-Lite 2.5 ver.100712 Page 8

b. Setting the DHCP Server: This task is optional. If you want your Pace 921VNX to act as a DHCP

server – distributing IPs to your LAN PCs – please perform this step. Set the router’s DHCP range to the correct target range using this command:

Syntax: cd LANDevice_1_HostConfig

set MinAddress <Min Address> set MaxAddress <Max Address> cd _

Example: cd LANDevice_1_HostConfig

set MinAddress 10.0.17.1 set MaxAddress 10.0.17.254

cd _

This router will now distribute IPs to connected PCs from the range 10.0.17.1 -> 10.0.17.254 Note: Alternatively, if you prefer to use static IPs on your network and you wish to disable the

router’s DHCP server feature, please run these commands:

cd LANDevice_1_HostConfig

set DHCPServerEnable 0 cd _

c. Set your router’s LAN IP address: Please run the following command to set your router’s LAN

IP address to within the correct target IP range. (Note that if using DHCP server, this LAN IP must be in that same IP range).

Note that your telnet session will become unresponsive after you execute the command and will eventually terminate. This is due to the router’s altered LAN IP that was originally used to setup the Telnet connection, but has now been changed.

Syntax: cd LANDevice_1_IPInterface_1

set IPAddress <LAN IP>

set SubnetMask <Subnet>

cd _

fcommit Example: cd LANDevice_1_IPInterface_1

set IPAddress 10.0.17.2

set SubnetMask 255.255.255.0

cd _

fcommit

Please see the correct LAN IP target range for your local site indicated on the VPN-Lite web page screen shot below. This will terminate Telnet session.

TELKOM VPN-Lite 2.5 ver.100712 Page 9

Note that the router uses the subnet syntax instead of the slash notation (/24) used to display the LAN IP range on the website. Use the table below to translate the slash notation to the subnet mask syntax.

d. Setting your PCs IP address: Your router’s LAN IP has now been altered but your PC’s IP is

probably still in the old range – thus making a connection impossible. Please make sure that your PCs IP is updated to the new range, either by DHCP or setting it statically.

Once your PC’s IP is again within the same range as your router’s LAN IP, continue with the

following steps.

2. Setting up the VPN-Lite solution: e. Telnet to the Pace 921VNX: Please repeat step 1a but this time with the router’s new updated

LAN IP. Once you received the “ >” prompt, please continue with the next steps.

f. Running the script: The script below sets up the VPN-Lite service on your Pace 921VNX.

Please re-type or paste each of these commands into the telnet session that has been opened to the router in step 2a above (while substituting the <angle brackets>).

TELKOM VPN-Lite 2.5 ver.100712 Page 10

Comment: Remove current connection:

ip delete interface ipwan

Comment: The above command will generate some warnings/errors – this is normal.

transports delete wanlink

Comment: Setup bridge transport and interface:

rfc1483 add transport @wanlink a1 8 35 llc bridged bridge add interface ipwan bridge attach ipwan @wanlink

Comment: Setup Internet Connection:

cd WANConnectionDevice_1_WANIPConnection set Enable 0 cd .. set Description 'Internet Service' cd WANPPPConnection set Username <ISP account username> set Password <ISP account password> fcommit cd ..

Comment: Add NATting for Internet Connection

set NATEnable 1 cd PhysicalInterface_1 set Enable 1 set Type ATMEthernetInterface set Index 1 cd _ cd WANConnectionDevice_1_WANIPConnection set Enable 1 cd _ fcommit

o Actual commands that need to be run on the telnet

session are indicated in blue.

o Please note that non-bold words enclosed with <angle

brackets> are user parameters and have to be provided

by yourself. Make sure that you substitute all <angle brackets> with your own user specific parameters, before you start executing the script below.

o Please make sure that all commands are run

successfully. It is not recommended to copy and paste the whole script at once as possible telnet buffer limitations might cause certain commands not to be pasted correctly.

o Words following “Comment:” are comments to the user,

and not valid commands.

TELKOM VPN-Lite 2.5 ver.100712 Page 11

Comment: Setup VPN-Lite Connection

cd WANConnectionDevice_2_WANIPConnection set Enable 0 cd .. set Description 'VPN Lite' cd _ cd WANConnectionDevice_2_WANPPPConnection set Username <VPN-Lite Local site account username> set Password <VPN-Lite Local site account password> cd _ cd WANConnectionDevice_2 set DNSEnable 0 set NATEnable 0 set IdleDisconnectTime 0 cd PhysicalInterface_1 set Enable 1 set Type ATMEthernetInterface set Index 1 cd _ cd WANConnectionDevice_2_Firewall set Enable 0 cd _ cd WANConnectionDevice_2 set Enable 1 cd _ fcommit

Comment: Add static routes to private IP ranges facilitating communication with remote VPN-Lite sites:

cd Layer3Forwarding_Forwarding mk 1001 set Enable 1 set Description VPN set User 1 set External 1 set Interface 2 set Protocol IPv4 set DestIPAddress 10.0.0.0 set DestSubnetMask 255.0.0.0 cd _ fcommit

cd Layer3Forwarding_Forwarding mk 1002 set Enable 1 set Description VPN1 set User 1 set External 1 set Interface 2 set Protocol IPv4 set DestIPAddress 172.16.0.0 set DestSubnetMask 255.240.0.0 cd _ fcommit

TELKOM VPN-Lite 2.5 ver.100712 Page 12

cd Layer3Forwarding_Forwarding mk 1003 set Enable 1 set Description VPN2 set User 1 set External 1 set Interface 2 set Protocol IPv4 set DestIPAddress 192.168.0.0 set DestSubnetMask 255.255.0.0 cd _ fcommit

Comment: Save configuration and restart device:

fcommit reboot

g. After your Pace 921VNX has rebooted, the VPN-Lite solution will be setup and ready for use.

TELKOM VPN-Lite 2.5 ver.100712 Page 13

Firmware Upgrade

Connect to your router

Open a web browser like Internet Explorer of Firefox. In the address bar type in http://10.0.0.2 and press enter. You will be prompted to supply a username and password to logon to the router. User name = admin Password = admin.

Firmware Upgrade

In the menu on the left click on Management then select Upgrade. The following screen will appear on the right.

TELKOM VPN-Lite 2.5 ver.100712 Page 14

Press the Browse button to select the firmware file and then press OK to start the firmware upgrade process. A progress bar will give indication on the progress of the upgrade. Do not switch off the router or disconnect any cables at this stage.

On completion of the upgrade you will be prompted to restart the router as shown below.

Pace VPN-Lite, Telkom 921VNX User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual