Solwise SAR715PVW Setup Instructions

Download

Solwise Ltd.

Set-up instructions for

Solwise SAR715PVW

Wireless ADSL Router

with Hardware VPN

www.solwiseforum.co.uk

The Solwise Forum is designed to be the first port-of-call for technical support and sales advice for the whole Solwise product range.

Please check the forum for coverage on any technical problems you have. Many people have trodden your path before you, and a quick check on the forum will reduce the pressure on our support staff.

May 9 2003

Chapter 1. Introduction Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Notification is hereby given that Solwise Ltd. reserves the right to modify, change, update or revise this document from time to time as required without the prior obligation to notify any person, company or organization. Further, Solwise makes no warranty or representation, either express or implied, with respect to merchantability, or fitness of its products for a particular purpose.

Solwise Ltd.

13/15 Springfield Way Anlaby Hull HU10 6RJ UK

Tel 0845 458 4558 (local rate) Fax 0845 458 4559 Email sales@solwise.co.uk Http www.solwise.co.uk

Changes are periodically made to the information in this document. They will be incorporated in subsequent editions. The product manufacturer may take improvement and/or changes in the product described in this document at any time.

FCC compliance

This equipment complies with Part 68 of the FCC Rules. On this equipment is a label that contains, among other information, the FCC registration number and Ringer Equivalence Number (REN) for this equipment. You must, upon request, provide this information to your telephone company.

If your telephone equipment causes harm to the telephone network, the Telephone Company may discontinue your service temporarily. If possible, they will notify in advance. But, if advance notice isn’t practical, you will be notified as soon as possible. You will be informed of your right to file a complaint with the FCC.

Your telephone company may make changes in its facilities, equipment, operations, or procedures that could affect proper operation of your equipment. If they do, you will be notified in advance to give you an opportunity to maintain uninterrupted telephone service. The FCC prohibits this equipment to be connected to party lines or coin-telephone service.

In the event that this equipment should fail to operate properly, disconnect the equipment from the phone line to determine if it is causing the problem. If the problem is with the equipment, discontinue use and contact your dealer or vendor.

DOC compliance information

SAR715PVW User’s Guide

NOTICE: The Canadian Department of Communications label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operational and safety requirements. The Department does not guarantee the equipment will operate to the user’s satisfaction.

Before installing this equipment, users ensure that it is permissible to be connected to the facilities of the local Telecommunications Company. The equipment must also be installed using an acceptable method of connection. The customer should be aware that compliance with the above conditions might not prevent degradation of service in some situations.

Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.

CAUTION: Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.

NOTICE: The Load Number (LN) assigned to each terminal device denotes the percentage of the total load to be connected to a telephone loop which is used by the device, to prevent overloading. The termination on a loop may consist of any combination of devices subject only to the requirement that the sum of the Load Numbers of all the devices does not exceed 100.

European CTR 21 compliance

The equipment has been approved in accordance with Council Decision 98/482/EC for pan-European single terminal connection to the public switched telephone network (PSTN). However, due to differences between the individual PSTNs provided in different countries, the approval does not, of itself, give an unconditional assurance of successful operation on every PSTN network termination point. In the event of problem, you should contact your equipment supplier in the first instance.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 1. Introduction

Table of Contents

1 Introduction..........................................................9

1.1 Features......................................................................9

1.2 What’s in the package?............................................10

1.3 Front Panel ...............................................................11

1.4 Rear Panel................................................................12

2 Connecting to your network and line.................13

3 Setting up TCP/IP on your computer ................15

3.1 Installing TCP protocol on your PC..........................15

3.2 Configuring TCP/IP Protocol for your PC................17

3.3 Setting up TCP/IP protocol on your Mac.................19

4 Quick Router configuration using your

browser...........................................................22

4.1 What you see on the Start-up page.........................23

4.1.1 About the Status Page....................................24

4.2 Setting up a basic NAT router configuration............27

4.2.1 Clearing to factory defaults .............................27

4.2.2 Creating the WAN connection ........................29

4.2.3 Disabling DHCP Server ..................................33

4.2.4 Setting up the Security Interfaces...................35

4.2.5 Saving the configuration and restarting..........38

4.2.6 Testing the connection....................................39

4.2.7 Enabling the Wireless Interface......................40

5 The Configuration Screens in More Detail........44

5.1 About the System menu...........................................44

5.1.1 Error Log..........................................................44

5.1.2 Remote Access...............................................44

5.1.3 Upgrade...........................................................45

5.1.4 Restart .............................................................46

5.2 Configuration ............................................................47

5.2.1 Save configuration ..........................................47

5.2.2 Authentication..................................................48

5.2.3 LAN Connections............................................50

5.2.4 WAN Connections...........................................52

5.2.5 IP Routes.........................................................53

Chapter 1. Introduction Solwise SAR715PVW ADSL Ethernet Router User’s Guide

5.2.6 DHCP Server ..................................................54

5.2.7 DNS Client.......................................................57

5.2.8 DNS Relay.......................................................58

5.2.9 Security............................................................60

5.2.10 IPSec.............................................................76

5.2.11 PPTP .............................................................76

5.2.12 L2TP..............................................................76

5.2.13 Ports ..............................................................76

5.3 802.11b.....................................................................80

5.3.1 Attributes .........................................................80

5.3.2 Wireless setting...............................................81

5.3.3 WEP setup ......................................................84

6 VPN Configuration ............................................86

6.1 Enabling the Firewall ................................................86

6.2 IPSec VPN Configuration.........................................88

6.2.1 Pre-Shared Key...............................................88

6.2.2 Digital Signature VPN Configuration ..............92

6.3 PPTP Access Concentrator (PAC) and

L2TP Access Concentrator (LAC) Configuration ...........97

6.4 Configuring PPTP or L2TP Client-Initiated

Tunneling with VPN Concentrator ..................................99

6.4.1 Create two dial-up networking (DUN)

connections...............................................................99

6.4.2 Disabling IPSec on the Windows 2000 PC 100

6.5 Basic Terms and Concepts....................................100

7 How to…..........................................................104

7.1 How to enter Command Line Interface mode .......104

7.1.1 Telnet.............................................................104

7.1.2 Using terminal program via serial

console port ............................................................104

7.1.3 Basic CLI syntax ...........................................107

7.2 Altering the LAN IP address of the router..............109

7.3 Using your 715PVW Router with fixed IP

address ..........................................................................110

7.4 Set-up port forwarding............................................114

7.5 Configuring the ‘Security Interface’ to allow

Netmeeting ....................................................................117

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 1. Introduction

7.6 Configuring the ‘Security Interface’ to allow ftp 119

7.7 Configuring the ‘Security Interface’ for MS

Messenger to work........................................................120

7.8 Firewall Features....................................................120

7.8.1 Intrusion Detection ........................................120

7.8.2 Packet Filtering..............................................121

7.9 Enabling DHCP Server Mode ................................127

7.10 Altering the configuration user name and

password .......................................................................128

8 Firmware Upgrade ..........................................130

8.1 Upgrading from to a new 8.2 firmware

version using http ..........................................................130

8.1.1 When things go wrong! .................................130

8.2 Using xmodem to upload the firmware files ..........131

8.2.1 Loading a new bootcode bin firmware file 131

8.2.2 Loading a new main bin firmware file...........139

9 DNS Addresses...............................................149

10 About Universal Plug’n Play and the

SAR715PVW Router....................................151

10.1 UPNP IN GENERAL.............................................151

10.1.1 Overview .....................................................151

10.1.2 Background .................................................151

10.2 THE INTERNET GATEWAY DEVICE.................153

10.2.1 The IGD concept.........................................153

10.2.2 Network Address Translation (NAT) ..........153

10.2.3 NAT Traversal.............................................154

10.3 UPNP SUPPORT IN OPERATING

SYSTEMS .....................................................................154

10.3.1 Microsoft Windows......................................154

10.3.2 Macintosh OS..............................................154

10.3.3 Linux ............................................................154

10.4 UPNP SUPPORT In The 715PVW Routers........155

10.4.1 Windows ME ...............................................155

10.4.2 Windows XP................................................157

11 Appendix A Product Specifications.................169

11.1 Software features..................................................170

Chapter 1. Introduction Solwise SAR715PVW ADSL Ethernet Router User’s Guide

12 Appendix B Troubleshooting...........................172

12.1 Software features..................................................174

13 Appendix B Troubleshooting...........................177

13.1 Basic Connectivity.................................................177

13.2 Logging in with the ISP .........................................177

13.3 PC cannot access the Internet .............................181

13.3.1 Pinging the WAN side of the router............181

13.3.2 Pinging the internet .....................................182

13.4 Connecting to a web site ......................................182

13.5 Diagnosing Problem using IP Utilities ..................182

13.5.1 ping..............................................................182

13.5.2 nslookup ......................................................183

13.6 MTU value. What is it and why does having

the correct value matter? ..............................................184

13.6.1 What are the symptoms of having a

wrong MTU value? .................................................184

13.6.2 So what is it?...............................................184

13.6.3 Why is it important? ....................................184

13.6.4 So how do I set the MTU value on

my Windows PC?...................................................185

14 Appendix C Government compliance

notices ..........................................................187

15 Appendix D IP Addresses, Network

Masks, and Subnets.....................................189

15.1 IP Addresses.........................................................189

15.1.1 Structure of an IP address..........................189

15.1.2 Network classes..........................................190

15.2 Subnet masks .......................................................190

16 Appendix E Binary Numbers...........................193

16.1 Binary Numbers ....................................................193

16.1.1 Bits and bytes..............................................193

17 Appendix F Useful Links .................................195

18 Appendix G Glossary ......................................196

1 Introduction

The SAR715PVW is powerful, high integration function Router which provides secure communication between networks and users with a DSL connection to Internet. For the ADSL line, it gives excellent performance and compliance with ITU-T G.dmt (G.992.1), ITU-T G.lite (G.992.2) and ANSI T1.413 issue standards. For VPN functions, it provides IPSec, PPTP, LT2P and PPPoE basic VPN functions. The Firewall function supports Denial of Service prevention and Trojan Horse prevention which meets the ICSA firewall standard. The general function of SAR715PVW is defined as a “ Wireless AP + ADSL Router” with connectivity to either/or connection as in the following diagram. In this mode, you may connect the “LINE” port to an ADSL-ready telephone line. The ADSL/WAN LED will indicate connection. Then connect the LAN port to a Network device.

1.1 Features

• Compliant with ITU-T G.dmt (G.992.1) , ITU-T G.lite (G.992.2), G.994,1 (G.hs) standards

• VPN function supports RFC 2401, RFC 2411, RFC 2402, RFC 2406, RFC 2393, RFC 2407, RFC 2104, RFC 2403, RFC 2404, all AH and ESP Transforms function, and LZS Transform for IPCOMP.

• Built in VPN Server ability for IPSEC (with Pre-Shared Key and Digital Signature), and PPTP and L2TP.

Chapter 1. Introduction Solwise SAR715PVW ADSL Ethernet Router User’s Guide

• Firewall function supports Stateful Packet Inspection, IETF NAT standards and Comprehensive Logging.

• Filtering function can work under HTTP, FTP, NNTP, IRC chat, ICQ, Real Video, Real Audio and customizable individual filtering profile by end users.

• LAN port supports Auto-detect 10/100Mbps Ethernet and Half/Full-Duplex modes.

• Wireless LAN support 802.11b with 64/128K WEP.

• Provide Internal 4-port Switch ports used to expand

network by connecting to another switch or hub.

• Web browser configuration and management tool allows easy to configure which can via Ethernet or Wireless connection (option).

• Support SNMP for remote management.

• Support 8 simultaneous PPP or Bridge/Routing sessions

allowing multiple concurrent connections to service providers (same as number of VCs).

• Built-in PPPoA/PPPoE client to support the account for ADSL connection.

1.2 What’s in the package?

 One ADSL Router

 One 12VDC Adapter

 One RJ-11 Telephone Cable

 One 10Base-T Ethernet straight-through Cable

 One Software CD containing the User’s Guide and

All packages have been checked carefully for their completeness and functionality before shipped. Please contact the place of purchase if any of the above listed items are missing or damaged.

• Able to upgrade Firmware via HTTP or TFTP download. (via Ethernet).

configuration software

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 1. Introduction

1.3 Front Panel

The front panel features 8 LEDs and a Reset button.

Refer to the following table for the meaning of each feature.

LED Colour Comments

Power Green The Power LED lights up when power on

ADSL Link Green Light when ADSL in data ode

ADSL ACT Green Blinking when ADSL transmitted or received.

Lan1

Lan2

Green

Lan3

Lan4

Local Area Network status of port (1, 2, 3, 4). A steady LED indicates a successful connection though that port. If the LED is flickering, the router is actively sending or receiving data over that port...

The WIRELESS LED will be ON when AP function

Wireless Green

enable, at this time Wireless clients are able to connect to the AP.

Button Comments

Reset Reset the shipping default setting.

Chapter 1. Introduction Solwise SAR715PVW ADSL Ethernet Router User’s Guide

1.4 Rear Panel

The rear panel of the ADSL Router consist of power jack, Console Port connector, Ethernet connections and ADSL phone socket as below:

Function Definition

1/0 Power on/off switch

POWER The power jack connects to 12VDC Adapter from wall outlet.

RS232 This is RS232C interface and is used to manage the ADSL

Router.

LAN1,

10/100 Ethernet interfaces to connect to PC. LAN2, LAN3, LAN4

ADSL ADSL jack connect to DSL line from TelCo

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 2. Connecting to your network and line

2 Connecting to your network and line

LAN ports LAN1 to LAN4 on the SAR715PVW router are the type designed to be connected directly to the port on a PC LAN card or to any type of switch/hub port (i.e. either ‘normal’ or ‘uplink’) using a standard cat5 LAN cable.

Use the supplied RJ11 phone cable to connect from the ADSL socket on your router to your ADSL phone socket.

Connect the power jack from the power supply to the power socket on the router and then plug the power supply into a suitable UK power socket: The green POWER LED on the front of the router should light up.

If you want to do configuration via the Command Line Interface using Telnet then you can connect using the standard user name ‘admin’ and password ‘admin’ and the default IP address of the router is 192.168.0.1. If you want to use CLI mode via the serial port then you’ll need to connect a 9pin serial cable to the RS232 connector on the back of the router (a ‘normal’ modem, serial cable is required which can be purchased from your supplier if needed). Port settings are 9600,8,1,n,no flowcontrol.

Chapter 2. Connecting to your network and line Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Alternatively a more user friendly configuration method is to use the built in http interface. To do this all you need to do to be able to do is access the router through your web browser running on any computer.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 3. Setting up TCP/IP on your computer

3 Setting up TCP/IP on your computer

You first of all need to check the TCP/IP settings of your computer. Please note that the author is assuming you are using MS Windows (Win9x or 2K/XP) or Mac OS10; please make appropriate allowances if using another operating system or platform such as Linux. The default IP address of the SAR router is 192.168.0.1 on subnet mask 255.255.255.0. In simple terms this means that, in order for your computer to talk to the router, their IP address should be in the range from 192.168.0.2 to 192.168.0.254. If you already use TCP as your default network protocol and you don’t use IP settings in the required range then you will have to either permanently alter the settings of your computers to suite or change the default address of the router. If you wish to alter the settings of all your computers to suite then it is probably best to ask the person in charge of your network set-up to do this for you. If you want to alter the router then you will have to temporarily change the settings for your PC.

3.1 Installing TCP protocol on your PC

Win9x Win2K/XP

Go to Start/Settings/Control Panel/Network....

Go to Start/Settings/Network and Dialup Connections...

Click on ‘Local Area Connection’.

If you already see a line showing TCP/IP protocol such as the example shown above then you can skip this section.

Otherwise click on Add, then select Protocol and then click on Add.. again. Then on the Select Network Protocol screen select Microsoft/TCP/IP...

Chapter 3. Setting up TCP/IP on your computer Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Click on OK and Windows will then add the protocol to your network setup.

Then on Properties..

If you already see a line showing TCP/IP protocol such as the example shown above then you can skip this section.

Otherwise click on Install, then select Protocol and then click on Add.

Then on the Select Network Protocol screen select Microsoft/TCP/IP...

Click on OK and Windows will then add the protocol to your network set-up.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 3. Setting up TCP/IP on your computer

3.2 Configuring TCP/IP Protocol for your PC

Go to Start/Settings/Control Panel/Network....

Scroll down the list of network settings until you find the entry showing TCP/IP. There may be several such entries (see example); the one you need is the entry associated with your network card. Select it and then click on Properties:

Go to your local network settings (Start/Settings/Network and Dialup Connections/Local Area Connection/Properties).

Scroll down the list of network settings until you find the entry showing TCP/IP. Select it and then click on Properties:

The first screen shows the IP Address for your PC. As already explained, you need to ensure that each PC on your LAN has an IP address which is both unique and within the subnet range of the routers address e.g. in the range 192.168.0.2 to 192.168.0.254 (assuming default IP address for the router).

Next, for each PC you must enter a Gateway address. This is the address of the router and tells your PC where to send internet TCP requests:

As already explained, you need to ensure that each PC on your LAN has an IP address which is both unique and within the subnet range of the routers address e.g. in the range 192.168.0.2 to 192.168.0.254 (assuming default IP address for the router).

Now you need to enter the address of the router as the default gateway.

Chapter 3. Setting up TCP/IP on your computer Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Finally you must set-up DNS Configuration on each PC:

Each PC MUST have the address for DNS entered in it’s TCP setting. If your PC doesn’t have a DNS setting then it will not be able to find any internet sites so it’s important that you have this set correctly!

On the DNS Configuration screen you must Enable DNS and then enter a Host name; this can be anything you like – just a made up name will do!

Now you need to enter the DNS address.

On the main TCP/IP Properties screen select ‘Use the following DNS server addresses’.

Now you need to enter an address for the ‘Preferred DNS’.

Ideally you should get the DNS address to use from your ISP (a list showing some of the common ISP DNS addresses is given below). However, if you don’t know the ISPs’ DNS address then you can temporarily use the address 212.50.160.100.

Enter the DNS address for the preferred DNS (as shown above).

Finally click on OK, then OK and then Close. The new TCP/IP settings should take immediate effect.,

That’s all there is to the basic set-up.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 3. Setting up TCP/IP on your computer

Ideally you should get the DNS address to use from your ISP (a list of common addresses is given later). However, if you don’t know the ISPs’ DNS address then you can temporarily use the address 212.50.160.100 or

1212.50.160.28. You need to ‘add’ the DNS address to the DNS list.

Finally click on OK and then OK from the main Network menu.

Windows will now install the revised network settings; please note that your original Windows installation CD might be required. You should then reboot your PC.

That’s all there is to the basic set-up.

3.3 Setting up TCP/IP protocol on your Mac

Configuration of the router is done using your web browser but first of all you need to ensure that the IP settings on computer are correctly set to enable you to talk with the router. The default IP address of the Asus router is 192.168.0.1 with netmask

255.255.255.0. This means your computers and other network resources should have IP address’s in the range 192.168.0.2 to

192.168.0.254. First of all go to the Network set-up on your Mac:

Chapter 3. Setting up TCP/IP on your computer Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Enter a suitable IP address (e.g. 192.168.0.2) and the netmask as shown above and click on Apply Now.

Now enter the IP address of the router in ‘Router’ box.

You also need to enter an address for your ‘Domain Name Server’.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 3. Setting up TCP/IP on your computer

Ideally you should get the DNS address to use from your ISP. However, if you don’t know the ISPs’ DNS address then you can temporarily use the address 212.50.160.100.

Add the DSN address to the Domain Name Server list.

That’s all you should have to do. Click on Apply Now and your new settings should be set.

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

4 Quick Router configuration using your browser

The easiest way to configure your router is via your web browser accessing the html pages direct in the router.

To configure using your browser you must first of all must have successfully installed TCP/IP protocol on your computer as detailed above.

After checking your connections and TCP settings (see above) you are ready to run your browser in order to configure the router.

Please note the following:

The default IP address for the 8.2 firmware is 192.168.0.1

The default configuration username and password are admin.

Any browser can be used on any operating system: The configuration screens are the same.

Note: If you are using Explorer on a PC then first check that your browser is set to use LAN for internet access. To do this in Explorer go to Tools/Internet Options/Connections. Then check that the setting ‘Never dial a connection’ is selected. Then on the LAN Settings screen nothing should be ticked.

Now start your browser and enter the address of the router on the Address/URL line of your browser (192.168.0.1). The browser should then load the start-up page from the router:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

4.1 What you see on the Start-up page

Status : This page shows the status of your connection.

Quick Start : This page allows you to set up authentication & login

details which may be required by your ISP

System :

1. Error Log : This page shows recent configuration errors from your router

2. Remote Access : This page allows you to setup remote

configuration options

3. Upgrade : From this page you may upgrade the system software on your network device

4. Restart : From this page you may restart your router

Configuration :

1. Save config : Use this page to commit changes to system memory.

2. Authentication : This page allows you to control access to your router's console and these configuration web-pages.

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

3. LAN connections : Use this page to set the LAN configuration, which determines how your device is identified on the network.

4. WAN connections : This option allows you to create and configure WAN connections from your router

5. IP routes :

6. DHCP server : Allows you to enable, disable and configure your DHCP server

7. DNS client : client

8. DNS relay : relay

9. Security : Intrusion Detection.

10. IPSec: Allows you to setup the IPSec Gateway settings, Endpoint Configuration and security certificates.

11. PPTP: Allows you configure the PPTP IP pool and user authentication.

12. L2TP: Allows you configure the L2TP IP pool and user authentication.

13. Syslog: Allows you to set the Syslog message level and specify settings for the Syslog client.

14. SNMP: Allows you configure SNMP management settings.

15. Ports: Allows you to configure the ports available from your router

Allows you to create, edit and delete IP routes.

Allows you to enable, disable and configure DNS

Allows you to configure Security, Firewall, NAT and

4.1.1 About the Status Page

a. ADSL: Allows you to view the stats for the ADSL port

and also to modify the ADSL port parameters (DON’T touch these unless you know what you are doing!).

b. Ethernet: Allows you to view the stats for the ethernet

LAN port and also to modify the port parameters (DON’T touch these unless you know what you are doing!).

802.11b :

1. Attributes : Allows you to configure the settings for the

wireless link

The Status homepage contains information about the current configuration of this router. It provides an overview of the current image configuration. The page contains the following sections:

• Status

• Advanced Diagnostics

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

Status

The Status section displays:

• The current WAN IP Address configuration. It also provides a WAN Settings hyperlink that allows you to create, modify or

delete your WAN configuration.

• The current Local IP Address configuration. It also provides a LAN Settings hyperlink that allows you to create, modify or

delete your LAN configuration.

Advanced Diagnostics

The Advanced Diagnostics section displays:

• Connection Authentication details; this displays details about your current ISP login settings. It also provides a Login Settings hyperlink that allows you to create, modify or delete your existing login setup.

• Port Connection Status

• WAN Status

• LAN Status

• Hardware Status

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

• Defined Interfaces

Port Connection Status

This section displays information about your port connections:

• Port; the ports available on this ADSL router

• Type; the kind of traffic that can be transported on each port

• Connected; which of the ports on this ADSL router are

currently connected:

•

• Line State; DSL connection status

represents a port that is not connected

represents a port that is connected

WAN Status

This section displays the following status information about your WAN configuration:

• IP Address Type; whether the WAN IP address is used or the address is obtained dynamically from DHCP.

• WAN Subnet Mask

• Default Gateway; whether DHCP server has been

configured to give out the WAN IP address as the default Gateway address.

• Primary DNS; whether a Primary DNS IP address has been set.

The WAN Status section also provides two hyperlinks:

• IP Address Settings; this allows you to create, modify or delete your WAN configuration.

• DNS Client Settings; this allows you to create, modify or delete your DNS Client configuration.

LAN Status

This section displays the following status information about your Local Area Network settings:

• LAN Subnet Mask

• Act as Local DHCP Server (Yes/No)

• MAC Address; this is the actual MAC address for the

Ethernet block in this router.

The LAN Status section also provides a DHCP Server Settings hyperlink that allows you to configure your DHCP server status.

Hardware Status

This section displays the following status information about your ADSL router:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

• Up-Time; the length of time (in hours:minutes:seconds) that your current session has been connected for

• Version; information about the software release which has been used to build the image running on your ADSL router.

• Vendor; The name of the Vendor supplying the ADSL router. The default setting for this is GlobespanVirata.

Defined Interfaces

This section lists LAN interfaces that have been defined

Each interface listed has a Show Statistics hyperlink associated with it. Click on this for detailed information about some/all of the following (depending on the interface type and configuration):

• the interface

• connection details

• port configuration

• service parameters

4.2 Setting up a basic NAT router configuration

Please note the following:

The default IP address for the 8.2 firmware is 192.168.0.1

The default configuration username and password are admin.

4.2.1 Clearing to factory defaults

Make sure your PC is on an IP address in the same subnet as the 715PVW (e.g. 192.168.0.2). Next, enter the address of the router in your browser address line (i.e. 192.168.0.1)…

The main status page for the router should display.

If it asks for a Username/Password to enter configuration then use ‘admin’ and ‘admin’….

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

First of all you are advised to ensure the router is reset to factory default settings. To do this goto System/Restart and, to enter configuration, (enter ‘admin’ for username and password if you are asked to verify your configuration username and password).

Tick the box ‘Reset to factory defaults’ then click on Restart.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

Now wait for about 30 seconds whilst the router resets and then click on Status to re-display the front page…

4.2.2 Creating the WAN connection

The quick way to setup a your router for internet access is to create a new WAN connection. To do this, from the main Status page, click on the ‘WAN Settings’ link under Status on the top of the page…

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Now delete the current WAN connections. Click on the Delete link on the end of each line to remove the connection.

For example…

Once all the connections are deleted…

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

Click on ‘Create a new service’.

Select ‘PPPoA routed’ and click on Configure…

4.2.2.1 For BT Phone lines

Enter your ISP login details:

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Use VPI value 0 and VCI 38. Select CHAP and enter the login username and password as given to you by your ISP. Please note, even if your ISP doesn’t provide you with a password you MUST enter one: Make one up ☺

4.2.2.2 For KC Phone lines

DO NOT ENABLE NAT yet ☺

Then click on Configure.

You have now entered all your ISP login details.

Enter your ISP login details:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

Use VPI value 1 and VCI 50 and also select ‘LLC header mode’ to ‘on’. Select CHAP and enter the login username and password as given to you by your ISP.

4.2.3 Disabling DHCP Server

DO NOT ENABLE NAT yet ☺

Then click on Configure.

You have now entered all your ISP login details.

It’s easier if, for now, you disable DHCP server (details on how to configure DHCP server setup are given later).

Click on Configuration/DHCP server.

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Select ‘Disabled’ and then click Configure.

Now click on Apply.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

4.2.4 Setting up the Security Interfaces

Goto Configuration/Security

Click on ‘Add Interface’ under the heading ‘Security Interfaces’:

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Select ‘ppp-0’ as type ‘external’ and then click on Apply:

Now click on ‘Add Interface’ again…

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

Select ‘iplan’ as type ‘internal’ and then click on Apply…

Now enable NAT by clicking on the ‘Enable NAT to internal interfaces.

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

That completes your basic NAT setup.

4.2.5 Saving the configuration and restarting

To store you new configuration click on Configuration/Save config…

Click on Save.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

Wait until you get a message confirming saved.

Next, to restart the router click on System/Restart

Then click on Restart. Wait about 30 seconds for the router to reboot and then click on Status.

4.2.6 Testing the connection

Goto the Status page.

Now, if you are correctly connected to the line the ADSL Status there should be a WAN IP Address shown at the top under PPPoA Connections.

To get the full connection statistics goto the bottom of the page and click on ‘Show Statistics’ for your new WAN interface under ‘Defined Interfaces’.

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

For a proper connection the IP Address at the top of the page must be shown; 0.0.0.0 means the router is not logged in with the ISP.

Under the ‘PPPoA parameters’ the Status should show open for IP.

Now your connection should be up and working (check your TCP set-up is set for the new address of the router – 192.168.0.1 - and your other TCP settings are correct).

If you’re router is not connection to your ISP then please go through the trouble shooting section later in this manual.

4.2.7 Enabling the Wireless Interface

Before you can start to wirelessly connect to the router you need to setup the wireless interface on the router.

To configure the wireless parameters click on 802.11b/Attributes…

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

To avoid complication, it would be best to first of all test your wireless link without any form of WEP security: Once you are happy about the wireless connection then, if needed, you can enable WEP.

Most parameters can be left as default. The only parameters to check are the ESSID string (default is ‘act1’ and the Default Channel (1). Enter values which match those used by your wireless clients.

Once you’ve set your configuration you next need to check that the wireless interface is setup to bridge to the LAN connections.

Click on Configuration/LAN connections…

Chapter 4. Quick Router configuration using your browser Solwise SAR715PVW ADSL Ethernet Router User’s Guide

If there is NO service shown in the table of name ‘Ethernet-0’, Description ‘wireless’ then you will need to create this.

To create the service click on ‘Create a new service’

Select Ethernet bridged (for those interested, selecting routed would allow you to run the wireless LAN of a different address subnet to the normal LAN ports) then click on Configure.

Enter a description for the connection and select the Wireless1 port and then click on Apply.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 4. Quick Router configuration using your browser

Now you should save the configuration (see above for details on how to save the configuration).

Assuming you’ve correctly configured your LAN settings on the router and your wireless network clients you should now have wireless LAN connectivity from your clients to the SAR router and also to the LAN connections on the router.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

5 The Configuration Screens in More Detail

5.1 About the System menu

The System menu contains options which allow low-level changes to be made, such as updating the image on the system. From the lefthand menu, click on System. The following sub-headings are displayed:

• Error log; displays information about recent configuration errors.

• Remote Access; allows you to enable remote administration of your ADSL router (using NAT).

• Upgrade; allows you to update the image on your ADSL router.

• Restart; allows you to restart your ADSL router and optionally restore factory defaults.

5.1.1 Error Log

From the System menu, click on Error Log. The following page is displayed:

This page displays a table containing all configuration errors experienced by your ADSL router during a current session. The table also tells you:

• when the error occurred (in seconds since your system was restarted)

5.1.2 Remote Access

• which process the error occurred in.

This allows you to enable temporary remote access to your ADSL router using Network Address Translation (NAT):

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

1. From the System menu, click on Remote Access. Before you can enable remote access, you must configure NAT. Click on the NAT hyperlink, or click on Configuration>Security from the left-hand menu.

2. Once you have configured NAT, click on Remote Access to display the following:

5.1.3 Upgrade

3. Type in the length of time that you want to allow remote access for. Click on Enable.

4 The Remote Access page is displayed, confirming the number of seconds remaining for remote access. There is also a Disable button that allows you to stop remote access before the specified time ends.

This option allows you to upload firmware images to the ADSL router using HTTP. A tar archive is uploaded to the RAM of your ADSL router. The archive is unpacked automatically, files are validated and then written to Flash memory.

1. From the System menu, click Upgrade. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

2. Type in the network location of the new firmware image that you want to upload, or use the Browse button to browse through the network and select the file. Click on Upgrade.

3. Once the file has been uploaded to the RAM of your ADSL router, it is written to Flash. A status page is displayed confirming that the upload is complete and telling you how much of the file (in bytes and as a percentage) has been written to Flash.

4. Once the file has been written to Flash, the Firmware Upgrade page is refreshed. The page confirms completion

of the update and asks you to restart your ADSL router in order to use the new firmware. Click on Restart.

Note – Upgrading your firmware could take up to 15 minutes to complete.

5.1.4 Restart

This page allows you to restart your ADSL router. It has the same effect as resetting your ADSL router by pressing the appropriate reset button on the hardware.

To restart your system:

1. From the System menu, click on Restart. The following page is displayed:

2. Click on the Restart button to reset the ADSL router. The Restart page also provides you with the option of restarting

and restoring the factory default settings. Click in the Reset to factory default settings box to check it, then click on the Restart button. Read the console status output to check how

the reset is progressing.

3. Once the login and password prompt is displayed at the console, you can login as usual (with login = admin, password = admin), then refresh the browser that is running. The Status page is displayed and your ADSL router has been reset.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

5.2 Configuration

The Configuration menu contains options for configuring features on your ADSL router including basic LAN and WAN connections and DHCP and DNS settings. Most of the features contain sensible default settings. You are unlikely to have to reconfigure every feature included in the Configuration menu.

From the left-hand menu, click on Configuration. The following subheadings are displayed:

• Save config; allows you to save your current configuration to Flash memory.

• Authentication; allows you to create, edit and delete user accounts.

• LAN connections; allows you to edit your LAN port IP address, create and edit a secondary IP address and create new LAN services.

• WAN connections; allows you to create, edit and delete WAN services.

• IP routes; allows you to create, edit and delete IP routes.

5.2.1 Save configuration

• DHCP server; allows you to enable, disable and configure your DHCP server.

• DNS client; allows you to enable, disable and configure DNS client.

• DNS relay; allows you to enable, disable and configure DNS relay.

• Security; allows you to configure Security, Firewall, NAT and Intrusion Detection.

• SNTP client; allows you to enable, disable and configure SNTP client.

• Ports; allows you to configure the ports available on your ADSL router.

To save your current configuration to Flash memory:

1. From the Configuration menu, click on Save config. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

2. Click on the Save button to save your current configuration to flash.

5.2.2 Authentication

After a short time the configuration is saved and the following confirmation message is displayed:

Saved information model to file //flashfs/im.conf

This option allows you to administer accounts for users who access the ADSL router. To create, edit or delete user accounts:

1. From the Configuration menu, click on Authentication. The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

2. The Authentication page contains a table showing all current login accounts. It contains the following information:

 User name

 May login? status; whether the user can login to the

system (true) or dialin to the system (false)

 Comment describing the user (optionally added when an

account is created)

3. To create a new login account:

 Click on the Create a new user button. The following page is

displayed:

 Type details for the new user into the username,

password and comment text boxes, and select a May

true means that the user can login but not dialin

false means that the user can dialin but not login

 Click on the Create button. The Authentication page is

displayed. The table now contains details for the user that you have just created.

The Authentication page table contains an Edit user hyperlink for each user account entry. Click on a link. The following page is displayed:

This page allows you to:

• update details for a specific user account. Modify the necessary text boxes then click on the Apply button.

• delete a user account. Click on the Delete this user button.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Once you have edited or deleted a user account. the Authentication page is displayed and the table reflects any changes that you have made on the edit user page.

5.2.3 LAN Connections

This option allows you to:

• configure the IP address and subnet of the default LAN connection to the ADSL router.

• create/delete LAN services. The type of services that you can create depend on the image that you are booting and the ADSL router that you are using.

1. From the Configuration menu, click on LAN connections. The following page is displayed:

2. This page displays a table that lists all existing LAN services. The

table contains the following information:

• Name of the LAN port used by the service

• Description of the service added when the service was created

• Creator; which management entity the service was created in

3. To create your own LAN service:

a. Click on the Create a new service command. A page

containing the service options available to you (depending on the image that you are using) is displayed. Select the service that you want to create.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

b. Click on the Configure button to display the service configuration page. You need to enter information specific to the service that you are creating.

c. Click on Apply. The LAN connections page is displayed. The table now contains details of the service that you have just created.

4. To delete a LAN service:

a. Click on the LAN service description link. Check the

details of the LAN service you want to delete, then click on

Delete this connection.

To update your primary or secondary IP address:

1. At the LAN connections page, click on the change default LAN port IP address button. The following page is displayed:

This page contains the Default LAN Port table that allows you to:

2. configure the Primary IP address and subnet mask for the IP interface.

3. create or configure a Secondary IP address and Subnet mask for the interface.

4. A Secondary IP address is usually used if you have defined two subnets on a LAN and wish to route them through the same IP interface.

5. Once you have configured your address(es), click on the Apply button. A message is displayed confirming that your address information is being updated. You may need to enter the IP address in your web browser address box.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

5.2.4 WAN Connections

This option allows you to create and configure WAN connections for your ADSL router.

1. From the Configuration menu, click on WAN connections. The WAN connections page is displayed:

2. This page contains a table that displays the current WAN connections or services which have been defined. To define a new WAN service:

a. Click on Create a new service A page is displayed containing a list of WAN service options. The options available on this page are determined by the image which is running on the ADSL router.

b. Select an option, then click on Configure. You need to add detailed configuration information about the WAN service that you are creating.

c. Click on Apply. The WAN connections page is displayed. The table now contains details of the service that you have just created.

3. Each service on the WAN connections page has an Edit and a Delete link associated with it. To edit a service:

a. Click on the Edit link.

b. Change the values for the existing service, then click on

Change. The page is reset and the new values are displayed.

To delete a service:

a. Click on the Delete link.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

b. Check the details displayed, then click on the Delete this connection button.

5.2.5 IP Routes

This option allows you to create static IP routes to destination addresses via an IP interface name or a Gateway address. From the Configuration menu, click on IP routes. The Edit Routes page is displayed:

This page lists the following information about existing routes:

• Destination IP address

• Gateway address

• Netmask address

This page also allows you to:

• Edit the destination, gateway and netmask address of a route. Click in the relevant text box, update the information then click on Apply.

• Edit the cost and interface setting for the route. Click on the Advanced Options hyperlink for a specific route, and update the relevant information. Click on OK.

• Create a new IP V4 Route.

To create a route:

1. Click on the Create new Ip V4 Route hyperlink. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

5.2.6 DHCP Server

2. Complete the Create IP v4 Route form in order to configure the route.

3. When you have entered all the details, click on OK. The Edit Routes page is displayed. The table now contains details of the route

that you have just created.

This option allows you to enable and configure the DHCP server on your ADSL router.

From the Configuration menu, click on DHCP server. The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

The DHCP server page displays the current status of the DHCP server. The values listed above are the default settings for DHCP server. Once the DHCP server or Relay is enabled, information about any subnets which have been defined will also be displayed.

To change the configuration of the DHCP server, click on Configure.

The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

This page allows you to:

• Set the DHCP address range (or use a default range of 20 addresses).

• Set the global default and maximum lease times.

• Set your ADSL router to give out its own IP address as the DNS Server address.

• Set the Primary and Secondary DNS Server addresses.

• Set your ADSL router to give out its own IP address as the default Gateway address.

Once you have entered new configuration details for your DHCP server, click on Apply.

If you want to carry out further configuration of your DHCP Server, click on the Advanced Options page at the bottom of the DHCP configuration page. The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

5.2.7 DNS Client

This page allows you to edit the options that appear on the DHCP Server page.

This option allows you to:

• create a list of server addresses. This enables you to retrieve a domain name for a given IP address.

• create a domain search list. DNS client uses this list when a user asks for the IP address list for an incomplete domain name.

From the Configuration menu, click on DNS client. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

To configure DNS servers:

5.2.8 DNS Relay

1. Type the IP address of the unknown domain name in the DNS servers: text box.

2. Click on Add. The IP address appears in the DNS servers table. You can add a maximum of three server IP addresses. Each IP address entry has a Delete button associated with it. Click on Delete to remove an IP address from this list.

To configure DNS search domains:

1.Type a search string in the Domain search order: text box.

2.Click on Add. The search string is displayed in the Domain search

order table. You can add a maximum of six search strings. Each search string entry has a Delete button associated with it. Click on Delete to remove a string from this list.

This option allows you to enable, disable and configure DNS relay. From the Configuration menu, click on DNS relay. The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

The default setting for DNS relay is disabled. To enable and configure DNS relay:

1. Click on the Enabled radio button.

2. Click on the Configure button. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

This page allows you to add the IP address of a DNS Server to DNS relay’s list of server IP addresses.

3. Type an IP address in the DNS server IP address text box. Click on the Apply button.

The Configure the DNS relay button displays the configuration page and allows you to disable or configure a new DNS relay address.

5.2.9 Security

This option allows you to configure Security, NAT and Firewall:

• Security - allows you to:

• enable Security.

• configure Security interfaces.

• configure triggers.

• NAT - allows you to:

• enable NAT between interfaces.

• configure global addresses.

• configure reserved mapping.

• Firewall - allows you to:

• enable Firewall and Firewall Intrusion Detection settings.

• set the Firewall security level.

• configure Firewall policies, portfilters and validators.

• configure Intrusion Detection settings.

• configure Alerting.

From the Configuration menu, click on Security. The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

This page contains the default Security settings.

Enabling Security

You must enable Security before you can enable Firewall and/or Intrusion Detection. With NAT enabled Security is enabled by default. In the Security State section:

Click on the Security Enabled radio button.

2. Click on Change State to update the Security State section.

Enabling Firewall and/or Intrusion Detection

You must create a security interface before you can enable Firewall and/or Intrusion Detection.

Once you have created a security interface:

1. Click on the Firewall Enabled and/or Intrusion Detection

Enabled radio buttons.

2. Click on Change State to update the Security State section.

Setting a default security level

You must have Security and Firewall enabled in order to set a default Security level.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

1. From the Security Level section, click on the Security Level drop-

down list.

2. Click on the level that you want to set; none, high, medium or

low.

3. Click on the Change Level button.

Configuring security interfaces

Security interfaces are based on existing LAN services. You must create a LAN service for every security interface that you want to configure.

1. From the Security Interfaces section, click on Add Interface. The

Firewall: Add Interface page is displayed:

2. Click on the Name drop-down list and select the LAN service that

you want to base your security interface on.

3. Click on the Interface Type drop-down list and specify what kind of interface it is depending on how it connects to the network; external, internal or DMZ.

4. Click on Apply. The Security page is displayed. The Security Interfaces section contains a table that displays information about

each security interface that you have created:

• Name - name of LAN service that the security interface is based on

• Type of network connection specified

• NAT setting It contains hyperlinks that allow you to configure NAT.

• Delete Interface... hyperlink. Click on this to display the Security:

Delete Interface page. Check the interface details, then click on the Delete button.

Configuring NAT

To configure NAT, you need to:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

1. Enable Security.

2. Create at least two different security interface types based on existing LAN services.

3. Once you have created more than one security interface, the NAT column in the Security Interfaces table tells you that you can enable NAT between the existing security interface and a network interface type. For example, if you create an external interface and an internal interface, your table will look like this:

4. The NAT column for the external interface tells you that you can enable NAT to internal interfaces. If you also had a DMZ interface configured, this column would also include an Enable NAT to DMZ

interfaces button. To enable NAT between the external interface and the internal interface type, click on Enable NAT to internal interfaces. The Security page is refreshed and NAT is enabled. To disable NAT between these interfaces, click on Disable NAT to internal interfaces.

Once you have enabled NAT between interfaces, you can:

• configure global addresses.

• configure reserved mapping.

Configuring NAT global addresses

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Global address pools allow you to create a pool of outside network addresses that is visible outside your network. Before you can configure global addresses, you need to configure NAT.

If you want to set up a global address pool on your existing NAT enabled interfaces:

1. From the NAT Security Interfaces table, click on the Advanced NAT Configuration hyperlink for the interface that you want to add a global pool

to. The following page is displayed:

2. Click on Add Global Address Pool The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

3. This page allows you to create a pool of network IP addresses that are visible outside your network. Add values for the following table entries:

• Interface type; the internal address type that you want to map your external global IP addresses to. Click on the drop-down list and select an interface type.

• Use Subnet Configuration; there are two ways to specify a range of IP addresses. You can either Use Subnet Mask (specify the subnet mask address of the IP address) or Use IP Address Range (specify the first and last IP address in the range). Click on the drop-down list and select a method.

• type in the IP Address that is visible outside the network

• Subnet Mask/IP Address 2; the value you specify here depends on the subnet configuration that you are using. If you chose Use Subnet

Mask, type in the subnet mask of the IP address. If you chose Use IP Address Range, type in the last IP address in the range of addresses

that make up the global address pool.

4. Once you have configured the table, click on Add global address pool. The table is refreshed and the global address pool is added to

your NAT configuration.

To delete a global address pool, click on the Delete hyperlink, then click on the Delete Global Address Pool button.

Click on Return to Interface List to display the Security Interface Configuration page.

To create a reserved mapping, click on the Add Reserved Mapping hyperlink.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Configuring NAT reserved mapping

Reserved mapping allows you to map an outside security interface or an IP address from a global pool to an individual IP address inside the network. Mapping is based on transport type and port number. Before you can configure reserved mapping, you need to configure NAT.

If you want to set up a reserved mapping on your existing NAT enabled interfaces:

1. From the NAT Security Interfaces table, click on the Advanced NAT Configuration hyperlink for the interface that you want to add

reserved mapping to. The Advanced NAT Configuration page is displayed.

2. Click on the Add Reserved Mapping hyperlink. The following page is displayed:

3. This page allows you to configure your reserved mapping. Add

specific values for the following table entries:

• Global IP Address; if you are mapping from a global IP address, type the address here. If you are mapping from a security interface, type 0.0.0.0.

• Internal IP Address; the IP address of an individual host inside your network.

• Transport Type; specify the transport type that you want to map from the outside interface to the inside.

• Port Number; the port number that your transport uses.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

4. Once you have configured the table, click on Add reserved mapping. The table is refreshed and the reserved mapping is added

to your NAT configuration.

To delete a reserved mapping setup, click on the Delete hyperlink, then click on the Delete Reserved Mapping button.

Click on Return to Interface List to display the Security Interface Configuration page.

Configuring Firewall policies

A policy is the collective term for the rules that apply to incoming and outgoing traffic between two interface types. Before you can create a Firewall policy, you need to enable Firewall.

To create and configure a Firewall policy:

1. Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration. Click on Firewall Policy Configuration The Firewall Policy Configuration page is displayed.

2. Click on New Policy The Firewall Add Policy page is displayed:

3. This page allows you to configure your Firewall policy. Add

specific values for the following entries:

• Set the interface types that you want to create a policy between by selecting a type from each of the Between interfaces of types drop down lists.

• Set the policy to either block only traffic specified in validators, or allow only traffic specified in validators.

Click on Apply. After a short time, the policy is added to the Firewall configuration.

To display policy details, click on Return to Policy List. The page is refreshed and contains a Current Firewall Policies table:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

The table contains details of each Firewall policy. You can now configure the policies to include portfilters and validators.

Configuring portfilters

A portfilter is an individual rule that determines what kind of traffic can pass between two interfaces specified in an existing policy.

To configure a portfilter:

1. From the Current Firewall Policies table, click on the Port Filters link for the policy that you want to configure. The page displayed contains three Add Filter hyperlinks that allow you to

create three different kinds of portfilter:

• For a TCP portfilter click on Add TCP Filter. The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

Specify the start and end of the port range for the TCP protocol that you want to filter. For Information on application port numbers, see

http://www.ietf.org/rfc/rfc1700.txt. Then use the Direction drop-down

lists to specify whether you want to allow/block inbound traffic, and allow/block outbound traffic. Click on Apply. The Firewall Port Filters page is displayed, containing details of the TCP portfilter that you have just added.

• For a UDP portfilter click on Add UDP Filter. The Firewall Add UDP Port Filter page is displayed. For details on how to complete the table, follow the above instructions for adding a TCP portfilter.

• For a non-TCP/UDP portfilter click on Add Raw IP Filter. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

Specify the protocol number in the Transport Type text box, for example, for IGMP, enter protocol number 2. For more information on protocol numbers, see http://www.ietf.org/rfc/rfc1700.txt. Then use the Direction drop-down lists to specify whether you want to allow/block inbound traffic, and allow/block outbound traffic. Click on Apply. The Firewall Port Filters page is displayed, containing details of the IP portfilter that you have just added.

Each portfilter displayed in the Firewall Port Filters page has a Delete hyperlink assigned to it. To delete a portfilter, click on this link, then at the confirmation page, click on the Delete button. The portfilter is removed from the Firewall configuration.

Configuring validators

A validator allows/blocks traffic based on the source/destination IP address and netmask. Traffic will be allowed or blocked depending on the validator configuration specified when the policy was created.

To configure a validator:

1. From the Current Firewall Policies table, click on the Host Validators link for the policy that you want to configure. The Configure Validators page is displayed. Click on the Add Host Validator link. The following page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

2. In the Host IP Address text box, type the IP address that you want to allow/block.

3. In the Host Subnet Mask text box, type the IP mask address. If you want to filter a range of addresses, you can specify the mask, for example, 255.255.255.0. If you want to filter a single IP address, use the specific IP mask address, for example, 255.255.255.255.

4. Click on the Direction drop-down list and select the direction of traffic that you want the validator to filter.

5. Click on Apply. The Configure Validators page is displayed, containing details of the host validator that you have just added.

6. Each portfilter displayed in the Configure Validators page has a Delete Host Validator hyperlink assigned to it. To delete a validator, click on this link, then at the confirmation page, click on the Delete Host Validator button. The validator is removed from the

Firewall configuration.

Configuring triggers

A trigger allows an application to open a secondary port in order to transport packets. The most common applications that require secondary ports are FTP and NetMeeting

To configure a trigger:

1. Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration. Click on Firewall Trigger Configuration

The Firewall Trigger Configuration page is displayed. There are no triggers defined at this time. Click on the New Trigger link. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

2. Configure the trigger as follows:

a. Transport Type; select a transport type from the drop-down

list, depending on whether you are adding a trigger for a TCP or a UDP application.

b. Port Number Start; type the start of the trigger port range that the primary session uses.

c. Port Number End; type the end of the trigger port range that the primary session uses.

d. Allow Multiple Hosts; select allow if you want a secondary session to be initiated to/from different remote hosts. Select block if you want a secondary session to be initiated only

to/from the same remote host.

e. Max Activity Interval; type the maximum interval time (in milliseconds) between the use of secondary port sessions.

f. Enable Session Chaining; select Allow or Block depending on whether you want to allow multi-level TCP session chaining.

g. Enable UDP Session Chaining; select Allow or Block depending on whether you want to allow multi-level UDP and TCP session chaining. You must set Enable Session Chaining

to Allow if you want this to work.

h. Binary Address Replacement; select Allow or Block depending on whether you want to use binary address replacement on an existing trigger.

i. Address Translation Type; specify what type of address

replacement is set on a trigger. You must set Binary Address Replacement to Allow if you want this to work.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

3. Once you have configured the trigger, click on Apply. The Firewall Trigger Configuration page is displayed, containing details of the

trigger that you have just configured.

4. Each trigger displayed in the Firewall Trigger Configuration page has a Delete hyperlink assigned to it. To delete a trigger, click on this link, then at the confirmation page, click on the Delete button. The Firewall Trigger Configuration page is displayed and details of

the deleted trigger have been removed. There are two hyperlinks on the page:

a. To add a new trigger, click on New Trigger.

b. To display the Security Interface Configuration page, click on

Return to Interface List.

Configuring Intrusion Detection Settings

Intrusion Detection settings allow you to protect your network from intrusions such as denial of service (DOS) attacks, port scanning and web spoofing.

To configure Intrusion Detection settings:

1. Go to the Policies, Triggers and Intrusion Detection section of the Security Interface Configuration page. Click on Configure Intrusion Detection The Firewall Configure Intrusion Detection page is displayed:

2. Configure Intrusion Detection as follows:

a. Use Blacklist; select true or false depending on whether you

want external hosts to be blacklisted if the Firewall detects an intrusion from that host. Use Victim Protection; select true or false depending on whether you want to protect a victim from an attempted web spoofing attack.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

b. DOS <this says Dos on the web page - it should be DOS (it’s an acronym) Attack Block Duration; type the length of time (in seconds) that the Firewall blocks suspicious hosts for once a DOS attack attempt has been detected.

c. Scan Attack Block Duration; type the length of time (in seconds) that the Firewall blocks suspicious hosts for after it has detected scan activity.

d. Victim Protection Block Duration; type the length of time (in seconds) that the Firewall blocks packets destined for the victim of a spoofing style attack. Maximum TCP Open Handshaking Count; type in the maximum number of unfinished TCP handshaking sessions (per second) that are allowed by Firewall before a SYN Flood is detected.

e. Maximum Ping Count; type in the maximum number of pings (per second) that are allowed before the Firewall detects an Echo Storm DOS attack.

f. Maximum ICMP Count; type in the maximum number of ICMP packets (per second) that are allowed by the Firewall before an ICMP Flood DOS is detected.

3. Once you have configured Intrusion Detection, click on Apply. The Intrusion Detection settings are applied to the Firewall, and the Security Interface Configuration page is displayed.

Configuring Alerting

Alerting allows you to configure your router to contact you by email or paging when it detects an intruder attacks has been attempted.

To configure alerting:

1. Go to the Configure Alerting,

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

2. Next enter the email/contact details for those recipients that should be contacted if there is an intrusion. For example, to enter the setting to be emailed if the router detects an intrusion….

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

3. Click on Change to store the settings. Please note that, if you

have the firewall enabled, you must open up port 25 for email and port 444 for pager alert.

5.2.10 IPSec

See separate Chapter later on for details about how to configure IPSec.

5.2.11 PPTP

See separate Chapter later on for details about how to configure PPTP.

5.2.12 L2TP

See separate Chapter later on for details about how to configure L2TP.

5.2.13 Ports

This option allows you to configure the ports available on your ADSL router, depending on the type of image that you are booting.

To configure ports:

From the left-hand menu, click on Configuration. From the Configuration menu, click on Ports. A sub-list of ports available on your ADSL router is displayed.

ADSL

Ethernet

ADSL Port Configuration:

1. From the Ports menu, click on ADSL. The ADSL Port Configuration

page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

The page displays basic port attributes for the ADSL port on your ADSL router.

2. Certain attributes on the ADSL Port Configuration page such as

the version number and connection status cannot be changed, but some attributes can be configured. Update your port attributes, then click on Apply to update the configuration, or Reset to revert back to the default settings.

3. You can carry out advanced configuration of your ADSL port

attributes. From the ADSL Port Configuration page, click on View advanced attributes. The Advanced ADSL Port Configuration page is displayed.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

4. Update the port attributes that are available for editing, then click

on Apply to update the advanced configuration, or Reset to revert back to the default advanced configuration settings. Click on the Return to basic attribute list to return to the ADSL Port Configuration page. Please note: DON’T ALTER ANY OF THE SETTINGS ON

THIS PAGE UNLESS YOU KNOW WHAT YOU ARE DOING.

Ethernet Port Configuration:

1. From the Ports menu, click on Ethernet. The Ethernet Port

Configuration page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

The page displays basic port attributes for the Ethernet port on your ADSL router.

2. Certain attributes on the Ethernet Port Configuration page such as

3. You can carry out advanced configuration of your Ethernet port

attributes. From the Ethernet Port Configuration page, click on View advanced attributes. The Advanced Ethernet Port Configuration page is displayed.

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

5.3 802.11b

5.3.1 Attributes

4. Update the port attributes that are available for editing, then click

on Apply to update the advanced configuration, or Reset to revert back to the default advanced configuration settings. Click on the Return to basic attribute list to return to the Ethernet Port Configuration page. . Please note: DON’T ALTER ANY OF THE SETTINGS ON THIS PAGE UNLESS YOU KNOW WHAT YOU ARE DOING.

This option allows you to configure wireless LAN card. From the

802.11b menu, click on Attributes. The Attributes page is displayed:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

5.3.2 Wireless setting

Certain attributes on the 802.11b Attributes page such as the version number and connection status cannot be changed, but some attributes can be configured. Update your 802.11b Attributes, then click on Configure to update the configuration.

Normally the only parameters you will need to alter will be the ESSID string and the DefaultChannel. If you want to enable WEP then you must enable WEP and enter either ‘64bit’ or ‘128bit’ in the WepEncyrption field.

LAN connections

From the Configuration menu, click on LAN connections. The following page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

To create your own LAN service:

Click on the Create a new service command. A page containing the service options available to you (depending on the image that you are using) is displayed. Select the service that you want to create. Select Ethernet bridged.

b. Click on the Configure button to display the service configuration page. You need to enter information specific to the service that you are creating.

•Description; Name of the wireless port used by the service

•Port; Click on the Port drop-down list and select wireless1.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

c. Click on Apply. The LAN connections page is displayed. The table now contains details of the service that you have just created.

802.11b

From the 802.11b menu, click on Attributes. The Attributes page is displayed:

Chapter 5. The Configuration Screens in More Detail Solwise SAR715PVW ADSL Ethernet Router User’s Guide

5.3.3 WEP setup

Wireless Clients setting

One Laptop PC or notebook with wireless card, connects SAR715PVW.

Configuration mode : Infrastructure

ESSID : The same as ESSID value on SAR715PVW 802.11b Attributes page.

In order to enable WEP security you need to do three things:

1. Select the WEP encryption required in the “WEP

Encryption” edit box (i.e. ‘disabled’, ‘64bit’, or ‘128bit’)

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 5. The Configuration Screens in More Detail

2. Next in the “Default Tx Key” select the key entry you are

going to use e.g. if you are going to use the key “Mode64Key0” entry then enter ‘0’.

3. Finally enter the key in the key field. Please note the

numbers must be entered as 5 two digit hex numbers for 64 bit wep and 13 two digit hex numbers for 128 bit wep. Each two digit number must be separated with dashes e.g 12-A3-DE-54-76

After you’ve entered your wep parameters remember to click on Apply at the bottom of the page and

then save your configuration.

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

6 VPN Configuration

6.1 Enabling the Firewall

Because the VPN server software in the P series router works in association with the firewall, before enabling VPN configuration you must first of all enable the firewall on the Configuration/Security page:

Next you must ensure that you have setup a ‘Firewall Policy Configuration’ to enable the VPN traffic in. To do this click on the ‘Firewall Policy Configuration’ link on the bottom of the Security page:

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 6. VPN Configuration

Make sure you have and external-internal policy listed. If you don’t then click on Add Policy to configure this.

Next you need to add the required port filters:

Please note TCP is Transport Type 6 UDP is Transport Type 17.

The important filter entries are as shown above EXCEPT TCP (Transport Type 6) for ports 8481, 8000, and 443 – these are ports we have open on our router to enable secure server and web cam. You must add port filter rules for any reserved mappings (port forwarding) that you have entered in order to allow the traffic through.

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

6.2 IPSec VPN Configuration

6.2.1 Pre-Shared Key

IPSec is defined by the IETF as a standard approach for establishing a secure connection across an IP network. Your router supports all three types of IPSec protocols: AH, ESP, and IPCOMP.

IPSEC Settings Overview (Example):

Office LAN/WAN Settings for Main Office

LAN/WAN Settings for Branch

Negotiation ID: remote@Pheenet.com

Intranet address: 192.168.1.0

Intranet subnet mask: 255.255.255.0

Tunnel ID: main@ Pheenet.com

Termination address: 66.122.47.30

Authentication Method: Pre-shared Key

Tunnel shared key: test

Tunnel type: Public

IKE life duration: 3600

IKE hash: SHA

IKE encryption: DES

IPSEC operation: ESP

ESP transform: DES

ESP AUTH: Null or HMAC_MD5

Negotiation ID: main@ Pheenet.com

Intranet address: 192.168.2.0

Intranet subnet mask: 255.255.255.0

Tunnel ID: remote@ Pheenet.com

Termination address: 66.122.62.184

Authentication Method: Pre-shared Key

Tunnel shared key: test

Tunnel type: Public

IKE life duration: 3600

IKE hash: SHA

IKE encryption: DES

IPSEC operation: ESP

ESP transform: DES

ESP AUTH: Null or HMAC_MD5

It is assumed that you have previously configured your router using the configuration instructions given above before proceeding to configure your VPN settings.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 6. VPN Configuration

1Log in to your Web Configuration tool. From the left frame, click

Configuration and then click the

IPSEC link. Set your Negotiation ID.

• For Aggressive Mode use a string like remote@ Pheenet.com

• For Main Mode use the WAN IP address of your Branch Office

(remote) VPN router

(our example shows a setup in Aggressive Mode)

2Next enter the Intranet address. The Intranet address will tell the

remote gateway the IP address of the network the local gateway is protecting.

3Now enter the Intranet subnet mask. The Intranet subnet mask

will specify the size of the network it is protecting. A setting of

255.255.255.0 will indicate a Class C network. In our example, we

use the Intranet address 192.168.1.0 and a subnet mask of

255.255.255.0.

4 Now click on Add Endpoint to add information regarding the

target site. A page will load regarding tunnel settings. Fill out all the required fields. The list below provides details about each field.

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

• Endpoint ID: This must correspond with the remote gateway’s

Negotiation ID. For instance, the Branch office, with a Negotiation

ID of remote@Pheenet.com, will use a Tunnel ID of

main@Pheenet.com

(which is the Negotiation ID of the Main office). Or, in Main Mode, the Tunnel ID will be the WAN IP address of the Main Office VPN Router (in our example, 66.122.47.30).

• Termination address: the IP address of the external interface of the VPN router.

• Authentication Method: Pre-shared Key.

• Tunnel Shared Key: Both gateways must use the same value.

• Tunnel Type: Public uses the ESP protocol only and Private

provides UDP encapsulation for NAT traversal. We are using ports 2787 (ESP), 2788 (AH), and 2845 (IPCOMP). Public should be used for initial testing.

• IKE life duration/IKE Hash/IKE Encryption/IPSec Operation/ESP: When negotiating Pheenet VPN IPSec to Pheenet

VPN IPSec, it is not critical to match up these settings on both servers. The routers have the ability to respond to and initiator’s negotiation and handle it accordingly, without detecting a mismatch in policy and rejecting the negotiation.

• Target Host: Select IP Subnet from the drop-down menu for Pool

Type. Then enter the IP address and Subnet Mask of the Remote gateway’s protected network in the remaining fields.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 6. VPN Configuration

For example:

Please note that the subnet for the endpoint must different than the subnet used on your local LAN. If you don’t specify a different subnet for the destination then your computer wont know to send the IP data to the router for forwarding to the other site when you want to access an of site system ☺

Click ‘Add Endpoint’ when you have entered the settings:

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

NOTE:

as we have configured the Branch Office VPN Router (remote@Pheenet.com) above, except for using the settings for the Main Office as shown on page 5.

Once you have configured both sides of the connection, you can test the tunnel using PING. To verify that your tunnel is working, ping the IP address of a computer on the remote network. If you merely ping the main network, it will only trigger phase 1 and 2 negotiations. You will only receive a reply if you ping an actual IP address on the network, such as the router WAN IP address. You can use Microsoft HyperTerminal to view phase 1 and 2 negotiations.

You must configure the Main Office VPN Router (main@Pheenet.com)

6.2.2 Digital Signature VPN Configuration

IPSec is defined by the IETF as a standard approach for establishing a secure connection across an IP network. Your router supports all three types of IPSec protocols: AH, ESP, and IPCOMP.

PKCS10 is a Certificate Request Syntax Standard that uses a Digital Signature.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 6. VPN Configuration

IPSEC PKCS10 Settings Overview (Example):

LAN/WAN Settings for Branch Office

Negotiation ID: remote@Pheenet.com

Intranet address: 192.168.1.0

Intranet subnet mask: 255.255.255.0

Termination address: 66.122.47.30

Authentication Method: Digital Signature

Tunnel shared key: yourvalue

It is assumed that you have previously configured your router using the installation instructions given above before proceeding to configure your VPN settings.

1Log in to your Web Configuration tool. From the left frame, click

Configuration and then click the IPSEC link. When the page loads, from the folder list in the main frame, click PKCS10 Certificate Request.

LAN/WAN Settings for Main Office

Negotiation ID: main@ Pheenet.com

Intranet address: 192.168.2.0

Intranet subnet mask: 255.255.255.0

Termination address: 66.122.62.184

Authentication Method: Digital Signature

Tunnel shared key: yourvalue

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

2Fill in the Common Name field with any name you would like (in

the example, we use “Mobius”). Remember this, as you will need to enter it again later in the configuration.

3From the Key Type drop-down menu, choose RSA and then set

the Key Length to 128.

4All remaining fields are optional except for the Subject Alternative

Name. Enter the Subject Alternative Name with both an email address and your router’s WAN port IP address (example: Ip=66.122.47.30;email=remote@Pheenet).

NOTE:

Alternative Name field will give you the flexibility for negotiating both Main Mode and Aggressive Mode successfully with certificates. What you enter into the Subject Alternative Name field in the PKCS10 request will be checked against the ID sent for phase 1 Negotiation ID. If the Subject Alternative Name field is left blank when creating this PKCS10 request, negotiations will fail with the remote peer because the ID actually being sent is the Negotiation ID, which does not match the blank ID inside the certificate.

Entering both an IP address and an email address into the Subject

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 6. VPN Configuration

5 Now click the Generate pkcs10 Request button at the bottom of

the page. This will send the attributes to the router, which will generate the private key pair and send a user certificate back to the Management Interface in the form of a PKCS10 request. The user certificate will appear. Select all the text shown and copy it.

6You now need to access a Certificate Authority server of your

choice. You can use http://isakmptest.ssh.fi/cgi-bin/nph-real-

cert/cert.pem, as we do in the example. In a new browser window,

enter the URL of your desired server or the one listed above. Paste the user certificate text that you copied in step 5 into the box on the CA server and follow the steps to reach a final certificate. Copy the text of the final certificate.

7Back in the Web Configuration tool, in the folder list, click the

Certificate Information link. If not already showing, click the User Certificate tab at the top of the window. Click the Replace button.

The “Import Certificate” window will pop up. Enter the Common Name, as you entered it in step 2 (it was “Mobius” in the example). Then paste the text of the final certificate (from step 6) into the text box and click OK.

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

8 Back in your browser window that you used to go to the CA

server in step 6, enter http://isakmptest.ssh.fi/certs/ca1.pem in the address bar and hit enter. This will give you the Root CA in pem format. From the Edit menu in the browser, choose select all. The text will then be highlighted and then, again from the Edit menu, choose Copy.

9 Now switch back to the router’s Web Configuration window.

Click the CA Certificate tab near the top of the window and then click Add. Paste the Root CA, that you copied in step 8, into the window. Enter “Test CA1” as the common name and click OK. Then from the bottom of the page, click the Add Policy button.

NOTE:

CA1” as the common name.

The CA Certificate for the Main office VPN router must also use “Test

10Now, from the folder list in the Web Configuration tool, click the

topmost folder. A page will appear. Enter your Negotiation ID,

remote@Pheenet.com (for our example. You must enter what you

entered as Subject Alternative Name in Step 4). Also enter your Intranet address and Intranet subnet mask.

11Next, right-click the folder showing the name of your

Negotiation ID and choose Add Tunnel. A page will appear. Enter

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 6. VPN Configuration

your Tunnel ID, termination IP address, and choose Digital Signature as your Authentication Method.

NOTE:

as we have configured the Branch Office VPN Router (remote@Pheenet.com) above, except for using the settings for the Main Office as shown on page 9. You must use a different Common Name, IP address, and email address in the Subject Alternative Name when generating the PKCS10 request.

You must configure the Main Office VPN Router (main@Pheenet.com)

6.3 PPTP Access Concentrator (PAC) and L2TP Access Concentrator (LAC) Configuration

It is assumed that you have previously configured your router using the installation instructions given above before proceeding to configure your VPN settings.

1Log in to your Web Configuration tool. From the left frame, click

Configuration and then click the PPTP or L2TP link, depending on

your needs.

Please note that the IP range specified in your IP pool must be a different subnet than that used on your local LAN. If you don’t specify a different subnet for the destination then your computer wont know to send the IP data to the router for forwarding to the remote user when you want to access the off site computer ☺

2From the User Authentication section, click the Set up users link.

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

3The “Authentication” page will appear. Click the Create a new

user link.

4The “Authentication: Create User” page will appear. Enter a new

user name and password. Select true for the “may dial in?” field and then select your access level. The access level determines what a user can do in the configuration. Below is a list of the functions a user can edit based on their access level.

Solwise SAR715PVW ADSL Ethernet Router User’s Guide Chapter 6. VPN Configuration

• User (Default): view status, change Quick Start settings, view error log, restart the router, save the configuration

• Firewall (Engineer): All configurations, except IPSec, PPTP, firmware upgrade and authentication

• Admin (Superuser): All configurations

Click the Create button and then from the left frame, in the

Configuration section, click Save Configuration.

Proceed to the next page to configure your PPTP or L2TP ClientInitiated Tunneling with Pheenet VPN concentrator.

6.4 Configuring PPTP or L2TP Client-Initiated Tunneling with VPN Concentrator

Configuration shown is the Windows 2000 Client for PPTP or L2TP. It is assumed that you have already created suitable IP PPTP or L2TP IP pools on the router and also entered suitable user details (that is usernames and passwords).

6.4.1 Create two dial-up networking (DUN) connections

• One DUN connection to dial-in to the ISP. Refer to your ISP for more information on this

• Another DUN connection for the L2TP tunnel

To create and configure the dial-up networking connection for L2TP, perform the following steps

Windows 200 client PC:

From the Start Menu, select Settings, then:

Control Panel --> Network and Dial-up Connections --> Make New Connection.

Use the Wizard to create a connection called L2TP. Make sure to

Chapter 6. VPN Configuration Solwise SAR715PVW ADSL Ethernet Router User’s Guide

select Connect to a private network through the Internet in

Network Connection Type window.

the

The new connection (named L2TP) appears in the Network and Dial-up Connections under to edit the

Properties.

Control Panel. From here, right-click

Under the Networking Tab, make sure that the Type Of Server I Am Calling is set to L2TP.

Select TCP/IP protocol. Make sure that the connection is configured to obtain an IP address automatically.

6.4.2 Disabling IPSec on the Windows 2000 PC

Warning: Take adequate precautions (such as backing up the registry) prior to modifying the registry. You should also refer to the Microsoft website for the correct procedure to modify the registry.

To add the ProhibitIpSec registry value to your Windows 2000 based computer, use Regedt.exe to locate the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

Add the following registry value to this key:

Value Name: ProhibitIpSec Data Type: REG_DWORD Value: 1

Once the connection is configured, you can double click it to pop-up the login screen, then connect!

6.5 Basic Terms and Concepts

100

Solwise SAR715PVW Setup Instructions

Specifications and Main Features

Frequently Asked Questions

User Manual