XiNCOM XC-DPG503 User Manual

CUTTING EDGE INNOVATIONS.

Twin WAN VPN Gateway

         

      

XC-DPG503

Twin WAN VPN Gateway

Table of Contents

Introduction 4

Features 5

Physical Details 7

Basic Setup 9

Configuring your LAN 10

Connecting Broadband Modems 12

Configuring for Interent Access 13

Configuring your LAN PCs 14

Advanced Port 16

Port Options 17

Load Balance 18

Advanced PPPoE 19

Advanced PPTP 20

Advanced Setup 21

Host IP Setup 22

Virtual Server 23

Custom Virtual Server 24

Special Applications 25

Dynamic DNS 26

Multi DMZ 27

UPnP 27

Advanced Features 28

Security Management 30

Block URL 31

Access Filter 31

Session Limit 32

Firewall Exception 32

2

Table of Contents

QoS Configuration 33

VPN Configuration 34

IPSec Global Setting 35

Policy Setup 36

Management Assistant 38

SNMP 38

Email Alert 38

Syslog 39

Upgrade Firmware 40

Operation & Status 42

System Status 42

Restore Factory Defaults 43

WAN Status 43

LAN Status 43

Advanced LAN Configuration 44

Existing DHCP Server 44

Static Routing 45

Appendices 47

Appendix A 47

Appendix B 48

Appendix C 51

3

Chapter 1 - Introduction

XC-DPG503

Twin WAN VPN Gateway

Chapter Contents

• Introduction

• Features

• Physical Details

XiNCOM XC-DPG503 is a VPN capable Dual WAN Gateway with the industry standard IPsec encryption. It
provides extremely secure LAN-to-LAN connectivity over the Internet. The 503 supports VPN by encryption,
encapsulation, and authentication using the following methods: DES/3DES/AES, MD5, SHA-1 and SHA-2; up to
50 IPsec tunnels are permitted.

Use TWO ISPs for expanded bandwidth and redundancy

Using two separate ISPs provides redundant connectivity to the Internet. In the event that one ISP goes
down, the XC-DPG503 auto-fails over to the other ISP service. Redundancy to the Internet provides a
truly uninterrupted connection for a business’s customers while maintaining uptime and productivity for its
employees.

Robust Security Features

The XC-DPG503 also features NAT, a Stateful Packet Inspection (SPI) Firewall, DHCP server, Access
Filters, and VPN pass-through to secure a business’s network services. The Quality of Service (QoS) feature
schedules and directs a network’s traffic to take advantage of available bandwidth. The XC-DPG503 UPnP
support can dynamically open and close ports required by certain software automatically. Increased bandwidth
and redundant connectivity to the Internet provides cost-effective bandwidth solutions to expensive leased
telecommunication lines for your network infrastructure.

Package Contents

The following items should be included:

• XC-DPG503 Twin WAN VPN Gateway

• Power Adapter (5V)

• Quick Installation Guide

• CD-ROM containing the on-line manual.

• Two CAT RJ-45 Ethernet Cables

If any of the above items are damaged or missing, please contact your dealer immediately.

4

Features

Figure 1. How it works

Solid VPN Security

Full VPN Endpoint with
support for up to 50 VPN
tunnels using the IPSec
encryption protocol.

Figure 2. Load Balancing

Load Balance two concurrent broadband connections in any combination to expand a
network’s bandwidth to the Internet. The XC-DPG503 supports T1, xDSL, Cable, and Satillite
broadband connections.

Active connection from the ISP

The XC-DPG503 load balances
both inbound and outbound
traffic requests.

Built-in VPN Endpoint

Full VPN Endpoint with support for up to 50 VPN tunnels using the IPsec encryption protocol.

Multiple Connection Methods

All popular DSL and Cable Modems and connection methods are supported, including Fixed IP, Dynamic
IP, PPPoE, even multiple-session PPPoE.

2 x 10/100 WAN Ports

The XC-DPG503 incorporates dual 10/100 WAN ports, complete with auto-crossover for easy
connection to an existing network. All popular DSL and Cable Modems and connection methods are
supported, including Fixed IP, Dynamic IP, PPPoE, even multiple-session PPPoE.

4-Port 10/100 Switch

The XC-DPG503 incorporates a 4-port 10/100 N-Way Ethernet Switch, complete with auto crossover for
easy connection to an existing network.

Automatic Fail-over

If one broadband connection goes down all traffic is automatically re-routed through the second
broadband connection.

Stateful Packet Inspection (SPI) Firewall

Protects your network using advanced SPI against malicious and DDoS attacks.

Advanced NAT features

Access Filters, DMZ, DDNS, Remote Management, Dynamic or Static Routing, Special Applications,
Virtual Servers, SNMPv1.

Figure 3. Automatic Fail-over

In the event of one connection going down, all traffic is re-routed to the second WAN
port utilizing the live broadband connection from the second ISP. This provides true
redundancy to ensure a network remains connected to the Internet.

Active connection from the ISP
Inactive connection from the ISP

All incoming and outgoing
traffic from a LAN has an
uninterrupted connection to
the Internet when one of the
two connections fail.

Access Filter

Gain fine control over the Internet access and applications available to LAN users with a powerful URL
Blocking Engine. Five (5) user groups are available, and each group can have different access rights.

Block URL

Use this feature to block access to undesirable Web sites by LAN users. You can even have different
settings for different groups of PCs.

5

Features

Other Features:

DHCP Server Support

Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other
devices upon request. The XC-DPG503 can act as a DHCP Server for devices on your
local LAN.

Multi Segment LAN Support

LANs containing one or more segments are supported via the XC-DPG503’s built-in
static routing table.

ARP proxy

The ARP proxy feature allows you to assign an external (Internet) IP address to the
XC-DPG503’s LAN port. This allows Servers on your LAN to have external (Internet) IP
addresses.

Easy Setup

Use your favorite WEB browser for configuration.

Remote Management

The XC-DPG503 can be managed from any PC on your LAN. If the Internet connection
exists, the XC-DPG503 can be setup to be configured remotely via the Internet.

Password Protected Configuration

Optional password protection is provided to prevent unauthorized users from modifying
the XC-DPG503’s configuration data and settings.

Map Host URL

In addition to the DNS configuration, Map Host URL allows for users to select a URL to
map to the IP address of a local host.

QoS Configuration

You will be able to schedual and direct your network traffic to take advantage of your
available bandwidth. This function allows for specified packets with higher priority to pass­through such as Internet phone, video conference, and other real-time applications.

UPnP

UPnP dynamically opens and close ports required by certain software automatically.

HTTP Firmware Upgrade and backup

The web management feature allows you to use HTTP to upgrade new firmware and
backup system configuration from local or remote locations.

Email Alert

The XC-DPG503 will send an alert via email to the system administrator in the event a
single or both WAN connections go down.

Syslog

Generates real time system information on the web page or sends to a particular
computer. This is used for monitoring and diagnosis purposes.

6

Physical Details

Front Panel:

Twin WAN VPN Gateway

XC-DPG503

Operation of the Front Panel LEDs is as follows:

System:

Power

OFF - No Power.
ON - Normal Operation

Status

OFF - Normal Operation
ON - Firmware not loaded or Hardware Error
Blinking - Data in/out

WAN:

LINK/ACT

10M/100M

LAN:

LINK/ACT

10M/100M

ON - Physical connection to the Broadband modem on WAN port 1/2 established.
OFF - No physical connection on WAN port 1/2.

ON - Physical connection using 100BaseT on WAN port 1/2 established.
OFF - 10BaseT connection or no connection on WAN port 1/2.

ON - Physical connection or data in/out.
OFF - No physical connection.

ON - The corresponding LAN port is using 100BaseT.
OFF - 10BaseT connection on the corresponding LAN port or no connection.

7

Physical Details

Front Panel Status and Error conditions

LED Action Condition

WAN1 LINK/ACT & 10M/100M LEDs flash alternatively. Firmware Download in progress.
WAN1 LINK/ACT & 10M/100M LEDs flash concurrently. MAC address not assigned.
WAN1 LINK/ACT & 10M/100M LEDs solid On SDRAM error
WAN2 LINK/ACT & 10M/100M LEDs solid On Timer/Interrupt error
LAN1 LINK/ACT & 10M/100M LEDs solid On LAN/WAN error

Rear Panel:

LAN Ports WAN1WAN2 ResetDC 5V

Reset Button

WAN Ports

Connect the primary Broadband Modem to
WAN 1 and the second Broadband Modem
on WAN 2.

Press the Reset button once for a warm
reboot. To reset the XC-DPG503 to default
settings, press and hold the reset button for
30 seconds.

Default Settings

When the XC-DPG503 has finished booting, all configuration settings will be set to the factory defaults, including:

• The IP Address is set to its default value of 192.168.1.1 with a Network Mask of 255.255.255.0

• DHCP Server is enabled

• User Name: admin

• Password cleared (no password)

LAN Ports

Connect the PCs to these ports. Both 10BaseT and
100BaseT connections can be used simultaneously.

Note: Any port will automatically operate as an “Uplink” port if
required. Use a standard RJ-45 Ethernet cable to connect to
any port to another hub or switch.

8

XC-DPG503

Twin WAN VPN Gateway

Chapter Contents

• Overview

• Procedure

1. Configuring your LAN

2. Connecting Broadband Modems

3. Configuring for Internet Access

4. Configuring your LAN PCs

Chapter 2 - Basic Setup

Overview

Basic setup of your XC-DPG503 wil involve the following steps:

1. Connect the XC-DPG503 to one (1) PC and configure it to your existing LAN.

2. Connecting one or two Broadband Modems to your XC-DPG503.

3. Configuring the XC-DPG503 for Interent Access.

4. Configuring all PCs on your LAN to use the XC-DPG503.

Requirements:

• One or two Broadband modems (T1, xDSL, Cable, and Satillite) with an active account from your ISP(s).

• Two standard 10/100BaseT network (UTP) cables with RJ-45 connectors.

• TCP/IP network protocol must be installed on all PCs.

Broadband ModemsCAT5 Ethernet Cables

TCP/IP Enabled PCs

9

Configuring the XC-DPG503 for your LAN

a

Procedure

1.

Use a standard LAN cable to connect your PC to any LAN port on the XC-DPG503.

2.

Connect the power adapter and power up the XC-DPG503. Only use the power adapter
provided with the product; using a different one may cause hardware damage.

3.

Start your PC or restart your PC if it is already running. Once restarted, the PC will then
obtain an IP address from the XC-DPG503.

4.

Start your WEB browser.

5.

In the Address or Location box enter:
HTTP://192.168.1.1

6.

You will be prompted for the User Name and password, as shown in Figure 1.

7.

Enter admin for the “User Name” and leave the “Password” blank.

• The User Name is always set to admin

• You can and should set a password, using the following Admin Password screen

No Response?

Is your PC using a Fixed IP address?

If so, you must configure your PC to use an IP address within the range

192.168.1.2 to 192.168.1.254, with a Network Mask of 255.255.255.0. See
Appendix B – Windows TCP/IP Setup for details.

Be sure to check for the following:

• the XC-DPG503 is properly installed

• the Ethernet cable to the XC-DPG503 is properly attached

• the XC-DPG503 is powered ON

Figure 1. Password Dialog

Figure 2. Admin Password

XC-DPG503

8.

After the login, you will then see the Admin Password screen, as shown in Figure 2.
Assign a password in both the Password and Verify Password fields and press the
Submit button.

9.

From the setup menu, select Basic Setup and then LAN & DHCP from the submenu.
You will see a screen like the example in Figure 3.

10

Configuring the XC-DPG503 for your LAN

Figure 3. LAN & DHCP

Ensure these settings are suitable for your LAN:

• The default settings are suitable for many situations.

• See the following table for details of each setting.

11

Connecting two broadband modems

a

Procedure

1.

Ensure the XC-DPG503 and the DSL/Cable modem are powered OFF.
Leave the modem or modems connected to their data line.

2.

Connect the Broadband modem(s) to the XC-DPG503.
If using only one (1) Broadband modem, connect it to the “WAN 1” port.

3.

Use standard LAN cables to connect PCs to the LAN ports on the XC-DPG503.

Both 10BaseT and 100BaseT connections can be used simultaneously.

Use a standard CAT-5 Ethernet cable to connect any port on the XC-DPG503 to
a standard port on another hub. Any LAN port on the will automatically act as an
“Uplink” port when required.

4.

Power Up

Power on the Cable or DSL modem(s).

Connect the supplied power adapter to the XC-DPG503 and power up.

5.

Check the LEDs

The Power LED should be ON.

The WAN – Link LED should be ON when the corresponding WAN port is
connected toa broadband modem.

For each PC connected to the LAN ports, the corresponding LAN LED (either 10 or

100) should be ON.

Figure 4. Installation Diagram for XC-DPG503

LAN Ports WAN1WAN2 ResetDC 5V

Broadband Modem Broadband Modem

Local Area Network

12

Configuring for Internet Access

Figure 5. Primary Setup Screen

Select Primary Setup from the menu.

Configure WAN 1 and/or WAN 2 as required.

1.

For any of the following situations, refer to Chapter 3: Advanced Port Setup

2.
for any further configuration which may be required such as:

• Using both ports

• Multiple IP addresses on either port

• Multiple PPPoE sessions

• PPTP connection method

Settings - Primary Setup

Connection Mode Select the appropriate setting:

• Enable – Select this if you have connected a broadband modem to this port.

• Disable – Select this if there is no broadband modem connected to this port.

• Backup – Select Enable for the primary port, and Backup for the secondary port. The Backup port will only be used if the primary port fails.

Connection Type Check the requirements supplied by your ISP, and select the appropriate option.

• Static IP – Select this if your ISP has provided a Fixed or Static IP address. Then enter the data into the Address Info fields.

• Dynamic IP – Select this if your ISP provides an IP address automatically, when you connect. You can ignore the Address Info fields.

• PPPoE – Select this if your ISP uses this method (PPPoE software that is usually provided by your ISP is not required to be used when selecting this method).
If this method is selected, you must complete the PPPoE dialup fields.

Note: If using the PPTP connection method, select Static IP or Dynamic IP to correspond to the IP address method used by your ISP.

Address Info This is for Static IP users only. Enter the address information provided by your ISP. If your ISP provided multiple IP address, you can use the Multi-DMZ screen to

assign the additional IP addresses.

PPPoE / PPTP Dialup This is for PPPoE and PPTP users only.

• Enter the Username and Password provided by your ISP.

• If using PPTP, enable the PPTP Connection checkbox and enter the IP address of the PPTP server.

• Host name (Optional For PPPoE) - This field is used by a Host to uniquely associate an access concentrator to a particular Host request.

Note: There are additional PPPoE/PPTP options on the Port Options screen. To use multiple PPPoE sessions on either port, configure the Advanced PPPoE screen.

DNS If using a Fixed IP address, you MUST enter at least 1 DNS address. If using Dynamic IP or PPPoE, the DNS information is optional.

Optional

• Host name – This is required by some ISPs. If your ISP provided a Host Name, enter it here. Otherwise, you can use the default value.

• Domain name – This is required by some ISPs. If your ISP provided a Domain Name, enter it here. Otherwise, you can use the default value.

• MAC address – Some ISP’s record your MAC address (also called “Physical address” or “Network Adapter address”).

Setup of the XC-DPG503 is now complete. PCs on your LAN must now be configured. See the following section for details.

13

Configure PCs on your LAN

Overview

For each PC, the following may need to be configured:

TCP/IP network settings

Internet Access configuration

TCP/IP Settings

When using Windows 95/98/ME/2000/XP and the XC-DPG503’s TCP/IP default settings,
no changes need to be made. Just start or reboot your PC.

By default, the XC-DPG503 will act as a DHCP Server, automatically providing a
suitable IP Address (and related information) to each PC when the PC boots up.

For all non-Server versions of Windows, the default TCP/IP setting is to act as a
DHCP client. In Windows, this is called Obtain an IP address automatically. Just
start (or restart) your PC, and it will obtain an IP address from the XC-DPG503.

If using fixed IP addresses on your LAN, or you wish to check your TCP/IP settings,
refer to Appendix B – Windows TCP/IP Setup.

Internet Access

To configure your PCs to use the XC-DPG503 for Internet access, follow this procedure:

For Windows 9x/2000

Select Start Menu > Settings > Control Panel > Internet Options.

1.

Select the Connection tab, and click the Setup button.

2.

Select I want to set up my Internet connection manually or I want to connect

3.
through a local area network (LAN) and click Next.

If I connect through a local area network (LAN) is selected, ensure all of the

4.
boxes on the following Local area network Internet Configuration screen are
unchecked.

Check the No option when prompted Do you want to set up an Internet mail

5.
account now?.

Click Finish to close the Internet Connection Wizard.

6.

Setup is now completed.

For Windows XP

1.

Select Start Menu > Control Panel > Network and Internet Connections.

2.

Select Set up or change your Internet Connection.

3.

Select the Connection tab, and click the Setup button.

4.

Cancel the pop-up Location Information screen.

5.

Click Next on the New Connection Wizard screen.

6.

Select Connect to the Internet and click Next.

7.

Select Set up my connection manually and click Next.

8.

Check Connect using a broadband connection that is always on and click Next.

9.

Click Finish to close the New Connection Wizard.

Setup is now completed.

Accessing AOL

To access AOL (America On Line) through the XC-DPG503, the AOL for Windows
software must be configured to use TCP/IP network access, rather than a dial-up
connection. The configuration process is as follows:

Start the AOL for Windows communication software. Ensure that it is Version

2.5, 3.0 or later. This procedure will not work with earlier versions.

Click the Setup button.

Select Create Location, and change the location name from “New Locality” to
“XC-DPG503”.

Click Edit Location. Select TCP/IP for the Network field. (Leave the Phone
Number blank.)

Click Save, then OK. Configuration is now complete.

Before clicking “Sign On”, always ensure that you are using the “XC-DPG503”
location.

14

Configure PCs on your LAN

For Apple Clients

Open the TCP/IP Control Panel.

1.

Select Ethernet from the Connect via pop-up menu.

2.

Select Using DHCP Server from the Configure pop-up menu. The DHCP Client ID

3.
field can be left blank.

Close the TCP/IP panel, saving your settings.

4.

Note: If using manually assigned IP addresses instead of DHCP, the required changes
are:

• Set the Router Address field to the XC-DPG02’s IP Address.

• Ensure your DNS settings are correct.

For Linux Clients

To access the Internet via the XC-DPG503, it is only necessary to set the XC-DPG503
as the “Gateway” and ensure your Name Server settings are correct. Make sure you are

logged in as “root” before attempting any changes.

Fixed IP Address

By default, most Unix installations use a fixed IP Address. If you wish to continue
using a fixed IP Address, make the following changes to your configuration.

Set your Default Gateway to the IP Address of the XC-DPG503.

Ensure your DNS (Name server) settings are correct

To act as a DHCP Client (recommended):
The procedure below may vary according to your version of Linux and X -windows
shell.

1.

Start your X Windows client.

2.

Select Control Panel - Network

3.

Select the “Interface” entry for your Network card. Normally, this will be called
“eth0”.

4.

Click the Edit button, set the protocol to DHCP, and save this data.

5.

To apply your changes use the Deactivate and Activate buttons, if available OR
restart your system.

15

XC-DPG503

Twin WAN VPN Gateway

Chapter Contents

• Overview

• Port Options

• Load Balance

• Advanced PPPoE

• Advanced PPTP

Chapter 3 - Advanced Port

Overview

Port Options contains some options which can be set on either or both WAN ports. For most situations, the
default values are satisfactory.Virtual Server

Load Balance screen is only functional if you are using both WAN ports. It allows you to determine the
proportion of WAN traffic sent through each port.

Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WAN ports. It
can also be used to manually connect or disconnect a PPPoE session. Otherwise, this screen can be ignored.

Advanced PPTP setup is required if using the PPTP connection method.

16