XiNCOM XC-DPG603 User Manual

CUTTING EDGE INNOVATIONS.

Twin WAN DNS IP VPN Gateway

         



XC-DPG603

Twin WAN DNS IP

→

Table of Contents

Introduction 4

Features 5

Physical Details 7

Basic Setup 9

Configuring your LAN 10

Connecting Broadband Modems 12

Configuring for Interent Access 13

Configuring your LAN PCs 14

VPN Gateway

Advanced Port 16

Port Options 17

Load Balance 18

Advanced PPPoE 19

Advanced PPTP 20

Advanced Setup 21

Host IP Setup 22

Virtual Server 23

Custom Virtual Server 24

Special Applications 25

Dynamic DNS 26

Multi DMZ 27

UPnP 27

Advanced Features 28

Security Management 30

Block URL 31

Access Filter 31

Session Limit 32

Firewall Exception 32

2

Table of Contents

QoS Configuration 33

VPN Configuration 34

IPSec Global Setting 35

Policy Setup 36

DNS Configuration 38

Domain Name Server Configuration 40

Map Host URL 42

Management Assistant 43

SNMP 43

Email Alert 43

Syslog 44

Upgrade Firmware 45

Operation & Status 47

System Status 47

Restore Factory Defaults 48

WAN Status 48

LAN Status 48

Advanced LAN Configuration 49

Existing DHCP Server 49

Static Routing 50

Appendices 52

Appendix A 52

Appendix B 53

Appendix C 56

3

XC-DPG603

Twin WAN DNS IP

VPN Gateway

→

Chapter 1 - Introduction

The XiNCOM XC-DPG603 is a revolutionary DNS to IP VPN Gateway that provides advanced networking services
most commonly found in enterprise class infrastructures at a fraction of the cost. XiNCOM tailors these services
with innovative features such as inbound/outbound load balancing, auto-failover, and a built-in VPN endpoint. The
XC-DPG603’s primary features are full VPN Load Balancing with Automatic Failover and the Authorative DNS
fucntion with Inbound Load Balancing. The VPN capability will allow for two concurrent VPN tunnels that will
load balance both inbound and outbound traffic requests. Full redundancy is assured when establishing a VPN
tunnel on each WAN port. The authoritative DNS feature load balances inbound traffic requests to the respective
IP address on a network infrastructure that hosts content on multiple servers. High throughput of inbound
and outbound requests are managed by dual WAN ports that utilize the combined bandwidth of two separate
concurrent broadband connections including DSL, Cable, and/or T1.

Chapter Contents

• Introduction

• Features

• Physical Details

Use TWO ISPs for expanded bandwidth and redundancy

Using two separate ISPs provides redundant connectivity to the Internet. In the event that one ISP goes
down, the XC-DPG603 auto-fails over to the other ISP service. Redundancy to the Internet provides a
truly uninterrupted connection for a business’s customers while maintaining uptime and productivity for its
employees.

Robust Security Features

The XC-DPG603 also features NAT, a Stateful Packet Inspection (SPI) Firewall, DHCP server, Access Filters,
and a built-in VPN endpoint to secure a business’s network services. The Quality of Service (QoS) feature
schedules and directs a network’s traffic to take advantage of available bandwidth. The XC-DPG603 UPnP
support can dynamically open and close ports required by certain software automatically. Increased bandwidth
and redundant connectivity to the Internet provides cost-effective bandwidth solutions to expensive leased
telecommunication lines for your network infrastructure.

Package Contents

The following items should be included:

• XC-DPG603 Twin WAN DNS to IP VPN Gateway

• Power Adapter (5V)

• Quick Installation Guide

• CD-ROM containing the on-line manual.

• Two CAT RJ-45 Ethernet Cables

• Rack Mounts for a standard 19” server rack

4

Features

Figure 1. How it works

1

A client computer makes a request to
access www.(yourdomain).com.

2

The request goes to the ISP’s DNS
server and the DNS server replies
with the IP address of the DNS
responsible for that domain.

3

Internet

The request is then processed by the
Authoritative DNS of that domain
and provides the IP address of the
specified server.

4

The client can then access the web
server.

Figure 2. Load Balancing

Load Balance two concurrent broadband connections in any combination to expand a
network’s bandwidth to the Internet. The XC-DPG603 supports T1, xDSL, Cable, and Satillite
broadband connections.

Active connection from the ISP

The XC-DPG603 load balances
both inbound and outbound
traffic requests.

Built-in VPN Endpoint

Full VPN Endpoint with support for up to 50 VPN tunnels using the IPsec encryption protocol.

Authoritative DNS to IP Gateway

The XC-DPG603 is an authoritative DNS to IP gateway that resolves a domain name to its respective IP
addresses. This new capability allows for inbound failover and load balancing for servers located behind
the gateway. Using dual WAN ports simultaneously increases available bandwidth for both uploads and
download requests. You can set load balance type by Packets, Bytes rx+tx and Sessions.

Multiple Connection Methods

All popular DSL and Cable Modems and connection methods are supported, including Fixed IP, Dynamic
IP, PPPoE, even multiple-session PPPoE.

2 x 10/100 WAN Ports

The XC-DPG603 incorporates dual 10/100 WAN ports, complete with auto-crossover for easy
connection to an existing network. All popular DSL and Cable Modems and connection methods are
supported, including Fixed IP, Dynamic IP, PPPoE, even multiple-session PPPoE.

4-Port 10/100 Switch

The XC-DPG603 incorporates a 4-port 10/100 N-Way Ethernet Switch, complete with auto crossover for
easy connection to an existing network.

Automatic Fail-over

If one broadband connection goes down all traffic is automatically re-routed through the second
broadband connection.

Stateful Packet Inspection (SPI) Firewall

Protects your network using advanced SPI against malicious and DDoS attacks.

Figure 3. Automatic Fail-over

In the event of one connection going down, all traffic is re-routed to the second WAN
port utilizing the live broadband connection from the second ISP. This provides true
redundancy to ensure a network remains connected to the Internet.

Active connection from the ISP
Inactive connection from the ISP

All incoming and outgoing
traffic from a LAN has an
uninterrupted connection to
the Internet when one of the
two connections fail.

Advanced NAT features

Access Filters, DMZ, DDNS, Remote Management, Dynamic or Static Routing, Special Applications,
Virtual Servers, SNMPv1.

Access Filter

Gain fine control over the Internet access and applications available to LAN users with a powerful URL
Blocking Engine. Five (5) user groups are available, and each group can have different access rights.

Block URL

Use this feature to block access to undesirable Web sites by LAN users. You can even have different
settings for different groups of PCs.

5

Features

Other Features:

DHCP Server Support

Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other
devices upon request. The XC-DPG603 can act as a DHCP Server for devices on your
local LAN.

Multi Segment LAN Support

LANs containing one or more segments are supported via the XC-DPG603’s built-in
static routing table.

ARP proxy

The ARP proxy feature allows you to assign an external (Internet) IP address to the
XC-DPG603’s LAN port. This allows Servers on your LAN to have external (Internet) IP
addresses.

Easy Setup

Use your favorite WEB browser for configuration.

Remote Management

The XC-DPG603 can be managed from any PC on your LAN. If the Internet connection
exists, the XC-DPG603 can be setup to be configured remotely via the Internet.

Password Protected Configuration

Optional password protection is provided to prevent unauthorized users from modifying
the XC-DPG603’s configuration data and settings.

DNS Configuration

This sets the inbound load balancing features for the XC-DPG603. Users have to
construct a DNS server in order to enable the inbound load balancing cababilities.

Map Host URL

In addition to the DNS configuration, Map Host URL allows for users to select a URL to
map to the IP address of a local host.

QoS Configuration

You will be able to schedual and direct your network traffic to take advantage of your
available bandwidth. This function allows for specified packets with higher priority to pass­through such as Internet phone, video conference, and other real-time applications.

UPnP

UPnP dynamically opens and close ports required by certain software automatically.

HTTP Firmware Upgrade and backup

The web management feature allows you to use HTTP to upgrade new firmware and
backup system configuration from local or remote locations.

Email Alert

The XC-DPG603 will send an alert via email to the system administrator in the event a
single or both WAN connections go down.

Syslog

Generates real time system information on the web page or sends to a particular
computer. This is used for monitoring and diagnosis purposes.

6

Twin WAN DNS IP VPN Gateway

XC-DPG603

Physical Details

Front Panel:

Operation of the Front Panel LEDs is as follows:

System:

Power

OFF - No Power.
ON - Normal Operation

Status

OFF - Normal Operation
ON - Firmware not loaded or Hardware Error
Blinking - Data in/out

WAN:

LINK/ACT

10M/100M

LAN:

LINK/ACT

10M/100M

ON - Physical connection to the Broadband modem on WAN port 1/2 established.
OFF - No physical connection on WAN port 1/2.

ON - Physical connection using 100BaseT on WAN port 1/2 established.
OFF - 10BaseT connection or no connection on WAN port 1/2.

ON - Physical connection or data in/out.
OFF - No physical connection.

ON - The corresponding LAN port is using 100BaseT.
OFF - 10BaseT connection on the corresponding LAN port or no connection.

7

Physical Details

Front Panel Status and Error conditions

LED Action Condition

WAN1 LINK/ACT & 10M/100M LEDs flash alternatively. Firmware Download in progress.
WAN1 LINK/ACT & 10M/100M LEDs flash concurrently. MAC address not assigned.
WAN1 LINK/ACT & 10M/100M LEDs solid On SDRAM error
WAN2 LINK/ACT & 10M/100M LEDs solid On Timer/Interrupt error
LAN1 LINK/ACT & 10M/100M LEDs solid On LAN/WAN error

Rear Panel:

LAN Ports WAN1WAN2 ResetDC 5V

Reset Button

WAN Ports

Connect the primary Broadband Modem to
WAN 1 and the second Broadband Modem
on WAN 2.

Press the Reset button once for a warm
reboot. To reset the XC-DPG603 to default
settings, press and hold the reset button for
30 seconds.

Default Settings

When the XC-DPG603 has finished booting, all configuration settings will be set to the factory defaults, including:

• The IP Address is set to its default value of 192.168.1.1 with a Network Mask of 255.255.255.0

• DHCP Server is enabled

• User Name: admin

• Password cleared (no password)

LAN Ports

Connect the PCs to these ports. Both 10BaseT and
100BaseT connections can be used simultaneously.

Note: Any port will automatically operate as an “Uplink” port if
required. Use a standard RJ-45 Ethernet cable to connect to
any port to another hub or switch.

8

XC-DPG603

Chapter 2 - Basic Setup

Twin WAN DNS IP

→

VPN Gateway

Chapter Contents

• Overview

• Procedure

1. Configuring your LAN

2. Connecting Broadband Modems

3. Configuring for Internet Access

4. Configuring your LAN PCs

Overview

Basic setup of your XC-DPG603 wil involve the following steps:

1. Connect the XC-DPG603 to one (1) PC and configure it to your existing LAN.

2. Connecting one or two Broadband Modems to your XC-DPG603.

3. Configuring the XC-DPG603 for Interent Access.

4. Configuring all PCs on your LAN to use the XC-DPG603.

Requirements:

• One or two Broadband modems (T1, xDSL, Cable, and Satillite) with an active account from your ISP(s).

• Two standard 10/100BaseT network (UTP) cables with RJ-45 connectors.

• TCP/IP network protocol must be installed on all PCs.

Broadband ModemsCAT5 Ethernet Cables

TCP/IP Enabled PCs

9

Configuring the XC-DPG603 for your LAN

a

Procedure

1.

Use a standard LAN cable to connect your PC to any LAN port on the XC-DPG603.

2.

Connect the power adapter and power up the XC-DPG603. Only use the power adapter
provided with the product; using a different one may cause hardware damage.

3.

Start your PC or restart your PC if it is already running. Once restarted, the PC will then
obtain an IP address from the XC-DPG603.

4.

Start your WEB browser.

5.

In the Address or Location box enter:
HTTP://192.168.1.1

6.

You will be prompted for the User Name and password, as shown in Figure 1.

7.

Enter admin for the “User Name” and leave the “Password” blank.

• The User Name is always set to admin

• You can and should set a password, using the following Admin Password screen

No Response?

Is your PC using a Fixed IP address?

If so, you must configure your PC to use an IP address within the range

192.168.1.2 to 192.168.1.254, with a Network Mask of 255.255.255.0. See
Appendix B – Windows TCP/IP Setup for details.

Be sure to check for the following:

• the XC-DPG603 is properly installed

• the Ethernet cable to the XC-DPG603 is properly attached

• the XC-DPG603 is powered ON

Figure 1. Password Dialog

Figure 2. Admin Password

Twin WAN Gateway

XC-DPG603

8.

After the login, you will then see the Admin Password screen, as shown in Figure 2.
Assign a password in both the Password and Verify Password fields and press the
Submit button.

9.

From the setup menu, select Basic Setup and then LAN & DHCP from the submenu.
You will see a screen like the example in Figure 3.

10

Configuring the XC-DPG603 for your LAN

This is the IP address for the XC-DPG603 when seen from the local LAN. Use the defualt value unless the address is already in use or your LAN is using a
different IP addres range. In the latter case, enter an unused IP Address from within the range used by you LAN

DPG603 is attached (the same value as the PCs on that LAN segment).

DHCP Server Setup - If Enabled, the XC-DPG603 will allocate IP Addresses to PCs (DHCP clients) on your LAN when they start up. The default and

provide the IP address of the XC-DPG603 as the

Default Gateway

.

Figure 3. LAN & DHCP

Ensure these settings are suitable for your LAN:

• The default settings are suitable for many situations.

• See the following table for details of each setting.

11

Connecting two broadband modems

a

Procedure

1.

Ensure the XC-DPG603 and the DSL/Cable modem are powered OFF.
Leave the modem or modems connected to their data line.

2.

Connect the Broadband modem(s) to the XC-DPG603.
If using only one (1) Broadband modem, connect it to the “WAN 1” port.

3.

Use standard LAN cables to connect PCs to the LAN ports on the XC-DPG603.

Both 10BaseT and 100BaseT connections can be used simultaneously.

Use a standard CAT-5 Ethernet cable to connect any port on the XC-DPG603 to
a standard port on another hub. Any LAN port on the will automatically act as an
“Uplink” port when required.

4.

Power Up

Power on the Cable or DSL modem(s).

Connect the supplied power adapter to the XC-DPG603 and power up.

5.

Check the LEDs

The Power LED should be ON.

The WAN – Link LED should be ON when the corresponding WAN port is
connected toa broadband modem.

For each PC connected to the LAN ports, the corresponding LAN LED (either 10 or

100) should be ON.

Figure 4. Installation Diagram for XC-DPG603

LAN Ports WAN1WAN2 ResetDC 5V

Broadband Modem Broadband Modem

Local Area Network

12

Configuring for Internet Access

Figure 5. Primary Setup Screen

Select Primary Setup from the menu.

Configure WAN 1 and/or WAN 2 as required.

1.

For any of the following situations, refer to Chapter 3: Advanced Port Setup

2.
for any further configuration which may be required such as:

• Using both ports

• Multiple IP addresses on either port

• Multiple PPPoE sessions

• PPTP connection method

Settings - Primary Setup

Connection Mode Select the appropriate setting:

• Enable – Select this if you have connected a broadband modem to this port.

• Disable – Select this if there is no broadband modem connected to this port.

• Backup – Select Enable for the primary port, and Backup for the secondary port. The Backup port will only be used if the primary port fails.

Connection Type Check the requirements supplied by your ISP, and select the appropriate option.

• Static IP – Select this if your ISP has provided a Fixed or Static IP address. Then enter the data into the Address Info fields.

• Dynamic IP – Select this if your ISP provides an IP address automatically, when you connect. You can ignore the Address Info fields.

• PPPoE – Select this if your ISP uses this method (PPPoE software that is usually provided by your ISP is not required to be used when selecting this method).
If this method is selected, you must complete the PPPoE dialup fields.

Note: If using the PPTP connection method, select Static IP or Dynamic IP to correspond to the IP address method used by your ISP.

Address Info This is for Static IP users only. Enter the address information provided by your ISP. If your ISP provided multiple IP address, you can use the Multi-DMZ screen to

assign the additional IP addresses.

PPPoE / PPTP Dialup This is for PPPoE and PPTP users only.

• Enter the Username and Password provided by your ISP.

• If using PPTP, enable the PPTP Connection checkbox and enter the IP address of the PPTP server.

• Host name (Optional For PPPoE) - This field is used by a Host to uniquely associate an access concentrator to a particular Host request.

Note: There are additional PPPoE/PPTP options on the Port Options screen. To use multiple PPPoE sessions on either port, configure the Advanced PPPoE screen.

DNS If using a Fixed IP address, you MUST enter at least 1 DNS address. If using Dynamic IP or PPPoE, the DNS information is optional.

Optional

• Host name – This is required by some ISPs. If your ISP provided a Host Name, enter it here. Otherwise, you can use the default value.

• Domain name – This is required by some ISPs. If your ISP provided a Domain Name, enter it here. Otherwise, you can use the default value.

• MAC address – Some ISP’s record your MAC address (also called “Physical address” or “Network Adapter address”).

Setup of the XC-DPG603 is now complete. PCs on your LAN must now be configured. See the following section for details.

13

Configure PCs on your LAN

Overview

For each PC, the following may need to be configured:

TCP/IP network settings

Internet Access configuration

TCP/IP Settings

When using Windows 95/98/ME/2000/XP and the XC-DPG603’s TCP/IP default settings,
no changes need to be made. Just start or reboot your PC.

By default, the XC-DPG603 will act as a DHCP Server, automatically providing a
suitable IP Address (and related information) to each PC when the PC boots up.

For all non-Server versions of Windows, the default TCP/IP setting is to act as a
DHCP client. In Windows, this is called Obtain an IP address automatically. Just
start (or restart) your PC, and it will obtain an IP address from the XC-DPG603.

If using fixed IP addresses on your LAN, or you wish to check your TCP/IP settings,
refer to Appendix B – Windows TCP/IP Setup.

Internet Access

To configure your PCs to use the XC-DPG603 for Internet access, follow this procedure:

For Windows 9x/2000

Select Start Menu > Settings > Control Panel > Internet Options.

1.

Select the Connection tab, and click the Setup button.

2.

Select I want to set up my Internet connection manually or I want to connect

3.
through a local area network (LAN) and click Next.

If I connect through a local area network (LAN) is selected, ensure all of the

4.
boxes on the following Local area network Internet Configuration screen are
unchecked.

Check the No option when prompted Do you want to set up an Internet mail

5.
account now?.

Click Finish to close the Internet Connection Wizard.

6.

Setup is now completed.

For Windows XP

1.

Select Start Menu > Control Panel > Network and Internet Connections.

2.

Select Set up or change your Internet Connection.

3.

Select the Connection tab, and click the Setup button.

4.

Cancel the pop-up Location Information screen.

5.

Click Next on the New Connection Wizard screen.

6.

Select Connect to the Internet and click Next.

7.

Select Set up my connection manually and click Next.

8.

Check Connect using a broadband connection that is always on and click Next.

9.

Click Finish to close the New Connection Wizard.

Setup is now completed.

Accessing AOL

To access AOL (America On Line) through the XC-DPG603, the AOL for Windows
software must be configured to use TCP/IP network access, rather than a dial-up
connection. The configuration process is as follows:

Start the AOL for Windows communication software. Ensure that it is Version

2.5, 3.0 or later. This procedure will not work with earlier versions.

Click the Setup button.

Select Create Location, and change the location name from “New Locality” to
“XC-DPG603”.

Click Edit Location. Select TCP/IP for the Network field. (Leave the Phone
Number blank.)

Click Save, then OK. Configuration is now complete.

Before clicking “Sign On”, always ensure that you are using the “XC-DPG603”
location.

14

Configure PCs on your LAN

For Apple Clients

Open the TCP/IP Control Panel.

1.

Select Ethernet from the Connect via pop-up menu.

2.

Select Using DHCP Server from the Configure pop-up menu. The DHCP Client ID

3.
field can be left blank.

Close the TCP/IP panel, saving your settings.

4.

Note: If using manually assigned IP addresses instead of DHCP, the required changes
are:

• Set the Router Address field to the XC-DPG02’s IP Address.

• Ensure your DNS settings are correct.

For Linux Clients

To access the Internet via the XC-DPG603, it is only necessary to set the XC-DPG603
as the “Gateway” and ensure your Name Server settings are correct. Make sure you are

logged in as “root” before attempting any changes.

Fixed IP Address

By default, most Unix installations use a fixed IP Address. If you wish to continue
using a fixed IP Address, make the following changes to your configuration.

Set your Default Gateway to the IP Address of the XC-DPG603.

Ensure your DNS (Name server) settings are correct

To act as a DHCP Client (recommended):
The procedure below may vary according to your version of Linux and X -windows
shell.

1.

Start your X Windows client.

2.

Select Control Panel - Network

3.

Select the “Interface” entry for your Network card. Normally, this will be called
“eth0”.

4.

Click the Edit button, set the protocol to DHCP, and save this data.

5.

To apply your changes use the Deactivate and Activate buttons, if available OR
restart your system.

15

XC-DPG603

Chapter 3 - Advanced Port

Twin WAN DNS IP

VPN Gateway

Chapter Contents

• Overview

• Port Options

• Load Balance

• Advanced PPPoE

• Advanced PPTP

→

Overview

Port Options contains some options which can be set on either or both WAN ports. For most situations, the
default values are satisfactory.

Load Balance screen is only functional if you are using both WAN ports. It allows you to determine the
proportion of WAN traffic sent through each port.

Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WAN ports. It
can also be used to manually connect or disconnect a PPPoE session. Otherwise, this screen can be ignored.

Advanced PPTP setup is required if using the PPTP connection method.

16

Port Options

Figure 6. Port Options

Connection Validation PPPoE / PPtP Connection Options Transparent Bridge Mode

Health Check

Use this field to select the type of connection validation
to perform. When set to ICMP, the XC-DPG603 sends
out ICMP echo requests. When set to HTTP, the XC­DPG603 requests web pages.

Alive Indicator

This is the IP address used to check if the WAN
connection is operational. When using HTTP, put in a
valid IP address of a web server. When this field is blank,
the ISP gateway IP address is used.
Note: This is not used for PPPoE connections.

MTU

The Maximum Transmission Unit is used when
determining the packet size to be used on the WAN
interface. Normally, this does not need to be changed, but
if your ISP advises you to use a particular MTU, enter it
here.

Auto Dialup

When set to Enable a connection will be established
whenever outgoing WAN traffic is detected. If not
Enabled, you must establish a connection manually.

Auto Disconnect

This determines when an idle connection will be
terminated. Enter the required time period.

Echo Time

This determines how often an Echo request is sent to the
PPPoE server. The Echo request is used to determine if
the connection is still valid. Normally, there is no need to
change the default value.

Echo Retry

The number of time the Echo request will be sent if there
is no response to the first request. Normally, there is no
need to change the default value.

Bridge Mode

When set to Enable, this WAN port does not use NAT &
Load Balance function when LAN/WAN IP have the real
IP addresses on the same network segment.

Traffic Management

Strict Binding - When a WAN port connection is

disconnected, the packets will not go to another WAN
port.

Loose Binding - When the WAN port connection is
connected, the packets will go another WAN port.

Load Balancing - This will mix real and private IP’s on
the LAN side doing the load balancing.

17