Planet Technology VRT-311 Manuel d'utilisateur

Broadband VPN Router VRT-311 / VRT-311S User’s Manual

VRT-311 User Guide 6 Rear Panel Figure 4: VRT-311 Rear Panel Figure 5: VRT-311S Rear Panel Reset Button This button has two (2) functions: • Reboot

Broadband VPN Router User’s Manual 96 Figure71: Windows 2000/XP Client to VRT-311 / VRT-311S 20. To add the second (incoming) rule, click "Add&

Microsoft VPN 97 Figure73: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Close". Figure74: Filter Lis

Broadband VPN Router User’s Manual 98 Figure75: Filter Action 24. Select Require Security, then click "Edit". On the Require Security Metho

Microsoft VPN 99 Figure77: Modify Security Method 26. Click "OK" to save your changes, then click "OK" again to return to the Fil

Broadband VPN Router User’s Manual 100 Figure79: Authentication Method 29. Select Use this string to protect the key exchange (preshared key), then e

Microsoft VPN 101 Figure81: Properties - General Tab 32. Click the "Advanced" button to see the screen below. Figure82: Key Exchange Setti

Broadband VPN Router User’s Manual 102 Figure83: Key Exchange Security Methods 34. Select the first entry, and click the "Edit" button to s

Microsoft VPN 103 Example 3: Windows 2000 Server to VPN Gateway In this example, a Windows 2000 Server connects to VRT-311 / VRT-311S. Users on each L

Broadband VPN Router User’s Manual 104 Windows 2000 Server Configuration Configuration is the same as for Example 2: Windows 2000/XP Client to excep

Microsoft VPN 105 Certificates Certificates are used to authenticate users. Certificates are issued to you by various CAs (Certi-fication Authorities)

Introduction 7 Using the DMZ Port The DMZ port is intended for connection of a server you wish to make available to the public. To use multiple server

Broadband VPN Router User’s Manual 106 Figure89: Add Trusted Certificate 3. Click the "Browse" button, and locate the certificate file on y

Microsoft VPN 107 Delete button Use this button to delete a Self Certificate. Select the checkbox in the Delete column for any Certificates you wish t

Broadband VPN Router User’s Manual 108 Subject Name This is the name which other organizations will see as the Holder (owner) of this Certificate. Thi

Microsoft VPN 109 8. After obtaining a new Certificate, as described above, you need to upload it VRT-311 / VRT-311S. • Return to the Self Certificat

Broadband VPN Router User’s Manual 110 Figure 95: Upload CRL 4. Upload the CRL file: • Click the "Browse" button, and locate the CRL file

Microsoft VPN 111 Data Rx Measures the quantity of data which has been received via this SA. Buttons Refresh Update the data shown on screen. View Log

112 Chapter 9 Microsoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. Overview Microsoft VPN uses the

Microsoft VPN 113 Data – Microsoft VPN Screen PPTP Server Enable Use this checkbox to enable or disable this feature as required. To allow connection

Broadband VPN Router User’s Manual 114 Data - Microsoft VPN Client Database Screen Existing Users User List All existing users are listed. If you have

Microsoft VPN 115 Status Screen The Status screen is accessed by selecting the Status option on the Microsoft VPN menu. Figure99: Microsoft VPN Statu

8 Chapter 2 Installation This Chapter covers the physical installation of VRT-311 / VRT-311S. Requirements • Network cables. Use standard 10/100Base

Broadband VPN Router User’s Manual 116 Windows Client Setup To connect to the PPTP (VPN) Server in the VPN Broadband Gateway: • The Microsoft VPN fea

Microsoft VPN 117 5. Click "Finish" to exit the Wizard. The new entry will now be listed in "Dial-up Networking". If necessary, y

Broadband VPN Router User’s Manual 118 Windows 2000 Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open &quo

Microsoft VPN 119 Figure105: Windows 2000 VPN Host 4. On the screen above, enter the Domain Name or Internet IP address of VRT-311 / VRT-311S you wis

Broadband VPN Router User’s Manual 120 Figure107: Windows 2000 Finish Wizard 6. Enter a suitable name, and click "Finish" to save and exit.

Microsoft VPN 121 Windows XP Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network Connections (Start-

Broadband VPN Router User’s Manual 122 Figure110: Windows XP Connection Name 4. Enter a suitable name for this connection. Click Next to continue.

Microsoft VPN 123 6. On the screen above, enter the Domain Name or Internet IP address of VRT-311 / VRT-311S you wish to connect to. Click Next to co

124 Chapter 10 Other Features & Settings This Chapter explains the screens and settings available via the "Other" menu. Overview Normal

Other Features and Settings 125 Config File This feature allows you to backup (download) the current settings from VRT-311 / VRT-311S, and save them t

Installation 9 • If desired, connect a PC (server) to the DMZ port. To use multiple servers, use a standard LAN cable to connect the DMZ port to a no

Broadband VPN Router User’s Manual 126 Network Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These act

Other Features and Settings 127 PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It elimi-nates

Broadband VPN Router User’s Manual 128 Data - PC Database Screen Known PCs This lists all current entries. Data displayed is name (IP Address) type. T

Other Features and Settings 129 PC Database (Admin) This screen is displayed if the "Advanced Administration" button on the PC Database is c

Broadband VPN Router User’s Manual 130 MAC Address Select the appropriate option • Automatic discovery - Select this to have VRT-311 / VRT-311S conta

Other Features and Settings 131 Remote Administration Remote Administration allows you to connect to this interface via the Internet, using your Web b

Broadband VPN Router User’s Manual 132 nected to the Internet. But if using a Dynamic IP Address, this value can change each time you connect to your

Other Features and Settings 133 Routing Overview • If you don't have other Routers or Gateways on your LAN, you can ignore the "Routing&qu

Broadband VPN Router User’s Manual 134 Figure119: Routing Screen Data - Routing Screen RIP Enable RIP Check this to enable the RIP (Routing Informati

Other Features and Settings 135 Properties • Destination Network - The network address of the remote LAN segment. For standard class "C" LA

10 Chapter 3 Setup This Chapter provides Setup details of VRT-311 / VRT-311S. Overview This chapter describes the setup procedure for: • Internet Ac

Broadband VPN Router User’s Manual 136 Other Routers on the Local LAN Other routers on the local LAN must use VRT-311 / VRT-311S 's Local Router

Other Features and Settings 137 Metric 3 For Router A's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.

Broadband VPN Router User’s Manual 138 Upgrade Firmware Use this screen to upgrade your VRT-311 / VRT-311S 's firmware. • You must download the

Other Features and Settings 139 UPnP An example UPnP screen is shown below. Figure122: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Services • UP

140 Appendix A Troubleshooting This Appendix covers the most likely problems and their solutions. Overview This chapter covers some common problems t

Appendix A - Troubleshooting 141 Solution 2: VRT-311 / VRT-311S processes the data passing through it, so it is not transparent. Use the Special Appli

142 Appendix B Specifications VRT-311 / VRT-311S Model VRT-311 / VRT-311S Dimensions VRT-311 : 170mm(W) * 147mm(D) * 27mm(H) VRT-311S : 148mm(W) *

Appendix B - Specifications 143 FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncont

Setup 11 Use the Microsoft VPN feature: • PPTP Server in VRT-311 / VRT-311S. • User and Client setup. • Checking VPN connection Status. Chapter 9:

VRT-311 User Guide 12 • Double - click the icon for VRT-311 / VRT-311S (either on the Desktop, or in My Network Places) to start the configuration. R

Setup 13 • These are the default values. Both the name and password can (and should) be changed, using the Admin Login screen. Once you have changed

VRT-311 User Guide 14 Setup Wizard The first time you connect to VRT-311 / VRT-311S, the Setup Wizard will run automatically. (The Setup Wizard will a

Setup 15 PPTP Mainly used in Europe. You connect to the ISP only when required. The IP address is usually allocated automati-cally, but may be Static

ii Copyright Copyright (C) 2004 PLANET Technology Corp. All rights reserved. The products and programs described in this User’s Manual are licensed

VRT-311 User Guide 16 Home Screen After finishing or exiting the Setup Wizard, you will see the Home screen. When you connect in future, you will see

Setup 17 LAN Screen Use the LAN link on the main menu to reach the LAN screen An example screen is shown below. Figure 9: LAN Screen Data - LAN Scree

VRT-311 User Guide 18 DHCP What DHCP Does A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or dev

19 Chapter 4 PC Configuration This Chapter details the PC Configuration required on the local ("Internal") LAN. Overview For each PC, the f

Broadband VPN Router User’s Manual 20 Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Network. You should see a screen like the fo

PC Configuration 21 • On the Gateway tab, enter VRT-311 / VRT-311S 's IP address in the New Gateway field and click Add, as shown below. Your LA

Broadband VPN Router User’s Manual 22 Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select th

PC Configuration 23 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address, as explained below. Obt

Broadband VPN Router User’s Manual 24 Figure17: Windows NT4.0 - DNS

PC Configuration 25 Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right - click the Local Area

i Table of Contents CHAPTER 1 INTRODUCTION...1 VRT-311 /VRT-311S Features...

Broadband VPN Router User’s Manual 26 5. Ensure your TCP/IP settings are correct, as described below. Using DHCP To use DHCP, select the radio button

PC Configuration 27 Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and c

Broadband VPN Router User’s Manual 28 Figure21: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, se

PC Configuration 29 Internet Access To configure your PCs to use VRT-311 / VRT-311S for Internet access: • Ensure that the DSL modem, Cable modem, or

Broadband VPN Router User’s Manual 30 Macintosh Clients From your Macintosh, you can access the Internet via VRT-311 / VRT-311S. The procedure is as f

31 Chapter 5 Operation and Status This Chapter details the operation of VRT-311 / VRT-311S and the status screens. Operation Once both VRT-311 / VRT-

Broadband VPN Router User’s Manual 32 Data - Status Screen Internet Connection Method This indicates the current connection method, as set in the Setu

Operation and Status 33 Connection Status - PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the &

Broadband VPN Router User’s Manual 34 fresh button will update the messages shown on screen. Buttons Connect If not connected, establish a connection

Operation and Status 35 Connection Status - PPTP If using PPTP (Peer-to-Peer Tunneling Protocol), a screen like the following example will be display

ii Services...72 CHAPTER 8 VPN (IPSEC)...

Broadband VPN Router User’s Manual 36 Disconnect If connected to your ISP, hang up the connection. Clear Log Delete all data currently in the Log. Thi

Operation and Status 37 is disabled. Connection Log Connection Log • The Connection Log shows status messages relating to the existing connection. •

Broadband VPN Router User’s Manual 38 IP Address The IP Address of this device, as seen by Internet users. This address is allocated by your ISP (Inte

Operation and Status 39 Connection Details - Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the follow

Broadband VPN Router User’s Manual 40 OR "Renew" VRT-311 / VRT-311S, this button will say "Renew". Clicking the "Renew"

41 Chapter 6 Internet Features This Chapter explains when and how to use VRT-311 / VRT-311S's "Internet" Features. Overview The follow

Broadband VPN Router User’s Manual 42 WAN Port Configuration The WAN Port Configuration screen provides an alternative to using the Wizard. It can be

Internet Features 43 IP Address IP Address is assigned auto-matically Also called Dynamic IP Address. This is the default, and the most common. Leav

Broadband VPN Router User’s Manual 44 Login Login Method If your ISP does not use a login method (username, password) for Internet access, leave this

Internet Features 45 Advanced Internet Figure29: Internet Screen This screen allows configuration of all advanced features relating to Internet acces

1 Chapter 1 Introduction This Chapter provides an overview of VRT-311 / VRT-311S's features and ca-pabilities. Congratulations on the purchase o

Broadband VPN Router User’s Manual 46 Send incoming calls to This lists the PCs on your LAN. • If necessary, you can add PCs manually, using the PC D

Internet Features 47 Incoming Ports • Type - Select the protocol (TCP or UDP) used when you receive data from the special application or service. (N

Broadband VPN Router User’s Manual 48 URL Filter The URL Filter allows you to block access to undesirable Web site • To use this feature, you must de

Internet Features 49 Dynamic DNS (Domain Name Server) This free service is very useful when combined with the Virtual Server feature. It allows Inter-

Broadband VPN Router User’s Manual 50 NOT need to use the "Client" program provided by some DDNS Service providers.) • From the Internet, u

Internet Features 51 Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would

Broadband VPN Router User’s Manual 52 • For each enabled Virtual Server, a firewall rule to allow incoming traffic from the Internet (WAN) to the DMZ

Internet Features 53 Connecting to the Virtual Servers Once configured, anyone on the Internet can connect to your Virtual Servers. They must use the

54 Chapter 7 Security Configuration This Chapter explains the settings available via the security configuration section of the "Security" m

Security Configuration 55 Figure37: Password Dialog Enter the "User Name" and "Password" you set on the Admin Login screen above.

VRT-311 User Guide 2 • Fixed or Dynamic IP Address. On the Internet (WAN port) connection, VRT-311 / VRT-311S supports both Dynamic IP Address (IP A

Broadband VPN Router User’s Manual 56 Access Control This feature is accessed by the Access Control link on the Security menu. The Access Control feat

Security Configuration 57 Data - Access Control Screen Group Group Select the desired Group. The screen will update to display the settings for the se

Broadband VPN Router User’s Manual 58 Clear Log Click this to clear and restart the "Access Control" log, making new entries easier to read.

Security Configuration 59 Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Figure39: Gr

Broadband VPN Router User’s Manual 60 Firewall Rules For normal operation and LAN protection, it is not necessary to use this screen. The Firewall wil

Security Configuration 61 Data For each rule, the following data is shown: • Name - The name you assigned to the rule. • Source - The traffic cover

Broadband VPN Router User’s Manual 62 Define Firewall Rule Clicking the "Add" button in the Firewall Rules screen will display a screen like

Security Configuration 63 Dest IP These settings determine which traffic, based on their destination IP address, is covered by this rule. Select the

Broadband VPN Router User’s Manual 64 Logs The Logs record various types of activity on VRT-311 / VRT-311S. This data is useful for troubleshooting, b

Security Configuration 65 Data - Logs Screen Enable Logs Incoming Traffic Select the desired option: • All IP traffic - this will log all incoming T

Introduction 3 Security Features • Password - protected Configuration. Optional password protection is provided to prevent unauthorized users from m

Broadband VPN Router User’s Manual 66 Clear Log Button Use this to restart the required log. This makes it easier to read the latest entries. Timezon

Security Configuration 67 E-mail Figure43: E-Mail Screen Data – E-Mail Screen E-Mail Alerts Send E-Mail alert If enabled, an E-mail will be sent imme

Broadband VPN Router User’s Manual 68 E-mail address Enter the E-mail address the Log is to be sent to. The E-mail will also show this address as the

Security Configuration 69 Security Options This screen allows you to set Firewall and other security-related options. Figure44: Security Options Scre

Broadband VPN Router User’s Manual 70 Options Respond to ICMP (ping) The ICMP protocol is used by the "ping" and "trace route" pro

Security Configuration 71 Scheduling • This schedule can be (optionally) applied to any Access Control Group. • Blocking will be performed during t

Broadband VPN Router User’s Manual 72 Services Services are used in defining traffic to be blocked or allowed by the Access Control or Firewall Rules

73 Chapter 8 VPN (IPSec) This Chapter describes the VPN capabilities and configuration required for common situations. Overview This section describe

Broadband VPN Router User’s Manual 74 • Phase I is the negotiation and establishment up of the IKE connection. • Phase II is the negotiation and est

Microsoft VPN 75 Common VPN Situations VPN Pass-through Figure47: VPN Pass-through Here, a PC on the LAN behind the VRT-311 / VRT-311S is using VPN

VRT-311 User Guide 4 Physical Details Front-mounted LEDs Figure 2: VRT-311’s Front Panel Figure 3: VRT-311S’s Front Panel Power On - Power on. Off

Broadband VPN Router User’s Manual 76 Connecting 2 LANs via VPN Figure49: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on

Microsoft VPN 77 VPN Configuration This section covers the configuration required on VRT-311 / VRT-311S when using Manual Key Exchange (Manual Policie

Broadband VPN Router User’s Manual 78 Move The order in which policies are listed is only important if you have multiple polices for the same remote s

Microsoft VPN 79 • Otherwise, click Next to continue. You will see a screen like the following. Figure52: VPN Wizard – General Screen General Settin

Broadband VPN Router User’s Manual 80 Figure53: VPN Wizard - Traffic Selector Screen • For outgoing VPN connections, these settings determine which

Microsoft VPN 81 Remote IP addresses Type • Single address - enter an IP address in the "Start IP address" field. • Range address - enter

Broadband VPN Router User’s Manual 82 SPI • Each SPI (Security Parameter Index) must be unique. • The "in" SPI here must match the "o

Microsoft VPN 83 IKE Phase 1 If you selected IKE, the following screen is displayed after the Traffic Selector screen. This screen sets the parameters

Broadband VPN Router User’s Manual 84 Authentication • RSA Signature requires that both VPN endpoints have valid Certificates issued by a CA (Certif

Microsoft VPN 85 IKE Phase 2 Screen This screen sets the parameters for the IPSec SA. When using IKE, there are separate connec-tions (SAs) for IKE an

Introduction 5 Off - No connection to a modem on the WAN (Internet) port. Flashing - Data is being transmitted or received via the WAN port. PPPoE (

Broadband VPN Router User’s Manual 86 For IKE, configuration is now complete. Click "Next" to view the final screen. Figure57: VPN Wizard

Microsoft VPN 87 VPN Examples This section describes some examples of using VRT-311 / VRT-311S in common VPN situa-tions. Example 1: Connecting 2 VRT-

Broadband VPN Router User’s Manual 88 method used. Pre-shared Key Xxxxxxxxxx Xxxxxxxxxx Must match IKE Authentication algorithm MD5 MD5 Must match IKE

Microsoft VPN 89 Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to VRT-311 / VRT-311S and gains access t

Broadband VPN Router User’s Manual 90 DH Group Group 1 (768 bit) Must match client PC IKE SA Life time 28800 Does not have to match client PC. Shorter

Microsoft VPN 91 Figure61: Windows 2000/XP - Policy Properties • Note that no rules are in use. Two 2 rules are required - incoming and outgoing. •

Broadband VPN Router User’s Manual 92 Figure63: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address. • Since

Microsoft VPN 93 Figure65: New Rule Properties: Filter Action 11. Select Require Security, then click the "Edit" button, to view the Requi

Broadband VPN Router User’s Manual 94 Figure67: Modify Security Method 13. On the resulting screen (above), select High [ESP] then click "OK&quo

Microsoft VPN 95 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address. Enter the WAN (Internet) IP addres