Asante VR2004 - Manual

User’s Manual 5 4. Once the information has been recorded, select Configure: Using DHCP . You will receive an IP address automatically from your DHCP server. The TCP/IP configuration of your computer is now complete. Re-peat steps 1, 2 and 4 to configure additional Macs that you wish to add to the r...

FriendlyNET VPN Security Router 6 3. Expand this dialog box by clicking on the More Info >> button. 4. Complete the information in this table: Tip : Next to the DNS Servers field, click the button to show the Secondary DNS (if available). 5. From the Windows Start button, choose Settings and s...

User’s Manual 7 Windows XP 1. From the Start button, select Settings/Control Panel . 2. Click on Network and Internet Connections . 3. Click the Network Connections icon. 4. Double-click on the network. 5. Under the Support tab, click on the Details… button. 6. Record your information on the table b...

FriendlyNET VPN Security Router 8 The TCP/IP configuration of your computer is now complete. Re-peat steps 1 – 4 and 7 – 10 to configure additional PCs on your net-work. Red Hat Linux In order to gather the information necessary to complete the table, you will need to run the /sbin/ipconfig command....

User’s Manual 9 3. Configure Your Router From your computer, use your browser to configure the router for your network. 1. Start your web browser. Type http://192.168.123.254 into your browser’s address or location field and press Enter . 2. In a few moments you’ll see the Login screen for the route...

User’s Manual 11 Table of Contents Before You Start 2 Quick Start Guide 3 Chapter 1. Introduction 13 Chapter 2. Configuration 17 Chapter 3. Advanced Settings 27 Chapter 4. VPN Configuration 41 Appendix A. Warranty Statement and FriendlyCare Support 51 Appendix B. FCC Statement 53 Appendix C. Trouble...

User’s Manual 13 Chapter 1. Introduction Thank you for purchasing the FriendlyNET VR2004 Series VPN Se-curity Router. The router provides an easy, affordable way to com-municate over the Internet, while ensuring a secure connection to another VR2004 (or other compatible VPN solution). Whenever data ...

User’s Manual 15 • DMZ (Demilitarized Zone) : Allows you to place one server or workstation outside the firewall, to allow outside parties unrestricted access to the server 1.2 Package Contents Please compare the items included in your package to the list be-low. The following items should be includ...

FriendlyNET VPN Security Router 16 From left to right, the rear panel of the router contains the following: Power (5 VDC) plug; Internet (WAN) port; COM port; Reset button; and LAN ports 4, 3, 2 and 1. LED Color Description Link/Activity LAN ports 1 to 4 Green Blinking Off A valid link has been esta...

User’s Manual 17 Chapter 2. Configuration Power up the router first, before powering up the at-tached devices. Launch your web browser and type the default IP address (192.168.123.254) in the browser’s address box. Press Enter. The login window will appear. Type the default user- name admin and pres...

FriendlyNET VPN Security Router 18 • Time Zone Settings • Device IP Settings • ISP Settings • Additional ISP Settings • Modem Settings • VPN Settings Important ! You must save and restart the router in the Save & Re- start screen for your configurations to take effect. 2.1.1 Time Zone Settings F...

User’s Manual 19 Quick Start Guide), and click Next to enter the data. If you use a dynamic IP Address, check the Dynamic IP radio button and click Next to continue to Additional ISP Settings . 2.1.4 Additional ISP Settings In this page, you can enable the type of WAN connection you are using. Your ...

FriendlyNET VPN Security Router 20 ISPs use the information for authentication purposes, so you must select the check box and enter the requested information for your WAN type. Some providers require the Ethernet address (the MAC address) of the computer that is connecting the Cable/DSL modem to aut...

User’s Manual 21 Click Next to enter the new data and to proceed to the Wireless Settings page (VR2004AC model only) or to the Modem Settings page. 2.1.5 Wireless Settings (VR2004AC only) The VR2004AC is designed to function as a wireless access point using the default settings shown. If you wish to...

FriendlyNET VPN Security Router 22 Encryption Most internal LAN traffic does not require additional security meas-ures. If you are transferring sensitive files or other material over the wireless LAN, you may enable the WEP Security Settings. WEP stands for "Wired Equivalent Protocol". Click...

User’s Manual 23 2.1.7 VPN Settings The router can be used as an ordinary unencrypted connection to the Internet, or as a secure connection to another VPN router. To set up a Virtual Private Network (VPN), you must enable the VPN feature, which allows a secure connection to the Internet. Please refe...

FriendlyNET VPN Security Router 24 2.2 Device Information This page displays the current settings of the router: • Device Name : The host name of the router • IP Address : The IP address of the router • LAN MAC Address : The MAC address of the router’s LAN port • WAN MAC Address : The MAC address of...

User’s Manual 25 • VPN Status : View the IPSec Connection Status for VPN tunnels • DHCP Status : Click to refresh the DHCP log 2.4 System Tools From the Main Menu, select the System Tools button to display the status of the router. The following pages are accessible from the System Tools page: • Int...

FriendlyNET VPN Security Router 26 • Upgrade Firmware : Allows you to upgrade the router to the latest version of firmware • Reset Device : Restarts the router

User’s Manual 27 Chapter 3. Advanced Settings From the main menu, click on the corresponding button to access the Advanced Settings screen. From here, you can access the following pages for configuration: • DHCP Server Settings • Virtual Server Settings • Wireless Access Control • Routing Settings •...

FriendlyNET VPN Security Router 28 IP Address Pool Range This pool contains the range of IP addresses that will automatically be assigned to the clients on your network. The default setting is 192.168.123.2 to 192.168.123.100. Increase the range if you have more than 98 computers on your network. IP...

User’s Manual 29 Enter the IP addresses of the network servers and the Service Port Range to allow remote access to the desired ports. The Server Port is a TCP or UDP port number. See Appendix E for a list of common service ports. A single server or workstation can be placed outside the protective f...

FriendlyNET VPN Security Router 30 3.3 Wireless Access Control Settings * This feature should only be used by users with an extensive knowledge of TCP/IP. By default, all users on the router have full access to local and wide area networks. If necessary, network managers can control LAN and WAN acce...

User’s Manual 31 To delete a MAC address, select the corresponding checkbox and click the Del button. The maximum number of entries allowed in the table is 32. Note : At least one client must have full access in order to perform administrative tasks. Click Submit to have your changes take effect. 3....

FriendlyNET VPN Security Router 32 To specify that gateway you need to define a static route. • Destination IP Address: The network address of the re-mote network • Subnet Mask: The subnet mask of the remote network • Gateway IP Address: The IP address to be used as a gate-way to the remote network ...

FriendlyNET VPN Security Router 34 Your selections should look like this: • LAN Side Filter Enabled: Enabled • Default LAN Side Filter: Pass • Filter Entry: Block • Protocol: TCP • IP Address Range: 192.168.123.10 to 192.168.123.20 • Destination Port Range: 119-119 Click Save to add the filter rule ...

User’s Manual 35 3.6 Administrative Settings In this screen, you can set several administrative options for the router simply by entering a password or checking various options that are listed. 3.6.1 Password Settings To prevent unauthorized access to the router, it is highly recom-mended that you c...

FriendlyNET VPN Security Router 36 3.6.2 Remote System Administration You may configure your router to allow a user on the Internet to ad-minister it. The default setting 0.0.0.0 means that a user from any IP address may administer the router. You should carefully consider the possible security risk...

User’s Manual 37 ISP sets the limit on packet size for PPPoE connection, in which case, you will have to change the MTU setting. See your ISP for details on packet size limits. 3.7 Dynamic DNS Settings Ordinarily, a static IP address is required if you want users on the Internet to be able to find y...

FriendlyNET VPN Security Router 38 may enable the Use wildcards feature. 3.8 URL Filter Settings This feature allows you to block access to certain websites on the Internet. You can specify words or letters that, if they appear in the website name (the URL) or newsgroup name, will cause the site to ...

User’s Manual 39 To enable this feature, access the E-mail Alert screen from the Ad- vanced Settings page and check the box Enable E-mail Notifica- tion . Next, enter the IP address of the outgoing mail server and the destination e-mail address in the given fields and select the fre-quency for recei...

User’s Manual 41 Chapter 4. VPN Configuration If you require more than an ordinary, unencrypted connection to the Internet, the router supports IPSec to allow secure communications from a network to another network, or from a client to a network. The Virtual Private Network (VPN) protects your data ...

FriendlyNET VPN Security Router 42 You will require three pieces of information about each LAN that is taking part in a VPN connection: 1. The remote Network IP address of the LAN. This will usually be the same as the address of the LAN port of the router, with the last segment of the address change...

FriendlyNET VPN Security Router 44 • Remote IP Network : 192.168.123.0 • Remote IP Netmask : 255.255.255.0 • Remote Gateway IP : 172.16.0.123 • Network Interface : WAN ETHERNET 4.2 Client-to-Network To connect a remote client PC to your network, use one of the fol-lowing configurations based on the ...

User’s Manual 45 • Remote IP Network : 192.168.123.0 • Remote Netmask : 255.255.255.0 • Remote Gateway IP : 172.16.0.123 • Network Interface : The interface on the router used to communicate with the remote network. Most users should leave this set to WAN ETHERNET • Local IPSEC Identifier : Allows y...

User’s Manual 47 4.3.3 Pre-Shared Key IKE can establish a key for the two ends of the tunnel to use to en-crypt the traffic bound for the other network, but it cannot guarantee that the router on the other end of the tunnel can be trusted. The Pre-Shared key is used to establish that trust. Enter an...

FriendlyNET VPN Security Router 48 The following sections describe the parameters that will need to be entered for a manually keyed tunnel. 4.4.1 Incoming and Outgoing SPI (Security Parameter Index) The SPI is a 32-bit field that the router will use to identify the Secure Association. Enter a differ...

User’s Manual 49 4.4.5 Authentication Key This string is used as key authentication. Use an alpha-numeric value of 16 characters (MD5) or 20 characters (SHA-1). Note : The value entered must match that used by the remote de- vice. After configuring all the VPN values that are required, click on the ...

FriendlyNET VPN Security Router 52 LOSS, DAMAGE TO PROPERTY AND, TO THE EXTENT PERMITTED BY LAW, DAMAGES FOR PERSONAL INJURY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE). THESE LIMITATIONS SHALL APPLY EVEN IF ASANTE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF T...

User’s Manual 53 Appendix B. FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. Thi...

User’s Manual 55 Appendix C. Troubleshooting Before beginning the troubleshooting process, please check the System Requirements found in Chapter 1 have been met. If not, resolve the System Requirement deficiencies before attempting to troubleshoot further. C.1 Troubleshooting with the Status LEDs Co...

FriendlyNET VPN Security Router 56 C.2 Problems Accessing Router If you have problems accessing the router, please check the follow-ing: 1. Can you ping 192.168.123.254? If so, disable the proxy in your browser's setting. 2. If http://192.168.123.254 does not work, try http://192.168.123.254:88. 3. ...

User’s Manual 57 C.3 Cabling Problems Network cables connect devices in an Ethernet network, such as computers, printers, hubs, routers and Cable/DSL modems. The network connections provided by Ethernet cabling allow the devices to share information, and allow a LAN to access the Internet. Faulty Et...

FriendlyNET VPN Security Router 58 2. If the port functions correctly, make sure the router is attached to an Uplink Port on the hub or switch. If there is an Uplink button on the hub or switch, make sure it is in the Uplink posi-tion. 3. If there is no uplink port on the hub or switch, then you wil...

User’s Manual 59 Appendix D. Renewing Client IP Addresses Perform the following to renew the IP addresses of client computers after configuring your VR2004 Series Router: D.1 Windows 98/Me Perform the following steps to Release and Renew the IP Address on each client attached to the router: 1. Go to...

User’s Manual 61 Appendix E. Service Ports The table below lists some of the more common TCP and UDP ser-vice ports. Port Service 20 FTP-DATA 21 FTP 23 Telnet, Internet BBS 25 SMTP, Send mail 53 DNS 67 BOOTP bootstrap protocol 79 finger 80 HTTP, worldwide web 110 POP3, receive mail 113 Auth, authent...

User’s Manual 63 Appendix F. Hardware and Software Compatibility Protocols Supported TCP/IP, NAT, DHCP, PPP, PPPoE, VPN Network and Client Platforms compatibility Windows 95/98/NT/2000/Workstation Microsoft Windows NT Server UNIX System (Linux, OpenBSD, SCO-UNIX) Application Software Compatibility M...

User’s Manual 65 Appendix G. Specifications Connectors: LAN: 4 Fast Ethernet (100BaseTX, 10BaseT): RJ-45 WAN: 1 Fast Ethernet (100BaseTX, 10BaseT): RJ-45 COM: Serial (analog modem or ISDN TA): DB9 WLAN: 11 Mbps (802.11b) at 18 dBm signal with VR2004AC Status Indicators: Power, Status, Link/Activity ...

FriendlyNET VPN Security Router 66 Advanced Settings DHCP: Dynamic host configuration protocol automatically assigns IP address to specified clients. Choose address pool range. Reserve LAN IP addresses for selected devices (by MAC addresses). Virtual Server: De-Militarized Zone (DMZ) for specific IP...

User’s Manual 67 Intrusion: Detects 11 types of denial of service (DOS) attacks including: ping of death (illegal ping packet), SYN flood (detects if SYN is from the same source), LAND attack (same source and destination addresses), IP spoofing (simulates a LAN packet), Code Red 1 (pattern I), Code ...

FriendlyNET VPN Security Router 68 Performance Processor: 32-bit RISC CPU Memory: Upgradeable FLASH firmware from web browser LAN: 10/100 Mbps WAN: 10/100 Mbps WLAN: Up to 11 Mbps Physical Characteristics Dimensions: 7.9 x 5.9 x 1.7 inches (201 x 151 x 44 mm) Weight: VR2004C: 1.0 pounds (0.45 Kg) VR...

User’s Manual 69 Appendix H. Configuring a System Log Server Because the router’s memory cannot hold as many messages as a computer with a hard drive, you can have the router send its System Log messages to a server on the network. The ability to receive system log messages is most common on Unix-ty...

FriendlyNET VPN Security Router 70 # /etc/init.d/syslog restart 4. A default install of a recent version of Red Hat Linux has proba-bly also configured a firewall that may be blocking access to the syslog port. Usually ipchains is used by default. To add a rule to the firewall for ipchains , edit th...

User’s Manual 71 ConsoleMessage "Starting system log" if [ -f /etc/syslog.conf ]; then if ! pid=$(GetPID syslog); then rm -f /dev/log syslogd fi else echo "Warning: syslogd was not started" fi } -- 2. Add a parameter -u to the end of the line that starts the daemon: syslogd -u 3. Sav...

FriendlyNET VPN Security Router 72 8. Select Other under Port Name . Enter 514 and syslog in the Port Number and Description fields, and click OK . You should now see messages begin to appear in the selected router.log file. Note : The default firewall tool provided by Mac OS X doesn't provide a way...

User’s Manual 73 Appendix I. Your 802.11b Wireless Network Thank you for choosing Asanté for your wireless networking solu-tions. In order to make wireless networking as safe and easy as possible, please consider the following information when setting up and using your wireless network. Optimum Perf...

FriendlyNET VPN Security Router 74 • The type of walls, windows, doorways or other building structures will affect the range of the wireless signal. Struc-tures such as metal framed houses, windows containing UV protective film, and residences with multiple floors will all affect the signal quality ...

User’s Manual 75 MAC Address Control Every network device has a unique hardware address known as a media access control (MAC) address. Enabling MAC address con-trol allows you to control LAN and WAN access for each client in your network. Hackers will be denied access using outside devices. WEP Encr...