Manuel d'utilisation / d'entretien du produit VRT-311S du fabricant Planet Technology
Aller à la page of 147
Broadband VPN Router VRT-311 / VRT-311S User ’ s Manual.
ii Cop y right Copyright (C) 2004 PLANET Technology Corp. All rights reserved. The products and programs described in this User ’ s M anual are licensed products of PLANET Technology, This User ’ .
i Table of Contents CH A PTER 1 IN T RODUC T IO N ......................................................................... .1 VR T -311 /VR T -311S Feature s .............................................................................. .1 Package Content s .
ii Ser v ice s .............................................................................................................. . 72 CH A PTER 8 VPN (IPSEC ) ............................................................................. . 73 O v er v ie w .
1 Ch a pte r 1 I n trod uc tio n This Chapter provides an overview of VRT-311 / VRT-311S's features and ca- pabilities. Congratulations on the purchase of y our ne w VR T -311 / VR T -311S . VR T -311 / VR T -311S is a m ulti-function device providing the follo w ing services: • Shared Broadband Internet Access for all L A N users.
VRT-311 User Guide 2 • Fixed or Dyna m ic IP Address. On the Internet (W A N port) connection, VR T -311 / VR T -311S supports both D y na m ic I P A ddress (I P A ddress is allocated on connection) and Fixed I P A ddress. A d v anced Internet Functions • Co mm unication Applications.
Introduction 3 Securit y Features • Password - protected Configuration . Optional pass w ord protection is provided to prevent unauthorized users fro m m odif y ing the configuration data and settings.
VRT-311 User Guide 4 Ph y sical Details Front-mounted LEDs Figure 2: VRT-311 ’ s Front Panel Figure 3: VRT-311S ’ s Front Panel Po w er On - P o w er on. Off - No po w er. Status (Red) On - Error condition. Off - Nor m al operation. Blin k ing - T his LED blinks during start up.
Introduction 5 Off - No connection to a m ode m on the W A N (Internet) port. Flashing - Data is being trans m itted or received via the W A N port. PPPoE (For VR T -311 onl y) On - PPP oE connection established.
VRT-311 User Guide 6 Rear Panel Figure 4: VRT-311 Rear Panel Figure 5: VRT-311S Rear Panel Reset Button T his button has t w o (2) functions: • Reboot .
Introduction 7 Using the DMZ Port T he DMZ port is intended for connection of a server y ou w ish to m ake available to the public. T o use m ultiple servers, use a standard L A N cable to connect the DMZ port to a nor m al port on another hub, and connect y our servers to the hub.
8 Ch a pte r 2 I n st a ll a tio n This Chapter covers the physical installation of VRT-311 / VRT-311S. Requirements • Net w ork cables. Use standard 10/100Base T net w ork (U TP ) cables w ith RJ45 connectors. • T C P /I P protocol m ust be installed on all P Cs.
Installation 9 • If desired, connect a P C (server) to the DMZ port. T o use m ultiple servers, use a standard L A N cable to connect the DMZ port to a nor m al port on another hub, and connect y our servers to the hub. P Cs connected to the DMZ port are isolated fro m y our L A N.
10 Ch a pte r 3 S e t u p This Chapter provides Setup details of VRT-311 / VRT-311S. O v er v ie w T his chapter describes the setup procedure for: • Internet A ccess • L A N configuration P Cs on y our local L A N m a y also require configuration.
Setup 11 Use the Microsoft V P N feature: • PPTP Server in VR T -311 / VR T -311S. • User and Client setup. • Checking V P N connection Status. Chapter 9: Microsoft V P N Configure or use an y of the follo w ing: • Configuration File backup and restore.
VRT-311 User Guide 12 • Double - click the icon for VR T -311 / VR T -311S (either on the Desktop, or in My Network Places ) to start the configuration. Refer to the follo w ing section Setup W izard for details of the initial configuration process.
Setup 13 • T hese are the default values. Both the na m e and pass w ord can (and should) be changed, using the Ad m in Login screen. Once y ou have changed either the na m e or the pass w ord, y ou m ust use the current values.
VRT-311 User Guide 14 Setup Wizard T he first ti m e y ou connect to VR T -311 / VR T -311S, the Setup Wizard w ill run auto m aticall y . ( T he Setup Wizard w ill also run if VR T -311 / VR T -311S ' s default setting are restored.) 1. Step through the Wizard until finished.
Setup 15 PPTP Mainl y used in Europe. You connect to the IS P onl y w hen required. T he I P address is usuall y allocated auto m ati- call y , but m a y be Static (Fixed). • PPTP Server I P A ddress. • User na m e and pass w ord. • I P A ddress allocated to y ou, if Static (Fixed).
VRT-311 User Guide 16 Home Screen A fter finishing or exiting the Setup Wizard, y ou w ill see the Home screen. When y ou connect in future, y ou w ill see this screen w hen y ou connect.
Setup 17 L A N Screen Use the LAN link on the m ain m enu to reach the LAN screen A n exa m ple screen is sho w n belo w . Figure 9: LAN Screen Data - L A N Screen T CP/IP IP Address I P address for VR T -311 / VR T -311S, as seen fro m the local L A N.
VRT-311 User Guide 18 DHCP What DHCP Does A DHC P (D y na m ic Host Configuration P rotocol) Server allocates a valid I P address to a DHCP Client ( P C or device) upon request. • T he client request is m ade w hen the client device starts up (boots).
19 Ch a pte r 4 P C C o n fig u r a tio n This Chapter details the PC Configuration required on the local ( " Internal " ) LAN. O v er v ie w For each P C, the follo w ing m a y need to be c.
Broadband VPN Router User ’ s Manual 20 Checking TCP/IP Settings - Windo w s 9x/ME: 1. Select Control Panel - Network . You should see a screen like the follo w ing: Figure 10: Net w or k Configuration 2. Select the TCP/IP protocol for y our net w ork card.
PC Configuration 21 • On the Gateway tab, enter VR T -311 / VR T -311S ' s I P address in the New Gateway field and click Add , as sho w n belo w . Your L A N ad m inistrator can advise y ou of the I P A ddress the y assigned to VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 22 Checking TCP/IP Settings - Windo w s NT4.0 1. Select Control Panel - Network , and, on the Protocols tab, select the T C P /I P protocol, as sho w n belo w . Figure 14: Windo w s NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one belo w .
PC Configuration 23 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address , as explained belo w . Obtain an IP address from a DHCP Ser v er T his is the default Windo w s setting. Using this is reco mm ended .
Broadband VPN Router User ’ s Manual 24 Figure17: Windo w s NT4.0 - DNS.
PC Configuration 25 Checking TCP/IP Settings - Windo w s 2000: 1. Select Control Panel - Network and Dial-up Connection . 2. Right - click the Local Area Connection icon and select Properties . You should see a screen like the follo w ing: Figure18: Net w or k Configuration (Win 2000) 3.
Broadband VPN Router User ’ s Manual 26 5. Ensure y our T C P /I P settings are correct, as described belo w . Using DHCP T o use DHC P , select the radio button Obtain an IP Address automatically . T his is the default Windo w s setting. Using this is reco mm ended .
PC Configuration 27 Checking TCP/IP Settings - Windo w s XP 1. Select Control Panel - Network Connection . 2. Right click the Local Area Connection and choose Properties . You should see a screen like the follo w ing: Figure20: Net w or k Configuration (Windo w s XP) 3.
Broadband VPN Router User ’ s Manual 28 Figure21: TCP/IP Properties (Windo w s XP) 5. Ensure y our T C P /I P settings are correct. Using DHCP T o use DHC P , select the radio button Obtain an IP Address automatically . T his is the default Windo w s setting.
PC Configuration 29 Internet A ccess T o configure y our P Cs to use VR T -311 / VR T -311S for Internet access: • Ensure that the DSL m ode m , Cable m ode m , or other per m anent connection is functional. • Use the follo w ing procedure to configure y our Bro w ser to access the Internet via the L A N, rather than b y a Dial-up connection.
Broadband VPN Router User ’ s Manual 30 M acintosh Clients Fro m y our Macintosh, y ou can access the Internet via VR T -311 / VR T -311S. T he procedure is as follo w s. 1. Open the T C P /I P Control P anel. 2. Select Ethernet fro m the Connect via pop-up m enu.
31 Ch a pte r 5 O p e r a tio n an d St a t u s This Chapter details the operation of VRT-311 / VRT-311S and the status screens. Operation Once both VRT-311 / VRT-311S and the PCs are configured, operation is auto m atic.
Broadband VPN Router User ’ s Manual 32 Data - Status Screen Internet Connection M ethod T his indicates the current connection m ethod, as set in the Setup Wizard.
Operation and Status 33 Connection Status - PPPoE If using PPP oE ( PPP over Ethernet), a screen like the follo w ing exa m ple w ill be displa y ed w hen the " Connection Details " button is clicked.
Broadband VPN Router User ’ s Manual 34 fresh button w ill update the m essages sho w n on screen. Buttons Connect If not connected, establish a connection to y our IS P . Disconnect If connected to y our IS P , hang up the connection. Clear Log Delete all data currentl y in the Log.
Operation and Status 35 Connection Status - PPTP If using PPTP ( P eer-to- P eer T unneling P rotocol), a screen like the follo w ing exa m ple w ill be displa y ed w hen the " Connection Details " button is clicked.
Broadband VPN Router User ’ s Manual 36 Disconnect If connected to y our IS P , hang up the connection. Clear Log Delete all data currentl y in the Log. T his w ill m ake it easier to read ne w m essages. Refresh Update the data on screen. Connection Status - Telstra Big Pond A n exa m ple screen is sho w n belo w .
Operation and Status 37 is disabled. Connection Log Connection Log • T he Connection Log sho w s status m essages relating to the existing connection. • T he Clear Log button w ill restart the Log, w hile the Refresh button w ill update the m essages sho w n on screen.
Broadband VPN Router User ’ s Manual 38 IP Address T he I P A ddress of this device, as seen b y Internet users. T his address is allocated b y y our IS P (Internet Service P rovider). Net w or k M as k T he Net w ork Mask associated w ith the I P A ddress above.
Operation and Status 39 Connection Details - Fixed/D y namic IP A ddress If y our access m ethod is " Direct " (no login), a screen like the follo w ing exa m ple w ill be dis- pla y ed w hen the " Connection Details " button is clicked.
Broadband VPN Router User ’ s Manual 40 OR "Rene w " VR T -311 / VR T -311S, this button w ill sa y " Rene w " . Clicking the " Rene w " button w ill atte m pt to re-establish the connection and obtain an I P A ddress fro m the IS P ' s DHC P Server.
41 Ch a pte r 6 I n t e r ne t Fea t u r e s This Chapter explains when and how to use VRT-311 / VRT-311S's " Internet " Features. O v er v ie w T he follo w ing advanced features are provided.
Broadband VPN Router User ’ s Manual 42 W A N Port Configuration T he W A N P ort Configuration screen provides an alternative to using the Wizard. It can be accessed fro m the Internet m enu.
Internet Features 43 IP A ddress IP Address is assigned auto- m atically A lso called Dyna m ic IP Address . T his is the default, and the m ost co mm on. Leave this selected if y our IS P allocates an I P A ddress to VR T -311 / VR T -311S upon connection.
Broadband VPN Router User ’ s Manual 44 Login Login M ethod If y our IS P does not use a login m ethod (userna m e, pass w ord) for Internet access, leave this at the default value " None (Direct connec- tion) " Other w ise, check the docu m entation fro m y our IS P , select the login m ethod used, and enter the required data.
Internet Features 45 A d v anced Internet Figure29: Internet Screen T his screen allo w s configuration of all advanced features relating to Internet access. • Co mm unication A pplications • Special A pplications • Multi-DMZ • URL filter Communication A pplications Most applications are supported transparentl y b y VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 46 Send inco m ing calls to T his lists the P Cs on y our L A N. • If necessar y , y ou can add P Cs m anuall y , using the PC Data- base option on the Other m enu. • For each application listed above, y ou can choose a destina- tion P C.
Internet Features 47 Inco m ing Ports • Type - Select the protocol ( T C P or UD P ) used w hen y ou receive data fro m the special application or service.
Broadband VPN Router User ’ s Manual 48 URL Filter T he URL Filter allo w s y ou to block access to undesirable Web site • T o use this feature, y ou m ust define " filter strings " . If the " filter string " appears in a re- quested URL, the request is blocked.
Internet Features 49 D y namic DNS (Domain Name Ser v er) T his free service is ver y useful w hen co m bined w ith the Virtual Server feature. It allo w s Inter- net users to connect to y our Virtual Servers using a URL, rather than an I P A ddress. T his also solves the proble m of having a d y na m ic I P address.
Broadband VPN Router User ’ s Manual 50 NO T need to use the " Client " progra m provided b y so m e DDNS Service providers.) • Fro m the Internet, users w ill no w be able to connect to y our Virtual Servers (or DMZ P C) using y our Do m ain na m e.
Internet Features 51 Virtual Ser v ers T his feature allo w s y ou to m ake Servers on y our L A N accessible to Internet users. Nor m all y , Internet users w ould not be able to access a server on y our L A N because: • Your Server does not have a valid external I P A ddress.
Broadband VPN Router User ’ s Manual 52 • For each enabled Virtual Server, a fire w all rule to allo w inco m ing traffic fro m the Internet (W A N) to the DMZ is auto m aticall y created. If the Server is connected to the L A N (hub) ports, y ou m ust add the fire w all rule m anuall y .
Internet Features 53 Connecting to the Virtual Ser v ers Once configured, an y one on the Internet can connect to y our Virtual Servers. T he y m ust use the Internet I P A ddress (the I P A ddress allocated to y ou b y y our IS P ). e.g. http://203.70.
54 Ch a pte r 7 S ecu rit y C o n fig u r a tio n This Chapter explains the settings available via the security configuration section of the " Security " menu.
Security Configuration 55 Figure37: Pass w ord Dialog Enter the " User Na m e " and "P ass w ord " y ou set on the Admin Login screen above.
Broadband VPN Router User ’ s Manual 56 A ccess Control T his feature is accessed b y the Access Control link on the Security m enu. T he A ccess Control feature allo w s ad m inistrators to restrict the level of Internet A ccess avail- able to P Cs on y our L A N.
Security Configuration 57 Data - A ccess Control Screen Group Group Select the desired Group. T he screen w ill update to displa y the settings for the selected Group. Groups are na m ed " Default " , " Group 1 " , " Group 2 " , " Group 3 " and " Group 4 " , and cannot be re- na m ed.
Broadband VPN Router User ’ s Manual 58 Clear Log Click this to clear and restart the " A ccess Control " log, m aking ne w entries easier to read.
Security Configuration 59 Group Members Screen T his screen is displa y ed w hen the Members button on the Access Control screen is clicked. Figure39: Group M e m bers Use this screen to add or re m ove m e m bers ( P Cs) fro m the current group.
Broadband VPN Router User ’ s Manual 60 Fire w all Rules For nor m al operation and L A N protection, it is not necessar y to use this screen. T he Fire w all w ill al w a y s block DoS (Denial of Service) attacks.
Security Configuration 61 Data For each rule, the follo w ing data is sho w n: • Na me - T he na m e y ou assigned to the rule. • Source - T he traffic covered b y this rule, defined b y the source I P address. If the I P address is follo w ed b y .
Broadband VPN Router User ’ s Manual 62 Define Fire w all Rule Clicking the " A dd " button in the Firewall Rules screen w ill displa y a screen like the exa m ple belo w . Figure41: Define Fire w all Rule Data - Define Fire w all Rule Screen Na m e Enter a suitable na m e for this rule.
Security Configuration 63 Dest IP T hese settings deter m ine w hich traffic, based on their destination I P address, is covered b y this rule. Select the desired option: • A n y - A ll traffic fro m the source port is covered b y this rule. • Single address - Enter the required I P address in the " Start I P address " field " .
Broadband VPN Router User ’ s Manual 64 Logs T he Logs record various t y pes of activit y on VR T -311 / VR T -311S. T his data is useful for troubleshooting, but enabling all logs w ill generate a large a m ount of data and adversel y affect perfor m ance.
Security Configuration 65 Data - Logs Screen Enable Logs Inco m ing Traffic Select the desired option: • All IP traffic - this w ill log all inco m ing T C P /I P connections, of an y t y pe. T his w ill generate the largest logs, and fill the internal log buffer m ore quickl y .
Broadband VPN Router User ’ s Manual 66 Clear Log Button Use this to restart the required log. T his m akes it easier to read the latest entries. T imezone Ti m ezone Select the correct T i m ezone for y our location. T his is required for the date/ti m e sho w n on the logs to be correct.
Security Configuration 67 E-mail Figure43: E- M ail Screen Data – E-Mail Screen E- M ail A lerts Send E- M ail alert If enabled, an E- m ail w ill be sent i mm ediatel y if a DoS (Denial of Service) attack is detected. If enabled, the E- m ail address infor m ation m ust be provided.
Broadband VPN Router User ’ s Manual 68 E- m ail address Enter the E- m ail address the Log is to be sent to. T he E- m ail w ill also sho w this address as the Sender ' s address. Subject Enter the text string to be sho w n in the " Sub j ect " field for the E- m ail.
Security Configuration 69 Securit y Options T his screen allo w s y ou to set Fire w all and other securit y -related options. Figure44: Security Options Screen Data - Securit y Options Screen Fire w all Enable DoS Fire w all If enabled, DoS (Denial of Service) attacks w ill be detected and blocked.
Broadband VPN Router User ’ s Manual 70 Options Respond to IC M P (ping) T he ICM P protocol is used b y the " ping " and " trace route " progra m s, and b y net w ork m onitoring and diagnostic progra m s. • If checked, VR T -311 / VR T -311S w ill respond to ICM P packets received fro m the Internet.
Security Configuration 71 Scheduling • T his schedule can be (optionall y ) applied to an y A ccess Control Group. • Blocking w ill be perfor m ed during the scheduled ti m e (bet w een the " Start " and " Finish " ti m es.) • T w o (2) separate sessions or periods can be defined.
Broadband VPN Router User ’ s Manual 72 Ser v ices Services are used in defining traffic to be blocked or allo w ed b y the Access Control or Firewall Rules features. Man y co mm on Services are pre-defined, but y ou can also define y our o w n services if required.
73 Ch a pte r 8 VPN (IPS ec ) This Chapter describes the VPN capabilities and configuration required for common situations. O v er v ie w T his section describes the V P N (Virtual P rivate Net w ork) support provided b y y our VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 74 • Phase I is the negotiation and establish m ent up of the IKE connection. • Phase II is the negotiation and establish m ent up of the I P sec connection. Because the IKE and I P sec connections are separate, the y have different S A s (securit y associa- tions).
Microsoft VPN 75 Common VPN Situations VPN Pass-through Figure47: VPN Pass-through Here, a P C on the L A N behind the VR T -311 / VR T -311S is using V P N soft w are, but the VR T- 311 / VR T -311S is NO T acting as a V P N endpoint. It is onl y allo w ing the V P N connection.
Broadband VPN Router User ’ s Manual 76 Connecting 2 L A Ns v ia VPN Figure49: Connecting 2 VPN Gate w ays T his allo w s t w o (2) L A Ns to be connected. P Cs on each endpoint gain secure access to the re m ote L A N. • T he 2 L A Ns MUS T use different I P address ranges.
Microsoft VPN 77 VPN Configuration T his section covers the configuration required on VR T -311 / VR T -311S w hen using Manual Ke y Exchange (Manual P olicies) or IKE ( A uto m atic P olicies). Details of using Certificates are covered in a later section.
Broadband VPN Router User ’ s Manual 78 M ove T he order in w hich policies are listed is onl y i m portant if y ou have m ultiple polices for the sa m e re m ote site.
Microsoft VPN 79 • Other w ise, click Next to continue. You w ill see a screen like the follo w ing. Figure52: VPN Wizard – General Screen General Settings Policy Na m e Enter a suitable na m e. T his na m e is not supplied to the re m ote V P N. It is used onl y to help y ou m anage the policies.
Broadband VPN Router User ’ s Manual 80 Figure53: VPN Wizard - Traffic Selector Screen • For outgoing V P N connections, these settings deter m ine w hich traffic w ill cause a V P N tunnel to be created, and w hich traffic w ill be sent through the tunnel.
Microsoft VPN 81 Remote IP addresses Type • Single address - enter an I P address in the " Start I P address " field. • Range address - enter the starting I P address in the " Start I P address " field, and the finish I P address in the " Finish I P ad- dress " field.
Broadband VPN Router User ’ s Manual 82 SPI • Each S P I (Securit y P ara m eter Index) m ust be unique. • T he " in " S P I here m ust m atch the " out " S P I on the re m ote V P N, and the " out " S P I here m ust m atch the " in " S P I on the re m ote V P N.
Microsoft VPN 83 IKE Phase 1 If y ou selected IKE , the follo w ing screen is displa y ed after the Traffic Selector screen. T his screen sets the para m eters for the IKE S A . Figure55: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE S A ) Local Identity T his setting m ust m atch the " Re m ote Identit y " on the re m ote V P N.
Broadband VPN Router User ’ s Manual 84 Authentication • RSA Signature requires that both V P N endpoints have valid Certificates issued b y a C A (Certification A uthorit y ). • For Pre-shared k ey , enter the sa m e ke y value in both endpoints.
Microsoft VPN 85 IKE Phase 2 Screen T his screen sets the para m eters for the I P Sec S A . When using IKE, there are separate connec- tions (S A s) for IKE and I P Sec.
Broadband VPN Router User ’ s Manual 86 For IKE, configuration is no w co m plete. Click " Next " to vie w the final screen. Figure57: VPN Wizard - Final Screen On the final screen, click " Finish " to save y our settings, then " Close " to exit the Wizard.
Microsoft VPN 87 VPN Examples T his section describes so m e exa m ples of using VR T -311 / VR T -311S in co mm on V P N situa- tions. Example 1: Connecting 2 VRT-311 / VRT-311Ss In this exa m ple, 2 L A Ns are connected via V P N. Figure58: Connecting 2 VRT-311 / VRT-311Ss Note • T he L A Ns MUS T use different I P address ranges.
Broadband VPN Router User ’ s Manual 88 m ethod used. P re-shared Ke y Xxxxxxxxxx Xxxxxxxxxx Must m atch IKE A uthentication algorith m MD5 MD5 Must m atch IKE Encr y ption DES DES Must m atch IKE E.
Microsoft VPN 89 Example 2: Windo w s 2000/XP Client to L A N In this exa m ple, a Windo w s 2000/X P client connects to VR T -311 / VR T -311S and gains access to the local L A N. Figure59: Windo w s 2000/XP Client to VRT-311 / VRT-311S T o use 3DES encr y ption on Windo w s 2000, y ou need Ser v ice Pack 3 or later installed.
Broadband VPN Router User ’ s Manual 90 DH Group Group 1 (768 bit) Must m atch client P C IKE S A Life ti m e 28800 Does not have to m atch client P C. Shorter period w ill be used. IKE P FS Disable Must m atch client P C IPSec S A Parameters I P Sec S A Life ti m e 28800 Do not have to m atch.
Microsoft VPN 91 Figure61: Windo w s 2000/XP - Policy Properties • Note that no rules are in use. T w o 2 rules are required - inco m ing and outgoing. • T he outgoing rule w ill be added first. 6. Deselect the " Use A dd Wizard " checkbox, then click " A dd " to vie w the screen belo w .
Broadband VPN Router User ’ s Manual 92 Figure63: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address . • Since this is the outgoing filter, the Source IP address is " M y I P address " and the Des- tination IP address is the address range used on the re m ote L A N.
Microsoft VPN 93 Figure65: Ne w Rule Properties: Filter Action 11. Select Require Security , then click the " Edit " button, to vie w the Require Security Proper- ties screen. Figure66: Require Security Properties 12. Select Negotiate security (this selects IKE), then click " A dd " .
Broadband VPN Router User ’ s Manual 94 Figure67: M odify Security M ethod 13. On the resulting screen (above), select High [ESP] then click " OK " to save y our changes and return to the Require Security Properties screen. Figure68: Require Security Properties 14.
Microsoft VPN 95 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address . Enter the W A N (Internet) I P address of VR T -311 / VR T -311S, as sho w n belo w . Figure69: Tunnel Setting 16. Click the Authentication Methods tab, then click the " Edit " to see the screen like the exa m ple belo w .
Broadband VPN Router User ’ s Manual 96 Figure71: Windo w s 2000/XP Client to VRT-311 / VRT-311S 20. T o add the second (inco m ing) rule, click " A dd " . For the na m e, enter "T o Win2K " , then click " A dd " . Figure72: Windo w s 2000/XP Client to VRT-311 / VRT-311S 21.
Microsoft VPN 97 Figure73: Filter Properties: Addressing 22. Click " OK " to save y our changes, then " Close " . Figure74: Filter List 23.
Broadband VPN Router User ’ s Manual 98 Figure75: Filter Action 24. Select Require Security , then click " Edit " . On the Require Security Methods screen belo w , select Negotiate security . Figure76: Security M ethods 25. Click the " A dd " button.
Microsoft VPN 99 Figure77: M odify Security M ethod 26. Click " OK " to save y our changes, then click " OK " again to return to the Filter A ction screen. 27. Select the Tunnel Setting tab, and enter the W A N (Internet) I P address of this P C (172.
Broadband VPN Router User ’ s Manual 100 Figure79: Authentication M ethod 29. Select Use this string to protect the key exchange (preshared key) , then enter y our pre- shared ke y in the field provided. 30. Click " OK " to save y our settings, then " Close " to return to the DUT to W in2K Properties screen.
Microsoft VPN 101 Figure81: Properties - General Tab 32. Click the " A dvanced " button to see the screen belo w . Figure82: Key Exchange Settings 33.
Broadband VPN Router User ’ s Manual 102 Figure83: Key Exchange Security M ethods 34. Select the first entr y , and click the " Edit " button to see the follo w ing screen.
Microsoft VPN 103 Example 3: Windo w s 2000 Ser v er to VPN Gate w a y In this exa m ple, a Windo w s 2000 Server connects to VR T -311 / VR T -311S. Users on each L A N can then gain access to the re m ote L A N.
Broadband VPN Router User ’ s Manual 104 Windo w s 2000 Ser v er Configuration Configuration is the sa m e as for Example 2: W indows 2000/XP Client to except for specif y ing the Source and Destination addresses for the " Filter P roperties " .
Microsoft VPN 105 Certificates Certificates are used to authenticate users. Certificates are issued to y ou b y various C A s (Certi- fication A uthorities). T hese Certificates are called " Self Certificates " . Each C A also issues a certificate to itself.
Broadband VPN Router User ’ s Manual 106 Figure89: Add Trusted Certificate 3. Click the " Bro w se " button, and locate the certificate file on y our P C 4. Select the file. T he na m e w ill appear in the " Certificate File " field.
Microsoft VPN 107 Delete button Use this button to delete a Self Certificate. Select the checkbox in the Delete colu m n for an y Certificates y ou w ish to delete, then click the " Delete " button. Self Certificate Requests Request List A n y current requests are listed.
Broadband VPN Router User ’ s Manual 108 Subject Na m e T his is the na m e w hich other organizations w ill see as the Holder (o w ner) of this Certificate. T his should be y our registered business na m e or official co m pan y na m e. Gener- all y , all Certificates should have the sa m e value in the Sub j ect field.
Microsoft VPN 109 8. A fter obtaining a ne w Certificate, as described above, y ou need to upload it VR T -311 / VR T -311S. • Return to the Self Certificates screen. • In the Self Certificate Requests list, select the request m atching this certificate.
Broadband VPN Router User ’ s Manual 110 Figure 95: Upload CRL 4. Upload the CRL file: • Click the " Bro w se " button, and locate the CRL file on y our P C • Select the file. T he na m e w ill appear in the " File to Upload " field.
Microsoft VPN 111 Data Rx Measures the quantit y of data w hich has been received via this S A . Buttons Refresh Update the data sho w n on screen. Vie w Log Open a ne w w indo w and vie w the contents of the V P N log.
112 Ch a pte r 9 M i c rosoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. O v er v ie w Microsoft V P N uses the Microsoft VPN Adapter w hich is provided in recent versions of Win- do w s. T his feature can be used to provide re m ote access to y our L A N b y individual P Cs.
Microsoft VPN 113 Data – Microsoft VPN Screen PP T P Ser v er Enable Use this checkbox to enable or disable this feature as required. T o allo w connection b y re m ote Windo w s clients, y ou m ust enable this feature, and enter the client details (on the Clients screen) to allo w the m to login to this Server.
Broadband VPN Router User ’ s Manual 114 Data - Microsoft VPN Client Database Screen Existing Users User List A ll existing users are listed. If y ou have not added an y users, this list w ill be e m pt y . When a user is selected, their details are displa y ed in the Properties panel.
Microsoft VPN 115 Status Screen T he Status screen is accessed b y selecting the Status option on the Microsoft VPN m enu. Figure99: M icrosoft VPN Status Screen Data - Microsoft VPN Status Screen Ser v er Status Status T his indicates w hether or not the PPTP (V P N) Server is enabled.
Broadband VPN Router User ’ s Manual 116 Windo w s Client Setup T o connect to the PPTP (V P N) Server in the V P N Broadband Gate w a y : • T he Microsoft V P N feature in the V P N Broadband Gate w a y m ust be enabled and config- ured, as described in the previous section.
Microsoft VPN 117 5. Click " Finish " to exit the Wizard. T he ne w entr y w ill no w be listed in " Dial-up Net w orking " . If necessar y , y ou can change the settings for this connection b y right-clicking on it, and select- ing Properties .
Broadband VPN Router User ’ s Manual 118 Windo w s 2000 Ensure y ou have logged on w ith A d m inistrator rights before atte m pting this procedure. 1. Open " Net w ork Connections " , and start the " Ne w Connection " Wizard. Figure103: Windo w s 2000 Net w or k Connection 2.
Microsoft VPN 119 Figure105: Windo w s 2000 VPN Host 4. On the screen above, enter the Do m ain Na m e or Internet I P address of VR T -311 / VR T- 311S y ou w ish to connect to. Click Next to continue. Figure106: Windo w s 2000 Connection Availability 5.
Broadband VPN Router User ’ s Manual 120 Figure107: Windo w s 2000 Finish Wizard 6. Enter a suitable na m e, and click " Finish " to save and exit. Setup is no w co m plete. T o establish a connection: 1. Right-click the connection in " Net w ork Connections " , and select " Connect " .
Microsoft VPN 121 Windo w s XP Ensure y ou have logged on w ith A d m inistrator rights before atte m pting this procedure. 1. Open Network Connections (Start-Settings-Net w ork Connections), and start the Ne w Connection Wizard. Figure108: Windo w s XP Net w or k Connection Type 2.
Broadband VPN Router User ’ s Manual 122 Figure110: Windo w s XP Connection Na m e 4. Enter a suitable na m e for this connection. Click Next to continue. Figure111: Windo w s XP Public Net w or k 5. On the screen above, select " Do not dial the initial connection " .
Microsoft VPN 123 6. On the screen above, enter the Do m ain Na m e or Internet I P address of VR T -311 / VR T- 311S y ou w ish to connect to. Click Next to continue. Figure113: Windo w s XP Connection Availability 7. Choose w hether to allo w this connection for ever y one, or onl y for y ourself, as required.
124 Ch a pte r 10 Ot her Fea t ure s & Se tt in gs This Chapter explains the screens and settings available via the " Other " menu. O v er v ie w Nor m all y , it is not necessar y to use these screens, or change an y settings.
Other Features and Settings 125 Config File T his feature allo w s y ou to backup (do w nload) the current settings fro m VR T -311 / VR T -311S, and save the m to a file on y our P C. You can restore a previousl y -do w nloaded configuration file to VR T -311 / VR T -311S, b y uploading it to VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 126 Net w ork Diagnostics T his screen allo w s y ou to perfor m a "P ing " or a " DNS lookup " . T hese activities can be useful in solving net w ork proble m s. A n exa m ple Network Diagnostics screen is sho w n belo w .
Other Features and Settings 127 PC Database T he P C Database is used w henever y ou need to select a P C (e.g. for the " DMZ " P C). It eli m i- nates the need to enter I P addresses. A lso, y ou do not need to use fixed I P addresses on y our L A N.
Broadband VPN Router User ’ s Manual 128 Data - PC Database Screen Kno w n PCs T his lists all current entries. Data displa y ed is name (IP Address) type . T he " t y pe " indicates w hether the P C is connected to the L A N. Na m e If adding a ne w P C to the list, enter its na m e here.
Other Features and Settings 129 PC Database ( A dmin) T his screen is displa y ed if the " A dvanced A d m inistration " button on the PC Database is clicked. It provides m ore control than the standard PC Database screen. Figure117: PC Database (Ad m in) Data - PC Database ( A dmin) Screen Kno w n PCs T his lists all current entries.
Broadband VPN Router User ’ s Manual 130 M AC Address Select the appropriate option • Auto m atic discovery - Select this to have VR T -311 / VR T -311S contact the P C and find its M A C address. T his is onl y possible if the P C is connected to the L A N and po w ered On.
Other Features and Settings 131 Remote A dministration Re m ote A d m inistration allo w s y ou to connect to this interface via the Internet, using y our Web bro w ser. Figure118: Re m ote Ad m inistration Screen Data - Remote A dministration Screen Information Infor m ation T o establish a connection fro m the Internet: 1.
Broadband VPN Router User ’ s Manual 132 nected to the Internet. But if using a D y na m ic I P A ddress, this value can change each ti m e y ou connect to y our IS P . T here are 2 solutions to this proble m : • Have y our IS P allocate y ou a Fixed I P address.
Other Features and Settings 133 Routing O v er v ie w • If y ou don ' t have other Routers or Gate w a y s on y our L A N, y ou can ignore the " Routing " page co m pletel y .
Broadband VPN Router User ’ s Manual 134 Figure119: Routing Screen Data - Routing Screen RIP Enable RIP Check this to enable the RI P (Routing Infor m ation P rotocol) feature of VR T -311 / VR T -311S. VR T -311 / VR T -311S supports RI P 1 onl y .
Other Features and Settings 135 Properties • Destination Net w ork - T he net w ork address of the re m ote L A N seg m ent. For standard class " C " L A Ns, the net w ork address is the first 3 fields of the Destination I P A ddress. T he 4th (last) field can be left at 0.
Broadband VPN Router User ’ s Manual 136 Other Routers on the Local L A N Other routers on the local L A N m ust use VR T -311 / VR T -311S ' s Local Router as the Default Route . T he entries w ill be the sa m e as VR T -311 / VR T -311S ' s local router, w ith the exception of the Gateway IP Address .
Other Features and Settings 137 Metric 3 For Router A 's Default Route Destination I P A ddress 0.0.0.0 Net w ork Mask 0.0.0.0 Gate w a y I P A ddress 192.168.0.1 (VR T -311 / VR T -311S ’ s I P A ddress) Interface L A N For Router B's Default Route Destination I P A ddress 0.
Broadband VPN Router User ’ s Manual 138 Upgrade Firm w are Use this screen to upgrade y our VR T -311 / VR T -311S ' s fir mw are. • You m ust do w nload the required fir mw are file, and store it on y our P C. • During the upgrade process, all existing Internet connections w ill be ter m inated.
Other Features and Settings 139 UPnP A n exa m ple U P n P screen is sho w n belo w . Figure122: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Services • U P n P (Universal P lug and P la y ) allo w s auto m atic discover y and configuration of equip m ent attached to y our L A N.
140 Append i x A T ro u bl e s h ooti n g This Appendix covers the most likely problems and their solutions. O v er v ie w T his chapter covers so m e co mm on proble m s that m a y be encountered w hile using VR T -311 / VR T -311S and so m e possible solutions to the m .
Appendi x A - Troubleshooting 141 Solution 2: VR T -311 / VR T -311S processes the data passing through it, so it is not transparent. Use the Special Applications feature to allo w the use of Internet applications w hich do not function correctl y . If this does solve the proble m y ou can use the DMZ function.
142 Append i x B Sp ec ifi ca tio n s VRT-311 / VRT-311S Model VR T -311 / VR T -311S Di m ensions VR T -311 : 170 mm (W) * 147 mm (D) * 27 mm (H) VR T -311S : 148 mm (W) * 120 mm (D) * 30 mm (H) Oper.
Appendi x B - Specifications 143 FCC Radiation Exposure Statement T his equip m ent co m plies w ith FCC RF radiation exposure li m its set forth for an uncontrolled environ m ent. T his equip m ent should be installed and operated w ith a m ini m u m distance of 20 centi m eters bet w een the radiator and y our bod y .
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Planet Technology VRT-311S c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Planet Technology VRT-311S - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Planet Technology VRT-311S, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Planet Technology VRT-311S va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Planet Technology VRT-311S, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Planet Technology VRT-311S.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Planet Technology VRT-311S. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Planet Technology VRT-311S ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.