Manuel d'utilisation / d'entretien du produit BR14VPN du fabricant SMC Networks
Aller à la page of 73
i.
Copyright Information furnished by SMC Networks, Inc. (S MC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which ma y result from its use.
Compliances FCC - Class B This equipment has been tested and found to co mply with the l imits for a Class B digital device, pursuant to Part 15 of the FCC Ru les. Thes e limits are designed to provide reasonable protection against harmfu l interfer ence in a residential installation.
EC Conformance Declaration – Class B SMC contact for these products in Europe is: SMC Networks Europe, Edificio Conata II Calle Fructuos Gelabert 6-8, 2o, 4a 08970 – Sant Joan D espi Barcelona, Spain This equipment complies with the requirements relating to electromagn etic compatibility, EN 55022/A1 Class B, and EN 50082-1.
1 | SYSTEM REQUIREMENTS 1 2 | EQUIPMENT CHECKLIST 1 3 | FUNCTIONS AND FEATURES 2 4 | PANEL LAYOUT 3 5 | HARDWARE INSTALLATION 4 6 | NETWORK SETTINGS AND SOFTWARE INSTALLATION 4 6.1 | Instal ling TCP/IP 5 6.2 | Setting u p TCP/IP 5 6.3 | Obtainin g an IP Address 6 6.
7.9 | Advanced S etup - VPN 33 7.9.1 | IPSec Tunnel 33 7.9.2 | IKE Proposal 35 7.9.3 | IPSec Proposal 36 7.9.4 | Dynamic VPN 38 7.9.5 | PPTP/L2TP Server 39 7.10 | Advanced Setu p - SNMP 40 7.11 | Advanced Setup - ROUTING 41 7.12 | Advanced Setup - MISCELLANEOUS 42 7.
1 | System Requirements • Internet access from your local telephone compan y or Internet Service Provider (ISP) using a DSL modem, cable mode m, Dial-Up modem, or ISDN modem • A PC using a fixed I.
3 | Functions and Features Broadband Modem and NAT Router Connects multiple computers to a broadband (cable or DSL) modem, and/or Ethernet router to access the Internet. 10/100 Mbps Ethernet Interface Provides a 10/100 Base-TX in terface to connect to a DSL or cable modem for broadband Internet access.
4 | Panel Layout The following figure shows the front panel layout, which is followed by a table describin g in detail the status and function of each LED.
SMCBR18VPN Front Panel: 8 LAN, 1 WAN, and 1 COM port Port Type Description 5 VDC Receptor for power adapter: 5 VDC, 2 A (minimum) WAN This is the connection for the Ethernet cable to the Ethernet port.
You must first verify that the TCP/IP communi cation protocol is properly in stalled and the computer is configured to get its IP address via the DHCP Server that is built-into this router. If you have not previous ly installed TCP/IP protocols on your client PCs, refer to the following section.
into your CDROM drive and check the correct file location, e.g ., D:win98, D:win9x. (if D is the letter of your CD-ROM drive). 9. Windows may prompt you to restart the PC. If so, click the Yes button. If Windows does not prompt you to restart your com puter, do so to insure your setting s.
6.4 | Config uring a Macintosh Computer You may find that the instructions here do not exactly match your screen. This is because these steps and screen shots were creat ed usi ng Mac OS 10.2. Mac OS 7.x and above are all very similar, but may not be identical to Mac OS 10.
7 | Configuring Your Broadband VPN Router Before you attempt to log into the web-based Admi nistration, please verify the following. 1. Your browser is configured properly (s ee below). 2. Disable any firewall or security software that may be running.
Note that there are two different Web user in terfaces, one for general users and one for the system administrator. To log on as an admini strator, enter the system password (default password is smcadmin ) and click the LOGIN button.
Cable Modem The cable modem option allows you to confi gure a host name and MAC Address. The Host Name is optional, but may be required by some ISP s. The default MAC address is set to the WAN’s physical interface on the Router. Use this ad dress when registering for Internet service, and do not change it unl ess required by your ISP.
Fixed-IP xD SL Some xDSL Internet Service Providers may assi gn a fixed (static) IP address. If you have been provided with this information, choose this option and enter th e assigned IP address, gateway IP address, DNS IP addresses, and subnet mask.
PPTP Point-to-Point Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks usi ng the Internet as an intermediary.
BigPond If you use the BigPond Intern et Service which is available in Australia, enter your username and password and apply the changes. L2TP Layer 2 Tunneling Protocol is a common connection method u sed for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary.
will be dropped and will automatically re-estab lish the connecti on as soon as you attempt to access the Internet again. Dial-Up Most Dial-up users will select this option to connect to their ISP through an analog dial-up modem. This feature can be used as a back-up when your broad band connectivity is unavailable.
15.
7.4 | Advanced S etup – S YSTEM Time Zone Use the section below to configure the Barricad e 's system time. Select your timezone and configure the daylight savings option based on your location. This information is used for the time/date parental rules you can configure wi th the Barricade's Advanc ed Firewall.
Password Setti ngs Use this section to configure the 2 password accou nts and idle time-out setting for your Barricade Router. Ther e are 2 levels of admin access for this VPN Router: The Administrator account has Read/ Write perm ission to view and change any settings.
Syslog Server The Syslog Server tool will automatically dow nload the Barricad e log to the server IP address specified by the u ser. Enter the Serv er LAN IP Address and select the Enable radio button to enable this function. The broadband rout er is also able to send th e log files to a specific email address.
7.5 | Advanced S etup - WAN Dynamic IP The cable modem option allows you to confi gure a host name and MAC Address. The Host Name is optional, but may be required by some ISP s. The default MAC address is set to the WAN’s physical interface on the Router.
PPPoE Enter the PPPoE User N ame and Password assi gned by your Service Provid er. The Service Name is normally optional, but may be requi red by some s ervice providers. Leave the Maximum Transmission Unit (MTU) at the defaul t value unless you have a particular reason to change it.
PPTP Point-to-Point Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks usi ng the Internet as an intermediary.
BigPond If you use the BigPond Intern et Service which is available in Australia, enter your username and password and apply the changes. L2TP Layer 2 Tunneling Protocol is a common connection method u sed for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary.
Dial Up Most Dial-up users will select this option to connect to their ISP through an analog dial-up modem. This feature can be used as a back-up when your broad band connectivity is unavailable. Enter the ph one number, account na me and password assigned to you by yo ur ISP.
7.6 | Advanced S etup - L AN This is the local IP address of the router. All networked comput ers must use the LAN IP address of the router as their d efault Gateway. However, if necessary, it can be changed. Here you can configure the LAN IP address fo r the router and enable/disable the DHCP server for dynamic client addre ss allocation.
You also have the option to configure more ad vanc ed settings by clicking the “More” button. You can configure the router’s DHCP server to give out specific Primary and Second ary DNS, Primary and Secondary W INS, and an alternate Gat eway (in the event that the rout er is not the Internet gateway).
7.7 | Advanced Setup - NAT 7.7.1 | Virtu al Server The firewall of the router filters out unrecogni zed packets to protect your intranet. This means that all network hosts are invisible to th e outside world. However, some of the hosts can be made accessible by enabling th e Virtual Se rver mapping.
For example, if you have an FTP server (port 21 ) at 192.168.123.1, a We b server (port 80) at 192.168.123.2, and a VPN server at 192.168.123.6, you need to specify the f ollowing virtual server mapping as shown in the table below: Service Port Server IP Enable 21 192.
For a full list of ports and the services that run on them, see http://www.iana.org/assignments/port-numbers 7.7.3 | Virtu al Computer Use the “Virtual Computer” option to maintain th e privacy and security of the local net work.
You can select one of the two filtering policies: • Allow all to pass except those that match the specified rules • Deny all to pass except those that match the specif ied rules You can apply up to 8 rules for each direction, inbound or outbound.
7.8.3 | MAC Filter MAC Address Filtering allows you assign differe nt access rights to various users and you can also assign a specific IP address to a certain MAC address. Select the Enable radio button to enable the MA C Address Cont rol. All of the settings on this screen take effect when Enable is ch ecked.
7.8.4 | Schedul e Rule Set scheduled times to be used to control what time of day a service or set of services is enabled. Use this section to configure up to 10 Schedule Rules to lim it network access based on time and day. To create a schedule rule click the [Add Schedule Rule .
The Schedule Rule screen appears. It now shows your setting for Rule 1. If you need to make changes to your setting, click the Edit button. If you want to delete Rule 1, click the Delet e button.
7.8.6 | DMZ If you have a local client PC that cannot run an Internet application properly from behind the NAT firewall, then you can open the client up to unrestricted two-way Internet access by defining a Virtual DMZ Host. 7.9 | Advanced S etup - VPN 7.
• VPN: VPN protects network information from intruders. However, it greatly decreases network throughput. Enable it onl y when a security tu nnel is absolutely necessary. This feature is disabled by default. • Max. Number of Tunnels: Set the number of tunnel s that are allowed to be in operation simultaneously.
Options • Select IKE proposal: Click this button to se tup a set of frequently used IKE p roposals for the dedicated tunnel. • Select IPSec proposal: Click this button to setup a set of frequently used IPSec proposals for the dedicated tunnel. The tunnel name is equal to the name you c onfigured on the p revious page of VPN settings.
o MD5 • Life Time: The unit of Life time is based on the value of the life time unit, which can be seconds or KB. If the value of the unit is seconds, the value of life time repres ents the life time of the dedicated VPN tunnel bet ween both end gateways.
• Proposal Name: The proposal name indicates which IPSec proposal will be monitored. The first character of the name with the value of 0x00 stands for the IPSec proposal that is not available. • DH Group - Three groups can be selected: o Group 1 (MODP768) o Group 2 (MODP1024) o Group 5 (MODP1536) However, you can also select None.
7.9.4 | Dyna mic VPN When using the VPN Dynamic IP Setting, the r outer functions as a Dynamic VPN server. The Dynamic VPN server does not check the VPN client IP information - this means that you can build a VPN tunnel with a VPN gateway from any remote host, regardless of the IP information.
7.9.5 | PPTP/L2TP Server Point-to-Point and Layer 2 Tunneling Protocol s (PPTP / L2TP) allows the secure remote access over the Internet by simply dialing in a local point provid ed by an ISP.
7.10 | Advanced Setu p - SNMP The Simple Network Management Protocol (S NMP) lets you manage a compu ter network remotely by polling and setting terminal values and monitoring network events. • Enable SNMP: You can check Local, Remote, or both options to enable the SNMP function.
7.11 | Advanced Setup - ROUTING The Routing Table lets you determine which phy sical interface address to use for outgoing IP data grams. If you have more than one router and subnet, you will have to enable the rout ing table to allow packets to find the routing path.
7.12 | Advanced Setup - MISCELLANEOUS If you experience difficulties accessing an FTP server that is running on a port other than 21, you can enter that port in the “Non-standard FTP port” and apply the changes. Wake-on-LAN is a technology that lets you power up a netwo rked router remotely.
7.13 | Advanced Setup – DISPLAY STATUS Enable the Display Status option to view the W AN connectivity settings on the login page. When this is enabled, the login page appears as follows: 7.14 | DDNS (Dynami c DNS) Dynamic DNS provides users on the Internet a method to tie their domain name(s) to computers or servers.
7.15 | UPnP (Universal Plug-and-Pla y) The Universal Plug and Play architecture offers p ervasive pe er-to-peer network connecti vity of PCs of all form factors, intelligent app liances, and wireless devices.
7.17 | Status You can use the Status screen to see the connection status for Barricade's WAN/LAN interfaces, firmware and hard ware version numbers, any illega l attempts to access your network, as well as information on all DHCP clie nt PCs currently connected to your network.
46.
8 | IPSec Settings Guide (For Reference/Example Only) 8.1 | Tunnel betwee n two SMCBR 14VPN The easiest way to construct a VPN tunnel bet w een two sites is to use two SMCBR14VPNs, which are connected to the intern et.
Set the VPN settings as follows: VPN: Enable Max. number of tunnels: 2 ID: 1 Tunnel Name: 1 Method: IKE When finished, click “More”. VPN Settings – Tunnel 1 – IKE 48.
Set the Tunnel 1 IKE settings as follows: Tunnel 1: 1 Local Subnet: 192.168.1.0 Local Netmask: 255.255.255.0 Remote Subnet: 192.168.1.0 Remote Netmask: 255.255.255.0 Remote Gateway: ip2.smc.com Preshare Key: mypresharedkey When finished, save your settings.
Set the VPN settings as follows: VPN: Enable Max. number of tunnels: 2 ID: 1 Tunnel Name: 1 Method: IKE When finished, click “More”. VPN Settings – Tunnel 1 – IKE 50.
Set the Tunnel 1 IKE settings as follows: Tunnel 1: 1 Local Subnet: 192.168.2.0 Local Netmask: 255.255.255.0 Remote Subnet: 192.168.1.0 Remote Netmask: 255.255.255.0 Remote Gateway: ip1.smc.com Preshare Key: mypresharedkey When finished, save your settings.
8.1 3 | Common Sett ngs for both rout ers . i VPN Settings – Tunnel 1 – Set IKE Proposal Set the Tunnel 1 IKE Prop osal settings as follows: ID: 1 Proposal Name: 1 DH Group: Group2 Encypt. algorithm: 3DES Auth. algorithm: SHA1 Life Time: 10000 Life Time Unit: Sec.
VPN Settings – Tunnel 1 – Set IPSec Proposal Set the Tunnel 1 IPSec Proposal settings as follows: ID: 1 Proposal Name: 1 DH Group: Group2 Encap. protocol: ESP Encrypt. algorithm: DES Auth. Algorithm: MD5 Life Time: 10000 Life Time Unit: Sec. When finished, save the settings.
8.3 | PPTP/ L2TP configuratio n example Pease note that the virtual address of th e L2TP and PPTP server have to be different. PPTP • Step 1: Go to the PPTP Server s ecti on and select the Enable ra.
55 55.
9 | Troubleshooting A. Verifying your connection to the router If you are unable to access the Router’s we b-bas ed administration pages, then you may not be properly connected or configured. To determine your TCP/IP configuration status please follow the steps below: 1.
F. I am having problem s establish ing a PPPoE xDSL WAN connecti on Some ISP’s require you to enter the domain name in addition to your username and password. For instance, for SBC Global, enter username@sbcglo bal.net. For Ameritech users, enter username@a meritech.
J. I forgot my password and can no longer log into the ro uter. You should restore your router to factory defaults via its hard ware reset button. Locate the reset button (to the right of the power input). While the device is powered on, use a paper clip to depress this button for about 5-7 sec onds and then release.
Microsoft uses an embedded L2TP/IPSEC VPN im plementation . In order to use the Microsoft standard VPN client, one has to disable the IP SEC on the PC.
10 | Technical Specifications Standards: IEEE 802.3 10Base-T Eth ernet IEEE 802.3u 100Base-TX Fast Ethernet Hardware / Ports: LAN Port 4x RJ45, 10/100 Mbps with Auto-MDI/ MDIX (BR14VPN) 8x RJ45, 10/10.
Dynamic IP L2TP PPTP BigPond Static IP Input Power: 5V 2A Operating Temperature: 0~40 o C Humidity: 10%~90% non-condensing Compliances: FCC CE VCCI UL 61.
11 | Terminology 10BaseT - Physical Layer Specification for Twiste d- Pair Ethernet using Unshielded Twisted Pair wire at 10Mbps. This is the most popular ty pe of LAN cable used today because it is very cheap and easy to install. It uses RJ-45 conne ctors and has a cable length span of up to 100 meters.
DES - Data Encryption Standard. A cryptographic encryption al gorithm that is part of many standards. DHCP - Dynamic Host Configuration Protocol. This protocol automatically configures the TCP/IP settings of every computer on your home network. DMZ - Allows a networked computer to be fully ex posed to the Intern et.
ISAKMP - Internet Securit y Association and Key Manangement Protocol. The basis for IKE. ISP - Internet Service Provider. An ISP is a business that provides connectivity to the Internet for individuals and other busin esses or organizations. JPEG – Joint Photographic Exp erts Group.
NAT – (Network Address Translation) This process allows all of the computers on your ho me network to use one IP address. The N AT capabilit y of the Barricade, allows you to access the Internet from any comp uter on your home networ k without having to purchase more IP addresses from your ISP.
TCP/IP - Transmission Control Protocol/Internet Protocol. This is the standard protocol for data transmission over the Intern et. TCP - Transmission Control Protocol - TCP and UDP (User Datagram Protocol) are th e two transport protocols in TCP/IP. TCP ensures that a message is sent accurately and in its entirety.
67.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté SMC Networks BR14VPN c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du SMC Networks BR14VPN - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation SMC Networks BR14VPN, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le SMC Networks BR14VPN va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le SMC Networks BR14VPN, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du SMC Networks BR14VPN.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le SMC Networks BR14VPN. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei SMC Networks BR14VPN ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.