Dual WAN VPN Firewall VPN 2000 User’s Guide Version 1.0 Date : 1 July 2005 Please check www.basewall.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 TABLE OF CONTENTS 1: INTRODUCTION............................................................................................................................ 4 Internet Features........................................................................................................................ 4 Other Features ........................................................................................................................... 6 Package Contents...
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Upgrade Firmware.................................................................................................................... 60 10: DEVICE INFORMATION............................................................................................................ 61 Operation.................................................................................................................................. 61 System Status .................................
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 1:Introduction Congratulations on the purchase of your new Dual WAN VPN Firewall. The Dual WAN VPN Firewall does not only provide 2 WAN ports selections – it also provides Shared Broadband Internet Access for all LAN users. Figure 1-1: Dual WAN VPN Firewall Internet Features • • Dual WAN ports There are 2 WAN ports available for use on the Dual WAN VPN Firewall. They can function as a loadbalancer or as failover.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • High-Performance multi ADSL Modem Support The Dual WAN VPN Firewall has two WAN ports, allowing the connection of up to two broadband modems at the same time. This can provide a greater increase in bandwidth than is allowed by a single modem. Flexible configuration allows each port to use a different type of modem and connection methods. Also, you can determine how the Internet traffic is shared between the 2 modems.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • System Filter Exception It will reject every packet with an unrecognized port to avoid port scan program from hackers, but this also invokes problems on situation that some servers (e.g. SMTP server port 113) or client from WAN need to response packet to justify aliveness of their communication peers. • VPN (Virtual Private Network) Support up to 10 VPN tunnels, with a fail-over mechanism.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • UPnP To “Enable” UPnP (Universal Plug & Play), the Dual WAN VPN Firewall will become one of the network devices. It is useful to discover and control network devices, such as Internet gateway.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Package Contents The following items should be included: • The Dual WAN VPN Firewall Unit • Power Cord • Quick Installation Guide • CD-ROM containing the on-line manual. Note: If any of the above items are damaged or missing, please contact your dealer immediately.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Some Status and Error conditions are indicated by combinations of LED’s, as shown below LED Action Condition Status – System & Packets flash alternatively. Status – System & Packets flash concurrently. Status – System (Solid Off) & Packets (Solid On) Firmware Download in progress. MAC address not assigned.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 3. • Enter the name of the firmware upgrade file on your PC, or click the "Browse" button to locate the file. • Enter the LAN IP address of the Dual WAN VPN Firewall in the "Server IP" field. • Click "Upgrade Firmware" to send the file to the Dual WAN VPN Firewall. When uploading is finished the unit should function normally, using the default settings.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 2: Quick Installation Overview Basic Setup of your Dual WAN VPN Firewall involves the following steps: 1. Attach a PC to the Dual WAN VPN Firewall in port 1~4, and configure your LAN. 2. Install your Dual WAN VPN Firewall in your LAN, and connect the Broadband Modem or Modems. 3. Configure your Dual WAN VPN Firewall for Internet Access. 4. Configure PCs on your LAN to use the Dual WAN VPN Firewall.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 No Response? • Is your PC using a Fixed IP address? If so, you must configure your PC to use an IP address within the range 192.168.1.2 to 192.168.1.254, with a Network Mask of 255.255.255.0. See Appendix B – Windows TCP/IP Setup for details. • 7 Check that the Dual WAN VPN Firewall is properly installed, LAN connection is OK, and it is powered ON. After the login, you will then see the Admin Password screen, as shown below.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Figure 2-3: LAN & DHCP Setup 9. If your LAN already has a DHCP Server, and you wish to continue to use it, the following configuration is required. • The DHCP Server function in the Dual WAN VPN Firewall must be disabled. This setting is on the LAN & DHCP screen. • Your DHCP Server must be configured to provide the Dual WAN VPN Firewall LAN IP address as the "Default Gateway". • Your DHCP Server must provide correct DNS addresses to the PCs. 10.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 2. Installing the Dual WAN VPN Firewall in your LAN 13. Ensure the Dual WAN VPN Firewall and the DSL/Cable modem are powered OFF. Leave the modem or modems connected to their data line. 14. Connect the Broadband modem or modems to the Dual WAN VPN Firewall. • If using only one (1) Broadband modem, connect it to the port 1. • Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable. 15.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 3. Quick Installation - LAN & DHCP Select LAN & DHCP from the menu. You will see a screen like the example below. Figure 3-1: LAN & DHCP Ensure these settings are suitable for your LAN • The default settings are suitable for many situations. • See the following table for details of each setting.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Quick installation – LAN & DHCP LAN IP Configuration: • IP address - for the Dual WAN VPN Firewall, as seen from the local LAN. Use the default value unless the address is already in use or your LAN is using a different IP address range. In the latter case, enter an unused IP Address from within the range used by your LAN. • Subnet Mask -The default value 255.255.255.0 is standard for small (class "C") networks.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 DHCP Client List This table shows the IP addresses which have been allocated by the DHCP Server function. For each address, which has been allocated, the following information is shown. • Name – The ""hostname"" of the PC. In some cases, this may not be known. • MAC Address – The physical address (network adapter address) of the PC. • IP Address – The IP address allocated to this PC. • Type – Indicates IP address to be dynamic or static.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Quick installation - Primary setup Connection mode • Enable Select this if you have connected a broadband modem to this port. • Disable – Select this if there is no broadband modem connected to this port. • Backup – Use this if you have a broadband modem on each port, and wish to normally use only one. Select Enable for the primary port, and Backup for the secondary port. The Backup port will only be used if the primary port fails.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 3 : Loadbalancing This screen is only operational if using Internet connections on both WAN ports Figure 3-2: Load Balance Load balancing – Load Balance • Enable – Use this to enable your Load Balance settings. Unless this is checked, the other settings on this screen have no effect. • Balance Type – Select the desired option: • Bytes rx+tx – Traffic is measured by Bytes. • Packets rx+tx – Traffic is measured by Packets.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 4 : Advanced WAN Port options Connection validation • Health Check – Disable will not do Alive Indicator Check. By default health check is enable. Health checking is performing an ICMP echo request and HTTP packets to the specific destination that could be either: 1. Name or IP Address user specified in the “Alive Indicator” input box or gateway of WAN interface if “Alive Indicator” input box is left blank.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Transparant bridge option • Bridge Mode – If set to Enable, this WAN port does not use NAT & Load Balance function when LAN/WAN IP have the real IP addresses on the same network segment. • NetBIOS Broadcast – This function can allow you access files through Microsoft network neighborhood. If you enable the NetBIOS Broadcast function. • Traffic Management Strict Binding: traffic from bridged hosts (eg.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 PPPoE The screen is required in order to use multiple PPPoE sessions on the same WAN port. It can also be used to manually connect or disconnect a PPPoE session. Advanced WAN – PPPoE Select WAN port & Session WAN Port – Selected WAN port only using PPPoE connection PPPoE Session – Usually ISP provides multiple floating real IP for PPPoE. Each WAN port can have up to 8 PPPoE sessions with different IP address, if your WAN port is using PPPoE connection.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced WAN PPTP Advanced WAN WAN Port - Select the desired WAN port (click desired WAN on Connection Status). The data of the selected port will then be displayed in the WAN IP Account section. PPTP MTU – Maximum transfer unit for PPTP. The default value is 1460 WAN IP Account • User Name – The PPTP user name (login name) assigned by your ISP. • Password – The PPTP password associated with the User Name above.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 5 : Advanced Configuration Advanced configuration – Host IP This feature is used in the following situations: • You have Multi-Session PPPoE, and wish to bind each session to a particular PC on your LAN. • You wish to use the Access Filter feature. This requires that each PC is identified by using the Host IP screen. • You wish to have different Block URL settings for different PCs. This requires that each PC is identified by using the Host IP screen.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • Select Group – Select the group you wish to put this host into. • Reserve in DHCP – Select Enable to reserve a particular (LAN) IP address for a particular PC on your LAN. This allows the PC to use DHCP (Windows calls this "obtain an IP address automatically") while having an IP address that never changes. • Reserved IP Address – Enter the IP address you wish to reserve, if the setting above is Enable. Otherwise, ignore this field.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced configuration – Routing Routing This section is only relevant if your LAN has other Routers or Gateways. • If you don't have other Routers or Gateways on your LAN, you can ignore the Static Routing page completely. • If your LAN has other Gateways and Routers, you must configure the Static Routing screen as described below. You also need to configure the other Routers.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • Netmask –The Network Mask for the remote LAN segment. For class "C" networks, the default mask is 255.255.255.0 • Gateway – The IP Address of the Gateway or Router that the Dual WAN VPN Firewallmust use to communicate with the destination above. (NOT the router attached to the remote segment.) • Interface – Select the correct interface, usually "LAN". The "WAN" interface is only available if NAT (Network Address Translation) is disabled.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Metric 3 For Router A's Default Route Destination IP Address Network Mask Gateway IP Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 2 For Router B's Default Route Destination IP Address Network Mask Gateway IP Address Interface Metric 0.0.0.0 0.0.0.0 192.168.2.80 LAN 3 Virtual Server This feature allows you to make Servers on your LAN accessible to Internet users.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Note that, in this illustration, both Internet users are connecting to the same IP Address, but using different protocols. Connecting to the Virtual Server Once configured, anyone on the Internet can connect to your Virtual Servers. They must use the Dual WAN VPN Firewall Internet IP Address (the IP Address allocated by your ISP). e.g. http://205.20.45.34 ftp://205.20.45.34 • To Internet users, all virtual Servers on your LAN have the same IP Address.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced configuration – virtual server Virtual Server Configuration • Enable – The enable checkbox is to Enable or Disable each Virtual server as required. • Server Name – Enter a suitable name for this server. (By default, there are 12 well-known virtual servers have been list on the Custom Virtual Server List) • Protocol – Select the network protocol (TCP/UDP) used by this sever.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • Delete – Delete the selected entry. • Update – Save any changes you have made to the current entry. • Cancel – Cancel any changes you have made since the last save operation. Virtual Server List - This table shows the details of all Custom Virtual Servers configuration data which have been defined. You can modify their configuration data by mouse clicking some row.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced configuration - Special Application If you use Internet applications which have non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the firewall in the Dual WAN VPN Firewall. In this case, you can define the application as a "Special Application" in order to make it work.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Special Application List - This shows the details of all Special Applications which are currently defined. You can modify its configuration data by mouse clicking some row. Using a Special Application on your PC • Once the Special Applications screen is configured correctly, you can use the application on your PC normally. Remember that only one (1) PC can use each Special application at any time.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Dynamic DNS Service This pull-down menu can Enable/Disable the Dynamic DNS feature, and select the required service provider. • Disable – Dynamic DNS is not used. • TZO – Select this to use the TZO service (www.tzo.com). You must configure the TZO section of this screen. • DynDNS – Select this to use the standard service (from www.dyndns.org or other provider). You must configure the Standard Client section of this screen.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • The "Force Update" button will update your record on the Dynamic DNS Server immediately.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced Configuration - Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC, allowing unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced Configuration - UpnP Setup With UPnP (Universal Plug & Play) function, it can easily setup and configure an entire network, enable discovery and control of networked devices and services. UPnP Option - If Enable UPnP, then this device will become one of the entire local network. You can find out there is an icon shown on the network neighborhood on the Window XP.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced Configuration – NAT Setting NAT Configuration • NAT Routing – You can enable or disable NAT through the check box. If you disable NAT checkbox, it will act as a bridge or Static Router. Most features will be unavailable. • TCP Timeout – Enter the desired value to use on each WAN port. The default is 300. • UDP Timeout – Enter the desired value to use on each WAN port. The default is 120.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 NAT alias list - NAT Alias List shows the list of all NAT alias configuration data which are currently defined. You can modify its configuration data by mouse-clicking the list of rows. Check NAT detail - It shows all detailed information on NAT configuration data NAT Connection List - This shows the current details of all NAT entries which include interface, protocol, state, destination IP, WAN IP, local IP, idle time and in/out packets.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Advanced Configuration – Advanced Feature External Filters Configuration • IDENT Port – Port 113 is associated with the Internet's (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Interface Binding - SMTP (Simple Mail Transport Protocol) Binding Unless you are using E-mail accounts from different ISPs on each port, you can ignore these settings. Some ISPs configure their E-mail Servers so they will not accept E-mail from IP addresses not allocated by them. If you are using accounts from different ISPs, sending E-mail over the wrong WAN port may result in non-acceptance of the mail.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 6 – Security Management Security Management – Block URL This feature allows you to block access to undesirable Web sites. You can block by URL, IP address, or Keyword. You can also have different blocking settings for different groups of PCs. • In operation, every URL is searched to see if it matches or contains any of the URL or keywords entered here.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Security Management – Access Filter The network Administrator can use the Access Filter to gain fine control over the Internet access and applications available to LAN users. • Five (5) user groups are available, and each group can have different access rights. • All PCs (users) are in the Default group, unless assigned to another group on the Host IP screen. Access Group - This allows you have different access rights for different Groups of PCs.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Port Blocking – There are two possible settings : • No Filtering - all ports are open • Block All Access – All ports are closed, when you make a new rule, the port will be opened for that entry (maximum number of rules you enter are 50 ) • Filter Name – Enter a meaningful name for this filter. • Protocol Type – Select a protocol type you wish to block. • Port No. Range – Enter the range of port numbers used you wish to block.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Security Management – System Filter Exeption Sysfilter exeption - System Filter Exception – It will reject every packet with unrecognized port to avoid port scan program from hackers but this also incurs problems on situation that some servers (e.g. SMTP server port 113) or client from WAN need to response packet to justify aliveness of their communication peers.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 7 : VPN Configuration Virtual Private Network (VPN) uses encryption and authentication to create the connection between two end points (computers or networks). It allows private data to be sent securely over a public network or Internet without the risk of unauthorized access from outside intruders. VPN establishes a private network that can send data securely between two networks. We call this creating a “tunnel”.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Tunnel to BaseWall Unit - This describes how to setup an IPSec tunnel to a BaseWall VPN 1000,2000,3000,4000,5000 and 6000. VPN Configuration – Tunnel to Basewall Unit • VPN Tunnel List– here you can add a new tunnel or change an existing one from the list The router can setup a maximum of 50 tunnels. • Tunnel Name– In order to distinguish the tunnels, you have to give the “Tunnel” a name..
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • Action Connect – this button will initiate the tunnel Submit Query – this button will add the policy VPN Configuration – Tunnel to BaseWall Client Tunnel to BaseWall Client – This describes an IPSec tunnel from a the VPN 3000 to the BaseWall Client Software.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 VPN Configuration – Advanced settings When you use the tunnel to BaseWall unit or tunnel to BaseWall client configurations you don’t need to use the Advanced Settings. Only when you want to make adjustments for a IPSec tunnel to a third party unit you can choose here settings that may be required. • Tunnel Name– In order to distinguish the tunnel, you have to give “Tunnel” a name..
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Security level • • Encryption Method – It specifies the encryption mechanism to use. Data encryption makes the data unreadable if intercepted. There are three encryption method available; DES/3DES and AES. The default is null. Authentication – It specifies the packets authentication mechanism to use. Packets authentication proves that data comes from source you think it comes from. There are three authentications available. MD5, SHA1 and SHA2.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 IPSec policy options • Tunnel Attribute – The attributes for the tunnel that you just setup • Dead Peer Detection - If you like to utilize one of the wan port as a backup or plan the failover function, • Check Method – You can either choose ICMP, Heartbeat or DPD protocol. This will detect if the remote site VPN tunnel is alive or not. you can enable Dead Peer Detection function.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • Set DF Flag- If this DF (Do not Fragment) flag is set, it means the fragmentation of this packet at the IP level is not permitted. VPN configuration – VPN preset • ISAkmp Port– Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify and delete security associations and their attributes. In particular, it was assigned UDP port 500 by the IANA.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 VPN Configuration – SA List VPN configuration – SA list The list will display the details of all Policy Setup configuration data that you have setup.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 VPN Configuration – VPN Log You can monitor the VPN status through the VPN log web page. The log level (priority) can be chosen from VPN IKE Global Setting web page. Message Status • • Time – It indicates when this message is created using the system time. Priority – It indicates the severity level of a message for analysis. Undefined messages • • Module – Which module is responsible for this message to be sent in IPSec architecture.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 8: QoS Configuration QoS Configuration – QoS Setup The Dual WAN VPN Firewall provides QoS, which supports the high quality of network service. Because it will classify outgoing packets based on some policies defined by users, it can make some real-time applications to get better response or performance. QoS Features : • Enable QoS – This will allow users enable QoS function. • Queuing Method – The methods that how you manage your queue.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 QoS Configuration – QoS Setup QoS Setup QoS Feature • • Enable QoS – This will allow users enable QoS function Queuing Method - The methods that how you manage your queue. ”Priority queuing. It is one of the first queuing variations to be wildly implemented. IP TOS • • Process TOS Field – An 8 bits field in the IP packet header designed to contain values indicating how each packet should be handled in the network.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Policy Priority : • Policy Name List – When adding a new Policy, ignore this list. To edit an existing entry, select it from the list, and click the "Select" button. The data fields will then be updated with data for the selected entry. • Policy Name – Enter a suitable name. Generally, you should use the "Policy Name" for the network traffic. • Source Address – Define the source address of packets here. It has two types like IP address or MAC address.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 9 : Management Assistant Management assistant – Admin Password Enter the desired password, re-enter it in the Verify Password field, then save it. When you connect to the Load Balancer with your Browser, you will be prompted for the password when you connect, as shown below. • Enter "Admin" for the User Name. • Enter the password for the Dual WAN VPN Firewall, as set on the Admin Password screen above.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Management Assistant – Email Alert This feature will send a warning Email, inform system administrator that one of the WAN ports was disconnected. Enable/Disable Email Alert • Enable – This will enable email alert to send a warning email when WAN port was disconnected.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • Ping Attack Notification - By default this feature is Disabled. • Ping Before Notification - A threshold value, means the maximum Ping times allowed to each interface on this device in a minute. The valid values ranges from 0 to 9999. Management Assistant – SNMP This section is only usefull if you have SNMP(Simple Network Management Protocol) software on a PC or server. If you have SNMP software, you can use a standard MIB 2 file with the VPN 2000.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Management Asssistant – Syslog This feature can send real time system information on the web page or to the specified PC. Syslog Delivery • Sending out – Check this, if you want to send syslog messages to other machine. • Keep Send messages – Check this, if you want to keep sent messages, otherwise the sent message will be delete. • Syslog Server - IP address: Up to 3 syslog servers can be used.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Management Asssistant - Upgrade Firmware This Upgrade Firmware Screen allows you to upgrade firmware or backup system configuration by using HTTP upgrade. • You can backup your system configuration by press “save” button of Save System Configuration. It will save the system configuration for you.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 10: Device Status Once both the Dual WAN VPN Firewall and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: Refer to Chapter 6 - Advanced Features for further details. Device status – System status • Connection Status – Current status – either "Connected" or "Disconnected".
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Device Status - WAN status NAT Statistics This section displays data for each WAN port. • Connection status – This will display either Connected or Not Connected. • Default Loading Share - The default traffic loading between the WAN ports. • Current Loading Share – The current traffic loading between the WAN ports. • Current Loading – The number of sessions, Bytes and Packets currently being processed on each port.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Active WAN IP Info – There is one (1) row for each active connection, for each connection the following data is shown. • IP Address – The WAN (Internet) IP Address of the Dual WAN VPN Firewall. • Mask Address – The Network Mask (Subnet Mask) for the IP Address. NAT Timeouts – This displays the current timeout values for TCP and UDP connections. TCP Prosperity - This displays the MSS (Maximum Segment Size) and Maximum Windows size for TCP packets.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Device information – Device Information Device Information • Firmware Version – Version of the Firmware currently installed.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 If the "Restore Default Value" button on this screen is clicked: • • • ALL of your settings will be erased. The default IP address, password and ALL other settings will be restored to the factory default values. The DCHP server function will be enabled. These changes may mean that the current connection is invalid, and you will have to re-connect to the Dual WAN VPN Firewall using its default IP address (192.168.1.1).
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Appendix A Specifications Model Dimensions Operating Temperature BaseWall VPN 2000 Dual WAN Firewall 246mm (W) x 138mm (D) x 30mm (H) 0° C to 40° C Storage Temperature -10° C to 70° C Network protocol TCP/IP Protocol: Network Interfaces 6 Ethernet: 4 * 10/100BaseT (RJ45) auto-Switching Hub ports for LAN devices 2 * 10/100BaseT (RJ45) for WAN LEDs 4 LAN 2 WAN 2 Status 1 Power Power Input DC 5V @ 1500 mA FCC Statement This device complies with Part 15
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Appendix B Windows TCP/IP Setup Overview TCP/IP Settings If using the default Load Balancer settings, and the default Windows 95/98/ME/2000 TCP/IP settings, no changes need to be made. • By default, the Dual WAN VPN Firewall will act as a DHCP Server, automatically providing a suitable IP Address (and related information) to each PC when the PC boots. • For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Ensure your TCP/IP settings are correct, as follows: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the Dual WAN VPN Firewall.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 • On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add. Checking TCP/IP Settings - Windows 2000: 6. Select Control Panel - Network and Dial-up Connection. • Right click the Local Area Connection icon and select Properties.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Figure B-6: TCP/IP Properties (Win 2000) • Ensure your TCP/IP settings are correct: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the Dual WAN VPN Firewall.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Checking TCP/IP Settings - Windows XP: 7. Select Control Panel - Network Connection. • Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure B-7: Network Configuration (Windows XP) • • Select the TCP/IP protocol for your network card. Click on the Properties button.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Figure B-8: TCP/IP Properties (Windows XP) • Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button obtain an IP Address automatically. This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the Dual WAN VPN Firewall. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Appendix C Troubleshooting Overview This chapter covers some common problems that may be encountered while using the Dual WAN VPN Firewall and some possible solutions to them. If you follow the suggested steps and the Dual WAN VPN Firewall Router still does not function properly, contact your dealer for further advice. General Problems Problem : Can't connect to the Dual WAN VPN Firewall to configure it.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 Appendix D : IPSec Tunnel Examples VPN Configuration – Examples Tunnel to BaseWall Unit VPN 3000 TO : VPN 1000 OR VPN 2000 OR VPN 3000 The BaseWall units in the following example use registered IP addresses. You have to replace these addresses with IP addresses that are available to you. These settings are only possible if you have a static IP address available on one or both of your WAN ports.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 First we will make settings in the VPN 3000 Next we will make settings for the VPN 2000 Note : you need different subnets at both ends of the tunnel. This is because the IPSec tunnel will connect the two subnets so they need to be different in order to avoid IP address conflicts. These are all the settings you need to setup the tunnel.
BaseWall, Tel: +31-74-2491004, Fax: +31-74-2593934 78
