Chapter 1: Introduction This manual contains detail instructions, on how to setup and operate the VPN Internet Gateway. The VPN Internet Gateway provides an easy and cost effective way to communicate securely over a public network, such as the Internet. You can configure the VPN Internet Gateway to automatically encrypt all data transmitted to a particular site or sites over the Internet. The VPN Internet Gateway can create a secure connection between two or more sites.
Features Supports Virtual Private Network (VPN) connections (IPSec) Supports up to 8 IPSec tunnel connections Supports VPN client software (Safenet and SSH) Supports DES/3DES Encryption, IP Encapsulating Security Payload (ESP), Authentication (MD5/SHA-1) Shared Internet connection via any Cable or xDSL modem Asynchronous port for backup or dial-up Internet connection Supports up to 253 users Provides solid firewall protection for LAN clients/computers Built-in high speed 4 port 10/100 switch to connect to c
Minimum System Requirements Microsoft Internet Explorer 4.0 (or later version) or Netscape Navigator 4.
The Gateway’s Rear View The diagram below shows the Internet Gateway’s rear panel and is where all the hardware connections are made. 12VDC Rear View Ports Description Power (12VDC) The power port is where you connect the DC power adapter WAN The WAN 10M Ethernet port is where you connect your ADSL/Cable modem. Serial The Serial port is where you connect the 56K modem / ISDN TA Reset If you want the device to have the factory default settings, press the reset button and hold it for 5 ~ 6 seconds.
The Gateway’s Front Panel LED On the router’s front panel there are LED lights that inform you of the router’s current status. Below is an explanation of each LED and its function. LED LAN (1-4) Link/Act Serial LED Status Off Green LED will NOT Light if there is no connection ON Green LED will LIGHT when a connection has been established.
LED LED Status Description STATUS Blink Yellow LED will BLINK when the device is booting up or upgrading a firmware. POWER Off NO Power ON Red LED will LIGHT if the Gateway is receiving power. Hardware Installation Setup The diagram below shows how the Internet Gateway is typically setup.
When you setup the hardware installation please note the following. 1. Make sure that the power supply outlet voltage is compatible with the power adapters of your PCs, Cable/XDSL modem and the Internet Gateway. 2. For the Internet Gateway, only use the power adapter that comes with it. 3. Connect a network cable from your PC’s Ethernet port to one of the LAN ports at the rear panel of the Internet Gateway. Do the same with all of the PCs or switches/hubs you wish to connect to the Internet Gateway. 4.
Chapter 2: Getting Started To setup the Internet Gateway and get connected to the Internet; follow the following step-by-step procedure: 1. Setup your hardware network installation (see Chapter 1 – Hardware Installation setup) 2. Configure your network computers (LAN server/client/host) to “Obtain an IP address automatically.
4. The main menu will appear. It displays all the functions that you can use and configure for the Internet Gateway. The User Interface is designed to be extremely user-friendly and is divided into 6 main sections. The 6 sections are listed on the top Tool bar (see screen above) and appear at the top of every browser screen for easy access.
Main Menu Description Setup Wizard (chapter 2) This is the most important section out of the 6 sections. You must configure this section to begin using the Internet Gateway. The Setup wizard is where you input the information required to connect the Internet Gateway to your Internet Service Provider (ISP). Advanced Settings (chapter 5) The Advanced settings section is where you can configure all the major features and functions of the Internet Gateway.
5. Click the SETUP WIZARD. A username and password will appear. Leave the password box empty and type admin (the default username) in the username box. Click OK. The setup wizard’s page will appear as shown below. The Setup wizard will take you through 7 step-by-step (7 steps: buttons on the left) configuration procedures that you’ll need to do in order to setup the Internet Gateway (e.g. connecting to the Internet / establishing a VPN connection).
(Step A) Time Zone Settings (Step B) Device IP Settings (Step C) ISP Settings (Step D) ISP Additional Settings (Step E) Modem Settings (Step F) VPN Settings (Step G) Save & Restart 6. (Step A) Time Zone Settings: Please choose a local time zone. Once you have selected a time zone, click the Next button to continue to the next step. 7. (Step B) Device IP Settings In this section, you have to give your Internet Gateway an IP address for the local area network (LAN) side.
The screen shown above is described in the following table: Parameters Description Device IP Address Settings IP Address Assign an internal LAN IP address for this Internet Gateway or leave it as the default value “192.168.2.1.” IP Subnet Mask Enter the subnet mask, you can usually leave it as the default entry “255.255.255.0” Once you have filled in the above information, click the Next button to continue to the next step. 8.
ISP Connection Type Description PPTP Settings (Step 8-4) Your ISP requires you to use a Point-to-Point Tunneling Protocol (PPTP) connection. Telstra Settings (Step 8-5) The Telstra Settings is a service that applies to connections in Australia only. Step 8-1) Connect to Cable ISP: Select Connect to Cable ISP if you have a cable connection. Please select “Connect to Cable ISP” and click “Next” to proceed to the next page.
given you a static IP address. You will have to enter the following information: Parameter Description IP assigned by your ISP Enter the IP address (provided by your ISP) IP Subnet Mask Enter the IP subnet mask (provided by your ISP) ISP Gateway Address Enter the ISP gateway address (provided by your ISP) Note: Once you have filled in the above information, click “Next” to proceed to the next step.
Step 8-3) PPPoE Settings: Select PPPoE Settings if your ISP requires the PPPoE protocol to establish an Internet connection. You will have to enter the following information: Parameter Description User name Password Retype password Enter the user name of your ISP account. Enter the password of your ISP account. Enter the password of your ISP account again to re-confirm. Connection Type Select ONE. Always Connect - The VPN Gateway will always connect with your ISP.
Step 8-4) PPTP Settings: Select PPTP Settings, if your ISP requires the PPTP protocol to establish an Internet connection (e.g. Europe). You will have to enter the following information: Parameter Description User name Enter the user name of your ISP account. Password: Enter the password of your ISP account. Idle Time Optional: You do not have to configure this section. It depends on the user’s needs.
Parameter Description Connection ID Input this ID information only if your ISP has given you one. Connection Type Select ONE. Always Connect - The VPN Gateway will always connect with your ISP. If this is the case, the Idle Time function is unavailable. Trigger on Demand – Once the VPN Gateway detects any packets want to get to Internet, the VPN Gateway will connect with your ISP automatically. Manual – You can manually disconnect/connect with your ISP for the WAN port (Cable/xDSL).
Step 8-5) Telstra Settings: The Telstra Settings is a service that applies to connections in Australia only. You will have to enter the following: Parameter Description User Name Enter the User Name (Provided by the ISP) Password Enter the Password (Provided by the ISP) Retype password Re-Enter the password of your ISP account again to re-confirm.
9 (Step D) ISP Additional Settings In this section you can input special settings required by certain ISPs. You do not need to configure the entire section or any part of the section, only the settings needed by your particular ISP (if any). If your ISP does not require any additional settings, then please leave this section blank and proceed to the next step.
Parameter Description Some ISPs use Host Name If your ISP requires you to fill in a Host and Domain Name to Name and Domain Name then you must authenticate the user check this box to enable this function and then enter the Host Name and Domain Name (see Host/Domain Name below) Host Name Enter the Host Name (provided by your ISP) Domain Name Enter the domain name (provided by your ISP) Your ISPs require you to input the LAN card’s Mac address If your ISP requires a specific MAC address in order for yo
10. (Step E) Modem Settings The modem settings screen is where you can setup the asynchronous port as either a backup connection for the Cable/xDSL connection or a dialup Internet access connection. Note: This section is Optional. You may proceed to Step F if you do not wish to use the asynchronous port.
Parameter Description Retype Password Enter the Password again to re-confirm Idle Time You can select an idle time threshold (minutes) for the WAN port. This means if no packets have been sent (no one using the Internet) throughout this specified period, then the router will automatically disconnect with your ISP. External IP (Optional) If your ISP requires you to input an IP address then please input the IP address here. Otherwise leave it as the default setting (0.0.0.0).
11. (Step F) VPN Settings The VPN Settings section is where you can enable and configure the VPN function. Specifically, this device supports the widely used IPSec protocol standard for its VPN connection. VPN allows a secure connection between two parties over a public network, such as the Internet. Note: This section is Optional. You may proceed to Step G if you do not wish to establish a VPN connection.
11-1) Add a VPN connection: Connection Name Parameter Description Connection Name To add a VPN connection: Enter a string (name) into the Connection Name box, and then click the “ADD” button. Note: Once you have entered the connection name - click on the “ADD” button to start configuring this VPN connection. The screen below will appear and this is where the VPN configuration is entered.
11-2) Configure the VPN Connection Parameter Description Connection Name This is the Connection Name you entered in the previous screen (Connection Name) Enable UID Optional - This will enable the Unique Identifier string (UID). Disable UID will disable the UID. The VPN Gateways use the UID for authentication purposes.
Parameter Description Remote IPSEC Identifier Optional - This field allows you to identify multiple tunnels; you don’t need to match the name used at the other end of the tunnel.
Parameter Description Remote IP Netmask This is the remote site’s subnet mask Remote Gateway IP/FQDN Input the remote site’s Gateway IP address (for Remote Site – LAN only) or the Fully Qualified Domain Name (FQDN). FQDN consists of a host and domain name, including top-level domain. For example, WWW.VPN.COM is a fully qualified domain name. WWW is the host, VPN is the second-level domain, and COM is the top-level domain.
11-3) Secure Association Secure Association is a method of establishing a security policy between two points. There are two methods of creating a Secure Association (SA), Method 1: IKE Mode (By default IKE is selected), Method 2: Aggressive mode and Method 3: Manual mode. 11-3) Method 1: IKE Mode: IKE is an automated method of establishing a shared security policy and authenticated keys. A preshared key is used for mutual identification.
Parameter Description PreShared Key Enter the PreShared Key name (you can enter a alphanumeric name). This value must match the preshared key value in the remote device. Key Life Security is enhanced if the key used to encrypt/decrypt your data is changed periodically. The key life is where you can specify how often you wish the VPN Gateway to renegotiate another key. The value is in seconds, for example, 3600 seconds = 1 hour.
11-3) Method 2: Aggressive mode Aggressive is an automated method of establishing a shared security policy and authenticated keys. A preshared key is used for mutual identification. Parameter Description Perfect Forward Secure Click either the Enabled or Disabled radio button. This feature provides a better security; it ensures that the encryption keys generated are not relevant to each other. Encryption Protocol The VPN Gateway supports two types of encryption algorithms (DES and 3DES).
Parameter Description Diffie-Hellman Group 1 - IKE use the 768bit Diffie-Hellman prime modulus group when performing the new Diffie-Hellman exchange. Diffie-Hellman Group 2 - IKE use the 1,024-bit Diffie-Hellman prime modulus group when performing the new DiffieHellman exchange. PreShared Key Enter the PreShared Key name (you can enter a alphanumeric name). This value must match the preshared key value in the remote device.
11-3) Method 3: Manual mode This is a manual way of establishing a shared security policy and authenticated keys. The Manual mode allows you to pre-define keys. The Manual Mode settings in the remote device must match the configuration set here. To enable the Manual mode function, check the Manual radio box and input the fields shown on the screen below. Parameter Description Incoming SPI Enter the Incoming SPI that the remote VPN Gateway will use to identify this SA.
Parameter Description Encryption Key This string is used as the key to encrypt and decrypt the data transmitted. This value must match the encryption key value in the remote device. Authentication Protocol The VPN Gateway supports two authentication algorithms (MD5 & SHA-1). Select an appropriate authentication algorithm. The authentication algorithm selected here must be the same as the one in the remote device. Authentication Key This string is used as the key authentication.
12. (Step G) Save & Restart This is the final step of the Setup Wizard’s 7 step-by-step procedure. This step saves the settings you have made in the previous pages to the Internet Gateway. Click Save & Restart to save the settings and to restart the device. After the device has restarted, the device will function according to the saved settings. During the startup process the LED of the device will blink. Please wait until the LED lights have stopped blinking before proceeding.
Logout Click Logout if you would like to leave (logout) the router’s web based configuration page. Only one user can log onto the Gateway’s web based configuration at a time. When you logout of the web-based configuration, only then can another computer log onto the device. Click Yes - the screen will close. Click No - the screen will not close. Congratulations!!! You have successfully configured the setup wizard. You may now use the Internet Gateway to access the Internet.
Chapter 3: Device Information The Device information section displays the Internet Gateway’s network and firmware information.
Chapter 4: Device Status Device status displays the current connection status of the Internet Gateway. Parameter Description WAN Ethernet Shows the Device’s WAN information: Cable/xDSL (shows whether the Internet connection is active or inactive), Connected by DHCP (shows the WAN connection type e.g., DHCP, Static, PPPoE, PPTP or Telstra), ISP’s Gateway IP address, device’s WAN IP address, device’s Netmask and the DNS IP address that the Internet Gateway is using.
Parameter Description Release (Disconnect) and Renew (Connect) You can manually disconnect/connect with your ISP for the WAN port (Cable/xDSL) Click the Release (Disconnect) button - the Internet Gateway will disconnect with the ISP. Click the Renew (Connect) button - the Internet Gateway will connect with the ISP. Modem Dialup The modem (asynchronous port) can be used as a backup Internet connection (dialup) for the Cable/xDSL connection or as an Internet access connection.
Parameter Description VPN Status This screen displays the current connection status of your VPN connection(s).
Parameter Description DHCP Log Displays the DHCP clients Gateway’s DHCP server. logged to the Click the DHCP Log button - the screen will display the DHCP client’s information (DHCP client’s: IP address, MAC address, IP address lease time). VPN Log This screen displays the VPN negotiation that occurred between the VPN Gateway and remote devices.
Parameter Description Update DDNS Click the Update DDNS button to manually update the IP address of your domain name (dynamic IP address for Gateway’s WAN port). Note: DO NOT click the Update DDNS button too often. Some ISP’s may think this is an attack and may disable your account.
Chapter 5: Advanced Settings The Advanced settings section is where you can configure all the major features and functions of the Internet Gateway. They include: DHCP Server Settings, Virtual Server Settings, Routing Settings, Filter Settings, Administration Settings, Dynamic DNS Settings, URL Filter Settings and E-Mail ALERT On the Menu Tool, click Advanced Settings. A username and password will appear.
Main Menu Description DHCP Server Settings Provides centralization of all your LAN’s network IP addresses Virtual Server Settings Allows remote access to Web, FTP, and other services on your network.
DHCP Server Settings You can enable or disable the DHCP server. By enabling the DHCP server the router will automatically give your LAN clients an IP address. If the DHCP is not enabled then you’ll have to manually set your LAN client’s IP addresses. Make sure the LAN Client is on the same subnet as this Internet Gateway if you want this Internet Gateway to be your LAN client’s default gateway. Parameter Description Enable DHCP Server Functions By default the Internet Gateway’s DHCP server is enabled.
Parameter Description IP Address Pool Range The IP address pool contains the range of IP addresses that will be used by the device’s DHCP server to automatically assign IP addresses to your network clients. The Default IP address range is: From 192.168.2.2 to 192.168.2.100 IP Address Reservation The IP address reservation setting allows you to save fixed private IP address for specific computer/network clients. MAC Address: Enter the MAC address of the PC or server you wish to reserve an IP for.
Virtual Server Settings Use the Virtual Server function when you want different servers/clients in your LAN to handle different service/Internet application type (e.g. Email, FTP, Web server etc.) from the Internet. Computers use numbers called port numbers to recognize a particular service/Internet application type. The Virtual Server allows you to re-direct a particular service port number (from the Internet/WAN Port) to a particular LAN private/internal IP address.
Parameter Description DMZ Enter the IP address that you want to designate as the DMZ server. The value ‘0’ means that the DMZ function is disabled. Virtual Server Settings Internal IP Enter the LAN server/host IP address that the service (Service Port Range) requests from the Internet will be sent to. Note: You need to give your LAN server/host a fixed/static IP address for the Virtual Server to work properly.
Routing Settings The Static routing settings allow the Internet Gateway to route IP packets to another network (subnet). The routing table stores the routing information so that the Internet Gateway knows where to redirect the IP packets. Parameters Description Destination IP Address Enter the destination IP address of the remote network to which you want to assign a static route. Subnet Mask Enter the subnet mask of your network IP address.
Parameters Description Gateway IP Address Delete a Static Routing setting Check the Static Routing table’s Del box and click the DEL button to delete a configuration. Dynamic routing settings Allows the Internet Gateway to route IP packets to another network automatically (dynamically). The RIP protocol is used to do the dynamic routing. RIP communicates routing information with other routers periodically.
Filter Settings The Filter Settings is divided into LAN Filter Settings and WAN Filter Settings Menu Description LAN Filter Settings The LAN Filter Settings allow the administrator to define whether a local user is permitted to access the Internet. WAN Filter Settings The WAN Filter Settings allow the administrator to define whether a remote/outside user(s) is permitted to access the private local area network.
Filter Settings: LAN Filter Settings The LAN Filter Settings allow the administrator to define whether a local user is permitted to access the Internet. To activate this feature, check LAN Side Filter Enabled and then define a filtering policy. To define a filtering policy: enter the IP address range, enter the network port number and select the transport protocol(s).
Parameter Description Protocols Select the Transport protocol type (TCP or UDP) for the Destination Port Range (below) that will be filtered IP Address Range Enter the LAN IP address range that you wish to apply this filter rule to. These are the LAN users’ IP addresses that you wish to apply this filter rule to. If you only want to specify one IP address for this filter rule then enter the same IP address in both the From and the To box.
For example, to prevent local users with IP addresses (ranging from 101 to 200) from accessing websites (HTTP service - port 80), the settings are as follow: LAN Side Filter Enabled: Enabled Default LAN Side Filter: Pass Filter: Block Protocol: TCP IP Address Range: 101 ~ 200 Destination Port Range: 80 ~ 80 (HTTP) Filter Settings: WAN Filter Settings The WAN Filter Settings allow the administrator to define whether a remote/outside user(s) is permitted to access the private local area network.
Parameter Description WAN Side Filter Enabled You must select whether to enable (Yes) or disable (No) the filter function that you’ve configured in this screen Default WAN Side Filter Select to Block or Pass your regular WAN users Filter Entry Select to Block or Pass WAN clients specified in this Filter Entry Protocol Select the Transport protocol type (TCP or UDP) for the Destination Port Range (below) that will be filtered IP Address Range Enter the (Public) IP address range that you wish to ap
For example, to prevent remote users with IP addresses (ranging from 211.21.0.1 to 211.29.0.1) from accessing your LAN’s virtual Web server (port 80), the settings are as follow: WAN Side Filter Enabled: Enabled Default WAN Side Filter: Pass Filter: Block Protocol: ALL IP Address Range: 211.21.0.1 to 211.29.0.
Parameter Description PASSWORD SETTINGS You can setup the Internet Gateway so that a password is required, in order to access its webbased configuration pages. This password will be required the next time you want to configure the Internet Gateway. To setup a password, type your password in the New Password field and type it again in the Retype Password field to reconfirm. Note: It is important to remember your password.
Parameter Description SYSTEM ADMIN You will have to enable the Allow remote user to configure the device to use the remote webbased configuration function. Once you have enabled this function, type the device’s WAN IP address and the HTTP port No (e.g. http://202.19.100.1:1023) into the browser of the specified remote administrator. http://: If the HTTP port number, is NOT the default PORT No.
Parameter Description Miscellaneous Some ISPs require you to force a PPPoE re-connection, when the Internet connection cannot send or receive packets. System Parameter The System Parameter allows you to set the MTU value (Maximum Transmission Unit) for your Internet connection. If you would like to enable the MTU setting – check the box. The default MTU value is 1500 bytes. Some ISPs restrict the packet size for a PPPoE connection.
Dynamic DNS Settings The Dynamic DNS (DDNS) service allows Web or other servers, with a dynamic IP address, to be accessible from the Internet. This means that even if your Internet Gateway has a dynamic WAN IP address, Internet users can still access your web server (domain name) in your LAN.
Parameter Description User Name Enter the user name of your DDNS account. Password Enter the password of your DDNS account. Use wildcards If you use DYNDNS as your DDNS service provider, you can enable the Use wildcards feature. The wildcards feature - any URL request that contain your domain name (e.g. www.router.com), as part of its URL domain name (e.g. http://broad/router.com) request, will be given your dynamic IP address.
URL Filter Settings The URL Filter settings prevent users from accessing certain websites on the Internet. The router can block sites based on specific words or letters. Sites will be blocked if any of these words or letters is part of the website’s name (URL) or newsgroup name. Parameter Description Enable URL Filter Functions Click on this box to enable the URL filtering function Filter String The Internet Gateway will block any web page requests that have words or letters specified here.
E-Mail ALERT Your router can periodically email you a log of security-related events (such as denied incoming service requests and administrator logins). The router can also email you an immediate alert when it detects a significant security incident, such as: a known attack directed at your IP address, a computer on the Internet scanning your IP address for any open ports and someone on your LAN trying to visit a blocked site.
Parameter Turn E-mail Notification On Send Alert And Logs Via E-Mail Your Outgoing Mail Server Send To This E-Mail Address Description Check this box to enable the E-Mail alert function Enter Your E-Mail account’s Outgoing Mail Server Enter Your E-Mail account that you wish the alert to be sent to. When someone attempts to visit Blocked Sites, router will send logs according to below schedule.
Save & Restart Save & Restart lets you save the inputted settings to the Internet Gateway and then restarts (reboots) the device. When you have finished making all the changes on the various pages (above) on chapter 5, please click Save & Restart to save the settings and to restart the device. If you would like to configure the setting(s) again, click on a function (see screen below), this will link you to that particular function’s configuration screen.
Chapter 6: System Tools The System Tools section displays and detects the status of the Internet Gateway.
System Tools: Intruder Detection Log The Intruder Detection log displays the possible hacker attacks that may have occurred to the Internet Gateway. Up to 32 hacker attacks may be logged/listed. Below is an explanation of the Intruder Detection log display.
System Tools: Display Routing Table The routing table screen below displays the device’s current static routing configuration that was configured in the Routing Settings (see chapter 5 Routing Settings - for more details). System Tools: System Diagnostics The System diagnostics screen shows the device’s configuration information. It also displays the device’s current status.
System Tools: Save Settings 69
The Save Settings screen allows you to save the device’s configuration settings to a disk. Click Save File to save your current settings to a file. Then click save to save this configuration file to your disk. You can reload the saved configuration back into the Gateway in the Load Settings (System Tools) section.
device and load settings previously saved configuration files to your device. The Load Settings section consists of 2 sections as described below: Load Default Settings and Load Settings From File Menu Description Load Default Settings The load default settings screen allows you into load the factory default settings to your device. Load Settings From File The load settings from file screen allow you to load a previously saved file into the device again.
The load settings from file screen allows you to load a previously saved file to the device again. Parameter Description Load Settings File To load a previously saved configuration file into the Gateway again, you first need to enter the configuration file name and its path in the box provided. You can also use the Browse button to find the file.
Parameter Description Firmware Upgrade File Enter the new firmware’s file path into box provided and click START to start upgrading the new firmware into the Internet Gateway. You can also use the Browse button to find the new firmware file. System Tools: Reset Device Reset the Gateway if the Gateway stops responding correctly.
will not be changed. The Reset Device screen allows you to essentially restart/reboot the device. Click on the START button to restart/reboot the device. Chapter 7: Help On the Main Menu Tool bar - click the on the Help Menu if you wish seek further information about a certain function or if you would like to understand certain terminology used in the manual. This section provides a list of frequently asked questions and terminology.
Configuring Your PC to “Obtain an IP automatically If you do not want to set a static IP address for your PC, you will need to configure your PC to request an IP address from the Gateway. 1. On your PC, click the Start button, select Settings, then select Control Panel 2. Double-click the Network Icon 3. In the configuration tab, select the TCP/IP protocol line that is associated with your network card/adapter. If there is no TCP/IP line listed, you will need to first install the TCP/IP protocol. 4.
5. Then select the DNS configuration tab to add a DNS IP address. If you do not wish to add a DNS IP address you can select the Disable DNS function. Press OK. You have completed the client settings. 6. After clicking OK, windows might ask you to restart the PC. Click Yes.
MAC address and default gateway. WINIPCFG (for windows 95/98) Inside the windows 95/98 Start button, select Run and type winipcfg. In the example below this computer has an IP address of 192.168.2.100 and the default gateway is 192.168.2.1. The default gateway should be the network (Router) device’s IP address. The MAC address in windows 95/98 is called the Adapter Address. Note: You can also type winipcfg in the DOS command. IPCONFIG (for Windows 2000/NT) In the DOS command type IPCONFIG and press Enter.
Virtual Private Network (VPN) Examples There are 2 types of VPN architectural typologies: Typology 1: LAN - Network-to-Network 78
Typology 2: Single User - PC(s) to Network (mode 1 and 2) Typology 1: LAN - Network-to-Network This type of architecture creates a secure VPN tunnel between two networks, for instance, a VPN Internet Gateway (LAN 1) and a VPN Router (LAN 2) – see diagram below. LAN 2 LAN 1 VPN Internet Gateway Internet VPN Router WAN IP: 211.21.2.1 WAN IP: 163.95.1.1 Netmask: 255.255.255.0 Netmask: 255.255.255.0 LAN IP: 192.168.2.1 LAN IP: 192.168.1.
Typology 2: Single User - PC(s) to Network (mode 1 and 2) The diagram below is used to describe mode 1 and 2. Internet VPN Internet Gateway PC A Public IP: 211.21.2.1 WAN IP: 163.95.1.1 Netmask: 255.255.255.0 Netmask: 255.255.255.0 Virtual LAN IP: 196.168.2.1 LAN IP: 192.168.1.1 Mode 2 Mode 1: PC A must have an IPSec Client software installed (eg. Safenet or SSH etc.).
Remote Site: Single User Remote IP Network: 192.168.2.0 Remote IP Netmask: 255.255.255.0 Remote Gateway IP/FQDN: 211.21.2.1 Note: In IKE Mode, if the Remote Gateway IP has a dynamic IP address, you must enter “0.0.0.0.” in the Remote Gateway IP/FQDN field. In Manual Mode, you must fill in the Remote IP, Remote IP Network and Remote Gateway IP/FQDN field (Remote Gateway IP/FQDN field cannot be 0.0.0.0 for manual mode). FCC CAUTION 1. The device complies with Part 15 of the FCC rules.