Instruction/ maintenance manual of the product ADE-4200 Planet Technology
Go to page of 80
ADE-4200 / AD W - 4200 ADS L VPN/Firewall Router User ’ s Manual.
ii Co p y right Co p y r ig h t (C) 2 0 03 P L ANET T echnolo g y Cor p . All ri g hts reserved. T he produc t s an d progra m s describe d i n t h is User ’ s M anu a l ar e licensed pro d uc t s o.
T able of Conten ts C H A P T ER 1 . IN T RODUCTIO N ............................................................................................................................. .1 1.1 A N O VE R VI E W O F THE ADE-42 0 0/A D W -420 0 ...............
i v 3.6.3 . 5.1 PPT P ................................................................................................................................................... . 48 3.6.3 . 5.1 . 1 PPT P for Remote Acces s ...................................
1 Chap t er 1. Introduction 1.1 An Overview of t h e ADE-4200/AD W -4200 T he ADE-4200 ADS L VPN/Fire w all Router and A D W - 4200 ADS L W i re l ess VPN/Fire w all Router pro v ide o f f ice and res.
P L A NET A D E -4200 / A D W -4200 A DS L VPN/Fire w all Router 2 802. 1 1b access point for e x tending the communication med i a to W L AN. Fast Ethernet S w itc h : A 4-port 10/100Mb p s fast Ethernet s w itch is supported in the LAN site and automat i c s w itching bet w een MDI and MDI-X f o r 10Base- T and 100Base- T X po r ts is s upported.
Chapter 1 Introducti o n 3 PP P o v er Ethernet (PPPoE): Pro v ide embedded PPPoE client function to e s tablish a connection. Users c an get greater acces s speed w ithout c hanging the operation concept, s haring the s ame IS P ac c ount and pa y ing for one acces s account.
P L A NET A D E -4200 / A D W -4200 A DS L VPN/Fire w all Router 4 T he ADE-4200 and A D W -4200 VPN conne c ti v i t y support client-to - VPN gate w a y and VP N LAN-to-LA N connect i ons.
5 Chap t er 2. Using the Router 2.1 Cautions for usi n g the ADE-4200/AD W -4200 Do not pla c e the ADE - 4200/A D W-4200 unde r high hu m idity and high te m perature. Do not use the sa m e power source for ADE-4200/A D W-4200 with other equip m ent.
P L A NET A D E -4200 / A D W -4200 A DS L VPN/Fire w all Router 6 P W R S Y S 12 3 4 W LA N MA I L PP P ADSL ADSL W ireless VPN / Fire w all Router AD W -4200 LAN A D W - 4200 LED Meaning PWR Lit w h.
Chapter 2 Using A D E -4200 / A D W -4200 7 A DSL Conne c t the supplied RJ- 1 1 cable to this port w hen connecting to the ADSL/telephone net w ork. Console Conne c t a PS2 or DB9 RS-232 c able to this port w hen connecting to a PC ’ s RS-232 port (9-p i n serial port).
8 Chap t er 3. Conf i gu r ation T he ADE-4200/A D W - 4200 can be con f igured w ith y our W eb bro w se r . T he w eb bro w ser is included as a standard application in the follo w ing operation s y stems, UNIX, Linu x , Mac OS, W i ndo w s 98/N T /2000/Me, etc.
Chapter 3 Configuration 9 2. Select TC P / I P -> NE2000 Com p atible , or the name o f an y Net w ork Inte r face Ca r d (NIC) in y our PC. 3. Click Properties . 4. Select the I P A ddress tab. In this page, click the Ob t ain an I P address automaticall y radio button.
P L A NET A D S L VPN / Fire w all Router 10 5. T hen s elect the DNS Configuration tab. 6. Select the Disable D NS radio button and cli c k “ OK ” to f i nish the c on f iguration.
Chapter 3 Configuration 1 1 3.3.2 For W indows N T4.0 1. Go to S t art / Settings / Control Panel . In the Control Panel, doub l e-click on Ne t w ork and choo s e the Protocols tab. 2. Select TCP/I P Protocol and click Properties . 3. Select the Ob t ain an I P address from a DHC P ser v er radio button and click OK .
P L A NET A D S L VPN / Fire w all Router 12 3.3.3 For W indows 2000 1. Go to S t art / Settings / Control Panel . In the Control Panel, doub l e-click on Ne t w ork and Dial-up Connections . 2. Double-click L A N A r e a Connection . 3. In the L A N A rea Connection S t atus w indo w , click Properties .
Chapter 3 Configuration 13 4. Select Internet Protocol (TCP/IP) and click Properties . 5. Select the Obtain an I P add r ess automati c all y and the Obta i n DNS ser v er address automaticall y radio buttons. 6. Click OK to f ini s h the c on f iguration.
P L A NET A D S L VPN / Fire w all Router 14 3.3.4 For W indows XP 1. Go to S t art / Control Panel (in Classic Vi e w ). In the Control Panel, double-click on Net w ork Connections. 2. Double-click Lo c al Area Connection 3. In the L A N A rea Connection S t atus w indo w , click Properties .
Chapter 3 Configuration 15 4. Select Inte r net Proto c ol ( T CP/IP) and click Properties. 5. Select the Obtain an I P add r ess automati c all y and the Obta i n DNS ser v er address automaticall y .
P L A NET A D S L VPN / Fire w all Router 16 6. Click OK to f ini s h the c on f iguration. 3.4 Factory Defa u lt Settings Be f ore con f igurat i ng this ADE-4200/A D W - 4200, y ou need to k no w the f ollo w ing de f ault settings. 1. W eb Configurator Username: admin Pass w ord : admin 2.
Chapter 3 Configuration 17 3.4.2 LAN and W AN Port Addresses T he parameters of LAN and WAN port s are pre-set in the f a c tor y . The default v alue s are sho w n belo w .
P L A NET A D S L VPN / Fire w all Router 18 Y ou w ill get a s t atus r eport w eb p age w hen login succes s f ull y . At the con f iguration homepage, the left na v igation p ane w here boo k marks.
Chapter 3 Configuration 19 n Sa v e Config to F L A SH n Logout n Language (pro v ides user inte r f a c e in English language) Click on the desired item to e x pand the p age in the main na v igation pane.
P L A NET A D S L VPN / Fire w all Router 20 3.6.2 Quick S tart I f y ou u s e this de v ice to access the Internet through the IS P , this w eb page is enough for y ou to con f igure th i s router and access the Internet w ithout a problem. Please c he ck Chapter 3.
Chapter 3 Configuration 21 It support s t w o Ethernet I P add r esse s in the LAN. W i th thi s f unct i on, the ADS L route r can support t w o d if f erent LAN subnets to ac c ess the Inte r net at the same time. Usuall y , there is onl y one subnet in LAN, there is no need to c on f igure a Secondar y I P addres s .
P L A NET A D S L VPN / Fire w all Router 22 ESSI D : Ente r the unique I D gi v en to the Ac c ess Po i nt (AP), w hich i s alread y built-in to the w ireless broadband f ire w all gat e w a y . T o connect to this de v ice, y our w ireless clients must ha v e the same ESSID as the de v ice.
Chapter 3 Configuration 23 Port # Connection T y pe: Fi v e options to c hoose f rom: auto, 10M ha l f -duple x , 10M f ull- duple x , 100M ha l f -duple x or 100M full-duple x . Somet i mes, there are Ethern e t compat i bilit y problem s w ith legac y Ethernet de v ices.
P L A NET A D S L VPN / Fire w all Router 24 3.6.3.1.4 DHC P Se r ver W hen y ou click DHC P Ser v er , y ou get the follo w ing f igure. Y ou can di s able o r enabl e the DHC P ser v er or enable the DHC P rela y f unctions. I f y ou c heck Disable d and click Next, then click A p p l y .
Chapter 3 Configuration 25 T he factor y default i s rfc 1483-0 . If y our IS P use s the same ac c ess protocol, please click Edit to input other p arameter s a s belo w . If y our IS P doe s not use r f c 1483-0, y ou can delete it b y clicking Delete .
P L A NET A D S L VPN / Fire w all Router 26 3.6.3.2.1.1 RFC 1483 r outed Descriptio n : Gi v e a name f or this conne c tion. VPI and VCI : Enter the in f ormation pro v ided b y y our IS P . N A T: T he N A T f eature allo w s multiple u s ers to ac c ess the Internet through a single I P account, sharing the single I P address.
Chapter 3 Configuration 27 Descriptio n : Gi v e a name f or this conne c tion. VPI and VCI : Enter the in f ormation pro v ided b y y our IS P . Enca p sulation meth od : Select the protocol format, the de f ault is L l cBridged. Se l ect the one pro v ided b y y our IS P .
P L A NET A D S L VPN / Fire w all Router 28 also automati c all y re-establish the PPPo A session w hen dis c onnected b y the IS P . ¤ Connect to Dema n d: i f y ou w ant to es t ab l ish a PPPo A sess i on onl y w hen ther e is a p acket requesting access to the Internet.
Chapter 3 Configuration 29 3.6.3.2.1.5 PPPoE routed Descriptio n : Gi v e a name f or this conne c tion. VPI/VCI: Enter the in f ormation pro v ided b y y o ur IS P . N A T: T he N A T f eature allo w s multiple u s ers to ac c ess the Internet through a single I P account, sharing the single I P address.
P L A NET A D S L VPN / Fire w all Router 30 3.6.3.2.2 DNS T he WAN-DNS is sho w n as belo w . A Domain Name S y stem (DNS) conta i ns a mapping t able for domain name and I P addres s es. In the Internet, e v er y host has a unique and f riendl y name su c h a s ww w .
Chapter 3 Configuration 31 T he router does not ha v e a real time clo c k on board; instead, it uses the Simple Net w ork T ime Protocol (SN T P ) to get the current t i me f rom the S N T P ser v er f r om the outs i de net w ork. Plea s e choo s e y our local time z one, click Enable and click the A pp ly button.
P L A NET A D S L VPN / Fire w all Router 32 3.6.3.3.3 Firmware Upgrade W hen y ou click Fi rm w are Upgrade , it allo w s y ou to input the l ocation of f irm w are stored on y our PC and click the Upgrade button to upgrade to the ne w f irm w are. 3.
Chapter 3 Configuration 33 facto r y default setti n gs . 3.6.3.3.6 User Mana g ement W hen y ou click User Management , y ou a r e ab l e to edit e x isting user ’ s databa s e or to create other user accessing this de v ice.
P L A NET A D S L VPN / Fire w all Router 34 users f rom ac c essing the Internet. T he funct i ons include: 1. Fire w all: pre v ent access f rom an outside net w ork, the router pro v ides three le v els of securit y support.
Chapter 3 Configuration 35 Fire w all Secu r ity : W hen y ou enable the Fire w all securit y f unct i on, y ou can s elect one o f the f ire w all securit y policies. B y default the f ire w all is set to disab l ed. Fire w all P o licy : Select either All blocked/ U ser-de f ined, High, Medium or Lo w securit y le v el to enable the Fire w all.
P L A NET A D S L VPN / Fire w all Router 36 3.6.3.4.2 Packet Filte r W hen y ou click Packet Filter , y ou get the fol l o w ing f igure. Y ou ma y con f igure to filter inbound (incomin g ) and outbound (outgoing) packets ba s ed on port or I P address.
Chapter 3 Configuration 37 N E W S( 1 19) T CP(6) 1 19 1 19 NO NO NO YES NO YES RealA u dio (7070) UDP(17) 7070 7070 NO NO YES YES YES YES PING ICMP(1) N/A N/A NO YES NO YES NO YES H.
P L A NET A D S L VPN / Fire w all Router 38 1. Click Packet Filte r , y ou w ill get the follo w ing f igure. 2. Click Port Filters, the pre-de f ined port f ilter ru l es screen o f l o w securit y le v el is sho w n as belo w .
Chapter 3 Configuration 39 3. Click Delete to de l ete the H T T P rule. 4. Click Add T C P Filte r ..
P L A NET A D S L VPN / Fire w all Router 40 5. Input the port number and set the inbound & outbound as Allo w . 6. T he port f ilter rule o f HT T P is sho w n as belo w .
Chapter 3 Configuration 41 7. Con f igure the V irtual Ser v er to enable the H T T P s er v ice in the v irtual ser v er setting and input the W EB ser v er ’ s I P address. I f y ou tr y to setup a remote management of router permanentl y , y ou ma y enter router ’ s I P instead.
P L A NET A D S L VPN / Fire w all Router 42 T he Intrusion D etect i on allo w s y ou to pre v ent y our local area net w ork (LAN) f r o m malicious at t acks, f or e x ample, port scan and Denial-o f -Ser v ice (DoS).
Chapter 3 Configuration 43 handshak i ng session per s econd i s rea c hed, the router w ill consider the SYN f lood at t ack oc c urs. Maximum Ping Count: set the ma x imum number o f PING p acke t s pe r se c ond.
P L A NET A D S L VPN / Fire w all Router 44 200.68.76.177 to port 137 (a netbio s _ns port). 3.6.3.4.4 MAC Address Filter W hen y ou click the M A C A ddress Filter , y ou get the follo w ing f igure. T he MAC f iltering f unction enab l es y ou to con f igure y our router to b l ock internal u s ers ( M A C address ) f rom Internet ac c ess.
Chapter 3 Configuration 45 M A C A ddress: There are 10 entries to enter the MAC addres s es y ou w ant manage. If y ou select Blocked , the packet w ith the MAC address in the table w ill be dropped and others w ill be for w arded.
P L A NET A D S L VPN / Fire w all Router 46 Disable A ll WEB traffic except for T rusted Domain: It allo w s internal users to access onl y the spe c i f ied/trusted domain. Please refer to the D oma i n Filtering section f irst, before c hecking this option.
Chapter 3 Configuration 47 I f the router is con f i g ured to allo w internal users to ac c ess on ly certain spec i f ie d domains, c heck add the domain name into the T rusted Domain list.
P L A NET A D S L VPN / Fire w all Router 48 transmitting da t a o v er a secure VPN tunne l . LAN-to-LAN VPN is an alternati v e WA N in f ra s tructure that is used to connect o f f i c es and home o f f ice s to share net w or k resources w ith ea c h other o v er a se c ure VPN tunnel.
Chapter 3 Configuration 49 Username: I f y ou are a Dial-Out user (client), enter the u s ername pro v ided b y y ou r Host. I f y ou are a Dial-In user (ser v er), enter y our o w n username. Pas s w ord: If y ou are a Dial-Out u s er (client ) , enter the pass w ord pro v ided b y y our Host.
P L A NET A D S L VPN / Fire w all Router 50 Netmask: Enter the s ubnet mas k of pee r net w ork based on abo v e Peer Net w ork I P setting. Username: I f y ou are a Dial-Out user (client), enter the u s ername pro v ided b y y ou r Host. I f y ou are a Dial-In user (ser v er), enter y our o w n username.
Chapter 3 Configuration 51 Configuring PPT P VPN in the Office T he input I P addres s 192.168.1.200 w ill be assigned to the remote w ork e r , plea s e ma k e sure this I P is not u s ed in the O f f ice LAN. Configuring PPT P VPN in Remote Si d e Y ou can con f igure VPN client w ith commercial VPN client s oft w are p ackage (e.
P L A NET A D S L VPN / Fire w all Router 52 2. Follo w the step and se l ect “ Connect to a pri v ate net w ork through the Internet ” 3. Enter the I P address of the ADS L Router located in the .
Chapter 3 Configuration 53 4. Follo w the step, the follo w ing screen appears. T he setup is c ompleted. 5. T o make the conne c tion, click the V irtua l Pri v ate Connection icon in Dial-up Net w orking Group, and input the username & p ass w ord set in ADS L Route r .
P L A NET A D S L VPN / Fire w all Router 54 3.6.3.5.1.4 An E x a m ple of C onfiguring a Re m ote Access PPT P VPN Dial-out Connection Background of the Example Corporate e s tablishes a PP T P VP N connect i on w ith the f ile ser v er located in the remote side.
Chapter 3 Configuration 55 Configuring PPT P VPN in the Office Y ou can either input the I P add r ess (69.1.121.33 in this ca s e) or ho s tname to reach the Ser v e r. Refer also to PPT P VPN – remote access ( d ial-in) f or the other p arameters.
P L A NET A D S L VPN / Fire w all Router 56 3.6.3.5.1.5 An E x a m ple of C onfiguring a LAN-to-LAN PPT P VPN Connect i on Background of the Example T he bran c h o f f i c e es t ablishes a PPT P VPN tunnel w ith the head o f f ice to conne c t t w o pri v ate net w orks by le v eragi n g the Internet in f rastructure.
Chapter 3 Configuration 57 Configuring PPT P VPN in the Branch Office T he input I P address 69.1.121.3 is the Public IP addres s of the r outer l ocated i n the head o f f i c e.
P L A NET A D S L VPN / Fire w all Router 58 3.6.3.5.2 IPSec T he router s upport s IPSe c VPN to es t ab l ish secure, end-to-end pri v ate net w ork connection s o v er a public net w orking in f ra s tructure. The s pec i f icat i on is a s be l o w : w .
Chapter 3 Configuration 59 Connection Name: G iv e a name for this c onnection. Local Ne t w ork: Set the I P addres s , subnet or address range of the local net w ork. ¤ Single A ddress: The I P addres s o f the lo c al host. ¤ Subnet: The s ubnet of the lo c al net w ork.
P L A NET A D S L VPN / Fire w all Router 60 ¤ DES: S tands for Da t a Encr y ption S tandard, it uses 56 bits as an encr y ption method. ¤ 3DES: S t and s f o r T riple Data Encr y ption S t andard, it u s es 168 (56 * 3) b i ts as an encr y ption method.
Chapter 3 Configuration 61 temporaril y disconne c ted. 3.6.3.5.2.2 An E x a m ple of C onfiguring a LAN-to-LAN IPSec VPN Connection Background of the Example T he b r anch o f f i c e e s tablishes an IPSec VPN tunnel w ith the head o f f i c e to c onnect t w o pri v ate net w orks by le v eragi n g the Internet in f rastructure.
P L A NET A D S L VPN / Fire w all Router 62 Configuring IPSec VPN in the Head Office T he local subnet (head o f f ice) is set as 192.168.1.0/24 ( w ith netmask 255.255.255.0), w hile the remote subnet (bran c h o f f i c e ) is set as 192.168.0.0 ( w ith netmas k 255.
Chapter 3 Configuration 63 3.6.3.6 V irtual Ser v er In T CP/I P and UD P net w orks, a port is a 16-bit numbe r , used b y the host-to-hos t protoco l to ident i f y to w hich application p r ogram it must deli v er incom i ng messages.
P L A NET A D S L VPN / Fire w all Router 64 53 T C P & UDP DNS (Domain N ame Ser v er) 69 UDP T F T P ( T ri v ial File T ransfer Proto c ol) 80 T CP Wor l d W i de W eb HTTP 1 10 T CP POP3 (Post.
Chapter 3 Configuration 65 se v eral pre-de f ined popular application and their port numbe r . Protocol: Select the properl y protocol for the application. Port: Input the port number for the applicat i on. I P A ddress: Input the I P address that y ou w ant to allo w accessing f rom outside users.
P L A NET A D S L VPN / Fire w all Router 66 3.6.3.6.2 An example of configuring the W eb Se r ver & the Router to be accessible remotely Background of the Example Setup the Web s er v er in the o f f i c e that can be v isible to the out s ide net w ork.
Chapter 3 Configuration 67 Example 2: Configuring a V irtual Ser v er 1. Set Web s er v er I P address to a f i x ed I P = 192.168.1.100 2. Set Remote Acces s a s Enable. User c an ac c ess the router remotely through port 80. 3. Since the port numbe r 80 is u s ed b y the r oute r , the Web s er v er port number need s to be changed.
P L A NET A D S L VPN / Fire w all Router 68 3.6.3.7 A d v anced T here are f our item s under the A d v anced section: Routing T able, D y namic DNS , Checking E m ail and De v ice Management. 3.6.3.7.1 Routing T able Click on the Routing T able and then choo s e Create Router to get the belo w f igure to add a routing table.
Chapter 3 Configuration 69 Interface: Enter the i nterface w hich the pac k et is f or w arded to. Cost: T his is the s ame meaning as H op. U s uall y , lea v e it as 1. 3.6.3.7.2 Dynamic D N S Click D y namic DNS to get the be l o w f igure then check the “ Enab le ” button to ac c ess the D y namic DNS ser v ice.
P L A NET A D S L VPN / Fire w all Router 70 Configuring DDNS 1. Set the W eb ser v er and F T P ser v er I P address as described i n section V irtual Ser v er . 2. Appl y an ac c ount f rom this f ree W eb ser v er http:// w w w .d y ndns.org/ . T here are more than 5 DDNS s er v ices supported b y this route r .
Chapter 3 Configuration 71 A c c ount Name: Enter the name o f the ac c ount to w hich y ou ha v e the PO P ac c ess. Normall y , it is the te x t in y our email address be f ore the "@" s y mbo l . I f y ou ha v e troub l e w ith it, please c ontact y our IS P .
P L A NET A D S L VPN / Fire w all Router 72 router are allo w ed to logon the de v ice and modi f y data. ] Expire to auto-logout: S pec i f y a time f rame for the s y stem to auto- l ogout the de v ice. For Example: User A changes HT T P port number to 100 , s pe c i f ied it ’ s o w n IP addres s to be 192.
Chapter 3 Configuration 73 3.6.5 Logout T o e x it the w ebsite, choose Logout to e x it completel y . Please ensure that y ou ha v e sa v ed the con f igurat i on sett i ngs before logout. Be a w are that the router is restricted to onl y one l ocal PC accessing the con f iguration Web p ages.
74 Chap t er 4. T roubleshoot i ng If the ADE-4200/A D W - 4200 W i r eless ADS L Router is not f unction i ng properl y , y ou can r e f e r f irst to thi s chapter for simple troubleshooting be f o r e c ontactin g y our ser v ice pro v ide r .
75 Appendix A. S pecification Product ADS L VPN/ F ir e w a ll Rou t e r ADS L W ireless VPN/Fir ew all Ro u ter Mod e l ADE- 4 20 0 A / A D E-42 0 0B A D W -4200 A / A D W -4200B Hard w are S t a n dard ANSI T 1.
76 Appendix B. Product Suppo r t Most problems c an be sol v ed b y using the T roubleshoot i ng i n C hapter 4. If y ou cannot resol v e the problem with the T rouble s hooting Chapte r , please contact the dealer w here y ou purcha s ed this produ c t.
An important point after buying a device Planet Technology ADE-4200 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Planet Technology ADE-4200 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Planet Technology ADE-4200 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Planet Technology ADE-4200 you will learn all the available features of the product, as well as information on its operation. The information that you get Planet Technology ADE-4200 will certainly help you make a decision on the purchase.
If you already are a holder of Planet Technology ADE-4200, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Planet Technology ADE-4200.
However, one of the most important roles played by the user manual is to help in solving problems with Planet Technology ADE-4200. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Planet Technology ADE-4200 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center