Instruction/ maintenance manual of the product VRT-311 Planet Technology
Go to page of 147
Broadband VPN Router VRT-311 / VRT-311S User ’ s Manual.
ii Cop y right Copyright (C) 2004 PLANET Technology Corp. All rights reserved. The products and programs described in this User ’ s M anual are licensed products of PLANET Technology, This User ’ .
i Table of Contents CH A PTER 1 IN T RODUC T IO N ......................................................................... .1 VR T -311 /VR T -311S Feature s .............................................................................. .1 Package Content s .
ii Ser v ice s .............................................................................................................. . 72 CH A PTER 8 VPN (IPSEC ) ............................................................................. . 73 O v er v ie w .
1 Ch a pte r 1 I n trod uc tio n This Chapter provides an overview of VRT-311 / VRT-311S's features and ca- pabilities. Congratulations on the purchase of y our ne w VR T -311 / VR T -311S . VR T -311 / VR T -311S is a m ulti-function device providing the follo w ing services: • Shared Broadband Internet Access for all L A N users.
VRT-311 User Guide 2 • Fixed or Dyna m ic IP Address. On the Internet (W A N port) connection, VR T -311 / VR T -311S supports both D y na m ic I P A ddress (I P A ddress is allocated on connection) and Fixed I P A ddress. A d v anced Internet Functions • Co mm unication Applications.
Introduction 3 Securit y Features • Password - protected Configuration . Optional pass w ord protection is provided to prevent unauthorized users fro m m odif y ing the configuration data and settings.
VRT-311 User Guide 4 Ph y sical Details Front-mounted LEDs Figure 2: VRT-311 ’ s Front Panel Figure 3: VRT-311S ’ s Front Panel Po w er On - P o w er on. Off - No po w er. Status (Red) On - Error condition. Off - Nor m al operation. Blin k ing - T his LED blinks during start up.
Introduction 5 Off - No connection to a m ode m on the W A N (Internet) port. Flashing - Data is being trans m itted or received via the W A N port. PPPoE (For VR T -311 onl y) On - PPP oE connection established.
VRT-311 User Guide 6 Rear Panel Figure 4: VRT-311 Rear Panel Figure 5: VRT-311S Rear Panel Reset Button T his button has t w o (2) functions: • Reboot .
Introduction 7 Using the DMZ Port T he DMZ port is intended for connection of a server y ou w ish to m ake available to the public. T o use m ultiple servers, use a standard L A N cable to connect the DMZ port to a nor m al port on another hub, and connect y our servers to the hub.
8 Ch a pte r 2 I n st a ll a tio n This Chapter covers the physical installation of VRT-311 / VRT-311S. Requirements • Net w ork cables. Use standard 10/100Base T net w ork (U TP ) cables w ith RJ45 connectors. • T C P /I P protocol m ust be installed on all P Cs.
Installation 9 • If desired, connect a P C (server) to the DMZ port. T o use m ultiple servers, use a standard L A N cable to connect the DMZ port to a nor m al port on another hub, and connect y our servers to the hub. P Cs connected to the DMZ port are isolated fro m y our L A N.
10 Ch a pte r 3 S e t u p This Chapter provides Setup details of VRT-311 / VRT-311S. O v er v ie w T his chapter describes the setup procedure for: • Internet A ccess • L A N configuration P Cs on y our local L A N m a y also require configuration.
Setup 11 Use the Microsoft V P N feature: • PPTP Server in VR T -311 / VR T -311S. • User and Client setup. • Checking V P N connection Status. Chapter 9: Microsoft V P N Configure or use an y of the follo w ing: • Configuration File backup and restore.
VRT-311 User Guide 12 • Double - click the icon for VR T -311 / VR T -311S (either on the Desktop, or in My Network Places ) to start the configuration. Refer to the follo w ing section Setup W izard for details of the initial configuration process.
Setup 13 • T hese are the default values. Both the na m e and pass w ord can (and should) be changed, using the Ad m in Login screen. Once y ou have changed either the na m e or the pass w ord, y ou m ust use the current values.
VRT-311 User Guide 14 Setup Wizard T he first ti m e y ou connect to VR T -311 / VR T -311S, the Setup Wizard w ill run auto m aticall y . ( T he Setup Wizard w ill also run if VR T -311 / VR T -311S ' s default setting are restored.) 1. Step through the Wizard until finished.
Setup 15 PPTP Mainl y used in Europe. You connect to the IS P onl y w hen required. T he I P address is usuall y allocated auto m ati- call y , but m a y be Static (Fixed). • PPTP Server I P A ddress. • User na m e and pass w ord. • I P A ddress allocated to y ou, if Static (Fixed).
VRT-311 User Guide 16 Home Screen A fter finishing or exiting the Setup Wizard, y ou w ill see the Home screen. When y ou connect in future, y ou w ill see this screen w hen y ou connect.
Setup 17 L A N Screen Use the LAN link on the m ain m enu to reach the LAN screen A n exa m ple screen is sho w n belo w . Figure 9: LAN Screen Data - L A N Screen T CP/IP IP Address I P address for VR T -311 / VR T -311S, as seen fro m the local L A N.
VRT-311 User Guide 18 DHCP What DHCP Does A DHC P (D y na m ic Host Configuration P rotocol) Server allocates a valid I P address to a DHCP Client ( P C or device) upon request. • T he client request is m ade w hen the client device starts up (boots).
19 Ch a pte r 4 P C C o n fig u r a tio n This Chapter details the PC Configuration required on the local ( " Internal " ) LAN. O v er v ie w For each P C, the follo w ing m a y need to be c.
Broadband VPN Router User ’ s Manual 20 Checking TCP/IP Settings - Windo w s 9x/ME: 1. Select Control Panel - Network . You should see a screen like the follo w ing: Figure 10: Net w or k Configuration 2. Select the TCP/IP protocol for y our net w ork card.
PC Configuration 21 • On the Gateway tab, enter VR T -311 / VR T -311S ' s I P address in the New Gateway field and click Add , as sho w n belo w . Your L A N ad m inistrator can advise y ou of the I P A ddress the y assigned to VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 22 Checking TCP/IP Settings - Windo w s NT4.0 1. Select Control Panel - Network , and, on the Protocols tab, select the T C P /I P protocol, as sho w n belo w . Figure 14: Windo w s NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one belo w .
PC Configuration 23 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address , as explained belo w . Obtain an IP address from a DHCP Ser v er T his is the default Windo w s setting. Using this is reco mm ended .
Broadband VPN Router User ’ s Manual 24 Figure17: Windo w s NT4.0 - DNS.
PC Configuration 25 Checking TCP/IP Settings - Windo w s 2000: 1. Select Control Panel - Network and Dial-up Connection . 2. Right - click the Local Area Connection icon and select Properties . You should see a screen like the follo w ing: Figure18: Net w or k Configuration (Win 2000) 3.
Broadband VPN Router User ’ s Manual 26 5. Ensure y our T C P /I P settings are correct, as described belo w . Using DHCP T o use DHC P , select the radio button Obtain an IP Address automatically . T his is the default Windo w s setting. Using this is reco mm ended .
PC Configuration 27 Checking TCP/IP Settings - Windo w s XP 1. Select Control Panel - Network Connection . 2. Right click the Local Area Connection and choose Properties . You should see a screen like the follo w ing: Figure20: Net w or k Configuration (Windo w s XP) 3.
Broadband VPN Router User ’ s Manual 28 Figure21: TCP/IP Properties (Windo w s XP) 5. Ensure y our T C P /I P settings are correct. Using DHCP T o use DHC P , select the radio button Obtain an IP Address automatically . T his is the default Windo w s setting.
PC Configuration 29 Internet A ccess T o configure y our P Cs to use VR T -311 / VR T -311S for Internet access: • Ensure that the DSL m ode m , Cable m ode m , or other per m anent connection is functional. • Use the follo w ing procedure to configure y our Bro w ser to access the Internet via the L A N, rather than b y a Dial-up connection.
Broadband VPN Router User ’ s Manual 30 M acintosh Clients Fro m y our Macintosh, y ou can access the Internet via VR T -311 / VR T -311S. T he procedure is as follo w s. 1. Open the T C P /I P Control P anel. 2. Select Ethernet fro m the Connect via pop-up m enu.
31 Ch a pte r 5 O p e r a tio n an d St a t u s This Chapter details the operation of VRT-311 / VRT-311S and the status screens. Operation Once both VRT-311 / VRT-311S and the PCs are configured, operation is auto m atic.
Broadband VPN Router User ’ s Manual 32 Data - Status Screen Internet Connection M ethod T his indicates the current connection m ethod, as set in the Setup Wizard.
Operation and Status 33 Connection Status - PPPoE If using PPP oE ( PPP over Ethernet), a screen like the follo w ing exa m ple w ill be displa y ed w hen the " Connection Details " button is clicked.
Broadband VPN Router User ’ s Manual 34 fresh button w ill update the m essages sho w n on screen. Buttons Connect If not connected, establish a connection to y our IS P . Disconnect If connected to y our IS P , hang up the connection. Clear Log Delete all data currentl y in the Log.
Operation and Status 35 Connection Status - PPTP If using PPTP ( P eer-to- P eer T unneling P rotocol), a screen like the follo w ing exa m ple w ill be displa y ed w hen the " Connection Details " button is clicked.
Broadband VPN Router User ’ s Manual 36 Disconnect If connected to y our IS P , hang up the connection. Clear Log Delete all data currentl y in the Log. T his w ill m ake it easier to read ne w m essages. Refresh Update the data on screen. Connection Status - Telstra Big Pond A n exa m ple screen is sho w n belo w .
Operation and Status 37 is disabled. Connection Log Connection Log • T he Connection Log sho w s status m essages relating to the existing connection. • T he Clear Log button w ill restart the Log, w hile the Refresh button w ill update the m essages sho w n on screen.
Broadband VPN Router User ’ s Manual 38 IP Address T he I P A ddress of this device, as seen b y Internet users. T his address is allocated b y y our IS P (Internet Service P rovider). Net w or k M as k T he Net w ork Mask associated w ith the I P A ddress above.
Operation and Status 39 Connection Details - Fixed/D y namic IP A ddress If y our access m ethod is " Direct " (no login), a screen like the follo w ing exa m ple w ill be dis- pla y ed w hen the " Connection Details " button is clicked.
Broadband VPN Router User ’ s Manual 40 OR "Rene w " VR T -311 / VR T -311S, this button w ill sa y " Rene w " . Clicking the " Rene w " button w ill atte m pt to re-establish the connection and obtain an I P A ddress fro m the IS P ' s DHC P Server.
41 Ch a pte r 6 I n t e r ne t Fea t u r e s This Chapter explains when and how to use VRT-311 / VRT-311S's " Internet " Features. O v er v ie w T he follo w ing advanced features are provided.
Broadband VPN Router User ’ s Manual 42 W A N Port Configuration T he W A N P ort Configuration screen provides an alternative to using the Wizard. It can be accessed fro m the Internet m enu.
Internet Features 43 IP A ddress IP Address is assigned auto- m atically A lso called Dyna m ic IP Address . T his is the default, and the m ost co mm on. Leave this selected if y our IS P allocates an I P A ddress to VR T -311 / VR T -311S upon connection.
Broadband VPN Router User ’ s Manual 44 Login Login M ethod If y our IS P does not use a login m ethod (userna m e, pass w ord) for Internet access, leave this at the default value " None (Direct connec- tion) " Other w ise, check the docu m entation fro m y our IS P , select the login m ethod used, and enter the required data.
Internet Features 45 A d v anced Internet Figure29: Internet Screen T his screen allo w s configuration of all advanced features relating to Internet access. • Co mm unication A pplications • Special A pplications • Multi-DMZ • URL filter Communication A pplications Most applications are supported transparentl y b y VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 46 Send inco m ing calls to T his lists the P Cs on y our L A N. • If necessar y , y ou can add P Cs m anuall y , using the PC Data- base option on the Other m enu. • For each application listed above, y ou can choose a destina- tion P C.
Internet Features 47 Inco m ing Ports • Type - Select the protocol ( T C P or UD P ) used w hen y ou receive data fro m the special application or service.
Broadband VPN Router User ’ s Manual 48 URL Filter T he URL Filter allo w s y ou to block access to undesirable Web site • T o use this feature, y ou m ust define " filter strings " . If the " filter string " appears in a re- quested URL, the request is blocked.
Internet Features 49 D y namic DNS (Domain Name Ser v er) T his free service is ver y useful w hen co m bined w ith the Virtual Server feature. It allo w s Inter- net users to connect to y our Virtual Servers using a URL, rather than an I P A ddress. T his also solves the proble m of having a d y na m ic I P address.
Broadband VPN Router User ’ s Manual 50 NO T need to use the " Client " progra m provided b y so m e DDNS Service providers.) • Fro m the Internet, users w ill no w be able to connect to y our Virtual Servers (or DMZ P C) using y our Do m ain na m e.
Internet Features 51 Virtual Ser v ers T his feature allo w s y ou to m ake Servers on y our L A N accessible to Internet users. Nor m all y , Internet users w ould not be able to access a server on y our L A N because: • Your Server does not have a valid external I P A ddress.
Broadband VPN Router User ’ s Manual 52 • For each enabled Virtual Server, a fire w all rule to allo w inco m ing traffic fro m the Internet (W A N) to the DMZ is auto m aticall y created. If the Server is connected to the L A N (hub) ports, y ou m ust add the fire w all rule m anuall y .
Internet Features 53 Connecting to the Virtual Ser v ers Once configured, an y one on the Internet can connect to y our Virtual Servers. T he y m ust use the Internet I P A ddress (the I P A ddress allocated to y ou b y y our IS P ). e.g. http://203.70.
54 Ch a pte r 7 S ecu rit y C o n fig u r a tio n This Chapter explains the settings available via the security configuration section of the " Security " menu.
Security Configuration 55 Figure37: Pass w ord Dialog Enter the " User Na m e " and "P ass w ord " y ou set on the Admin Login screen above.
Broadband VPN Router User ’ s Manual 56 A ccess Control T his feature is accessed b y the Access Control link on the Security m enu. T he A ccess Control feature allo w s ad m inistrators to restrict the level of Internet A ccess avail- able to P Cs on y our L A N.
Security Configuration 57 Data - A ccess Control Screen Group Group Select the desired Group. T he screen w ill update to displa y the settings for the selected Group. Groups are na m ed " Default " , " Group 1 " , " Group 2 " , " Group 3 " and " Group 4 " , and cannot be re- na m ed.
Broadband VPN Router User ’ s Manual 58 Clear Log Click this to clear and restart the " A ccess Control " log, m aking ne w entries easier to read.
Security Configuration 59 Group Members Screen T his screen is displa y ed w hen the Members button on the Access Control screen is clicked. Figure39: Group M e m bers Use this screen to add or re m ove m e m bers ( P Cs) fro m the current group.
Broadband VPN Router User ’ s Manual 60 Fire w all Rules For nor m al operation and L A N protection, it is not necessar y to use this screen. T he Fire w all w ill al w a y s block DoS (Denial of Service) attacks.
Security Configuration 61 Data For each rule, the follo w ing data is sho w n: • Na me - T he na m e y ou assigned to the rule. • Source - T he traffic covered b y this rule, defined b y the source I P address. If the I P address is follo w ed b y .
Broadband VPN Router User ’ s Manual 62 Define Fire w all Rule Clicking the " A dd " button in the Firewall Rules screen w ill displa y a screen like the exa m ple belo w . Figure41: Define Fire w all Rule Data - Define Fire w all Rule Screen Na m e Enter a suitable na m e for this rule.
Security Configuration 63 Dest IP T hese settings deter m ine w hich traffic, based on their destination I P address, is covered b y this rule. Select the desired option: • A n y - A ll traffic fro m the source port is covered b y this rule. • Single address - Enter the required I P address in the " Start I P address " field " .
Broadband VPN Router User ’ s Manual 64 Logs T he Logs record various t y pes of activit y on VR T -311 / VR T -311S. T his data is useful for troubleshooting, but enabling all logs w ill generate a large a m ount of data and adversel y affect perfor m ance.
Security Configuration 65 Data - Logs Screen Enable Logs Inco m ing Traffic Select the desired option: • All IP traffic - this w ill log all inco m ing T C P /I P connections, of an y t y pe. T his w ill generate the largest logs, and fill the internal log buffer m ore quickl y .
Broadband VPN Router User ’ s Manual 66 Clear Log Button Use this to restart the required log. T his m akes it easier to read the latest entries. T imezone Ti m ezone Select the correct T i m ezone for y our location. T his is required for the date/ti m e sho w n on the logs to be correct.
Security Configuration 67 E-mail Figure43: E- M ail Screen Data – E-Mail Screen E- M ail A lerts Send E- M ail alert If enabled, an E- m ail w ill be sent i mm ediatel y if a DoS (Denial of Service) attack is detected. If enabled, the E- m ail address infor m ation m ust be provided.
Broadband VPN Router User ’ s Manual 68 E- m ail address Enter the E- m ail address the Log is to be sent to. T he E- m ail w ill also sho w this address as the Sender ' s address. Subject Enter the text string to be sho w n in the " Sub j ect " field for the E- m ail.
Security Configuration 69 Securit y Options T his screen allo w s y ou to set Fire w all and other securit y -related options. Figure44: Security Options Screen Data - Securit y Options Screen Fire w all Enable DoS Fire w all If enabled, DoS (Denial of Service) attacks w ill be detected and blocked.
Broadband VPN Router User ’ s Manual 70 Options Respond to IC M P (ping) T he ICM P protocol is used b y the " ping " and " trace route " progra m s, and b y net w ork m onitoring and diagnostic progra m s. • If checked, VR T -311 / VR T -311S w ill respond to ICM P packets received fro m the Internet.
Security Configuration 71 Scheduling • T his schedule can be (optionall y ) applied to an y A ccess Control Group. • Blocking w ill be perfor m ed during the scheduled ti m e (bet w een the " Start " and " Finish " ti m es.) • T w o (2) separate sessions or periods can be defined.
Broadband VPN Router User ’ s Manual 72 Ser v ices Services are used in defining traffic to be blocked or allo w ed b y the Access Control or Firewall Rules features. Man y co mm on Services are pre-defined, but y ou can also define y our o w n services if required.
73 Ch a pte r 8 VPN (IPS ec ) This Chapter describes the VPN capabilities and configuration required for common situations. O v er v ie w T his section describes the V P N (Virtual P rivate Net w ork) support provided b y y our VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 74 • Phase I is the negotiation and establish m ent up of the IKE connection. • Phase II is the negotiation and establish m ent up of the I P sec connection. Because the IKE and I P sec connections are separate, the y have different S A s (securit y associa- tions).
Microsoft VPN 75 Common VPN Situations VPN Pass-through Figure47: VPN Pass-through Here, a P C on the L A N behind the VR T -311 / VR T -311S is using V P N soft w are, but the VR T- 311 / VR T -311S is NO T acting as a V P N endpoint. It is onl y allo w ing the V P N connection.
Broadband VPN Router User ’ s Manual 76 Connecting 2 L A Ns v ia VPN Figure49: Connecting 2 VPN Gate w ays T his allo w s t w o (2) L A Ns to be connected. P Cs on each endpoint gain secure access to the re m ote L A N. • T he 2 L A Ns MUS T use different I P address ranges.
Microsoft VPN 77 VPN Configuration T his section covers the configuration required on VR T -311 / VR T -311S w hen using Manual Ke y Exchange (Manual P olicies) or IKE ( A uto m atic P olicies). Details of using Certificates are covered in a later section.
Broadband VPN Router User ’ s Manual 78 M ove T he order in w hich policies are listed is onl y i m portant if y ou have m ultiple polices for the sa m e re m ote site.
Microsoft VPN 79 • Other w ise, click Next to continue. You w ill see a screen like the follo w ing. Figure52: VPN Wizard – General Screen General Settings Policy Na m e Enter a suitable na m e. T his na m e is not supplied to the re m ote V P N. It is used onl y to help y ou m anage the policies.
Broadband VPN Router User ’ s Manual 80 Figure53: VPN Wizard - Traffic Selector Screen • For outgoing V P N connections, these settings deter m ine w hich traffic w ill cause a V P N tunnel to be created, and w hich traffic w ill be sent through the tunnel.
Microsoft VPN 81 Remote IP addresses Type • Single address - enter an I P address in the " Start I P address " field. • Range address - enter the starting I P address in the " Start I P address " field, and the finish I P address in the " Finish I P ad- dress " field.
Broadband VPN Router User ’ s Manual 82 SPI • Each S P I (Securit y P ara m eter Index) m ust be unique. • T he " in " S P I here m ust m atch the " out " S P I on the re m ote V P N, and the " out " S P I here m ust m atch the " in " S P I on the re m ote V P N.
Microsoft VPN 83 IKE Phase 1 If y ou selected IKE , the follo w ing screen is displa y ed after the Traffic Selector screen. T his screen sets the para m eters for the IKE S A . Figure55: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE S A ) Local Identity T his setting m ust m atch the " Re m ote Identit y " on the re m ote V P N.
Broadband VPN Router User ’ s Manual 84 Authentication • RSA Signature requires that both V P N endpoints have valid Certificates issued b y a C A (Certification A uthorit y ). • For Pre-shared k ey , enter the sa m e ke y value in both endpoints.
Microsoft VPN 85 IKE Phase 2 Screen T his screen sets the para m eters for the I P Sec S A . When using IKE, there are separate connec- tions (S A s) for IKE and I P Sec.
Broadband VPN Router User ’ s Manual 86 For IKE, configuration is no w co m plete. Click " Next " to vie w the final screen. Figure57: VPN Wizard - Final Screen On the final screen, click " Finish " to save y our settings, then " Close " to exit the Wizard.
Microsoft VPN 87 VPN Examples T his section describes so m e exa m ples of using VR T -311 / VR T -311S in co mm on V P N situa- tions. Example 1: Connecting 2 VRT-311 / VRT-311Ss In this exa m ple, 2 L A Ns are connected via V P N. Figure58: Connecting 2 VRT-311 / VRT-311Ss Note • T he L A Ns MUS T use different I P address ranges.
Broadband VPN Router User ’ s Manual 88 m ethod used. P re-shared Ke y Xxxxxxxxxx Xxxxxxxxxx Must m atch IKE A uthentication algorith m MD5 MD5 Must m atch IKE Encr y ption DES DES Must m atch IKE E.
Microsoft VPN 89 Example 2: Windo w s 2000/XP Client to L A N In this exa m ple, a Windo w s 2000/X P client connects to VR T -311 / VR T -311S and gains access to the local L A N. Figure59: Windo w s 2000/XP Client to VRT-311 / VRT-311S T o use 3DES encr y ption on Windo w s 2000, y ou need Ser v ice Pack 3 or later installed.
Broadband VPN Router User ’ s Manual 90 DH Group Group 1 (768 bit) Must m atch client P C IKE S A Life ti m e 28800 Does not have to m atch client P C. Shorter period w ill be used. IKE P FS Disable Must m atch client P C IPSec S A Parameters I P Sec S A Life ti m e 28800 Do not have to m atch.
Microsoft VPN 91 Figure61: Windo w s 2000/XP - Policy Properties • Note that no rules are in use. T w o 2 rules are required - inco m ing and outgoing. • T he outgoing rule w ill be added first. 6. Deselect the " Use A dd Wizard " checkbox, then click " A dd " to vie w the screen belo w .
Broadband VPN Router User ’ s Manual 92 Figure63: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address . • Since this is the outgoing filter, the Source IP address is " M y I P address " and the Des- tination IP address is the address range used on the re m ote L A N.
Microsoft VPN 93 Figure65: Ne w Rule Properties: Filter Action 11. Select Require Security , then click the " Edit " button, to vie w the Require Security Proper- ties screen. Figure66: Require Security Properties 12. Select Negotiate security (this selects IKE), then click " A dd " .
Broadband VPN Router User ’ s Manual 94 Figure67: M odify Security M ethod 13. On the resulting screen (above), select High [ESP] then click " OK " to save y our changes and return to the Require Security Properties screen. Figure68: Require Security Properties 14.
Microsoft VPN 95 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address . Enter the W A N (Internet) I P address of VR T -311 / VR T -311S, as sho w n belo w . Figure69: Tunnel Setting 16. Click the Authentication Methods tab, then click the " Edit " to see the screen like the exa m ple belo w .
Broadband VPN Router User ’ s Manual 96 Figure71: Windo w s 2000/XP Client to VRT-311 / VRT-311S 20. T o add the second (inco m ing) rule, click " A dd " . For the na m e, enter "T o Win2K " , then click " A dd " . Figure72: Windo w s 2000/XP Client to VRT-311 / VRT-311S 21.
Microsoft VPN 97 Figure73: Filter Properties: Addressing 22. Click " OK " to save y our changes, then " Close " . Figure74: Filter List 23.
Broadband VPN Router User ’ s Manual 98 Figure75: Filter Action 24. Select Require Security , then click " Edit " . On the Require Security Methods screen belo w , select Negotiate security . Figure76: Security M ethods 25. Click the " A dd " button.
Microsoft VPN 99 Figure77: M odify Security M ethod 26. Click " OK " to save y our changes, then click " OK " again to return to the Filter A ction screen. 27. Select the Tunnel Setting tab, and enter the W A N (Internet) I P address of this P C (172.
Broadband VPN Router User ’ s Manual 100 Figure79: Authentication M ethod 29. Select Use this string to protect the key exchange (preshared key) , then enter y our pre- shared ke y in the field provided. 30. Click " OK " to save y our settings, then " Close " to return to the DUT to W in2K Properties screen.
Microsoft VPN 101 Figure81: Properties - General Tab 32. Click the " A dvanced " button to see the screen belo w . Figure82: Key Exchange Settings 33.
Broadband VPN Router User ’ s Manual 102 Figure83: Key Exchange Security M ethods 34. Select the first entr y , and click the " Edit " button to see the follo w ing screen.
Microsoft VPN 103 Example 3: Windo w s 2000 Ser v er to VPN Gate w a y In this exa m ple, a Windo w s 2000 Server connects to VR T -311 / VR T -311S. Users on each L A N can then gain access to the re m ote L A N.
Broadband VPN Router User ’ s Manual 104 Windo w s 2000 Ser v er Configuration Configuration is the sa m e as for Example 2: W indows 2000/XP Client to except for specif y ing the Source and Destination addresses for the " Filter P roperties " .
Microsoft VPN 105 Certificates Certificates are used to authenticate users. Certificates are issued to y ou b y various C A s (Certi- fication A uthorities). T hese Certificates are called " Self Certificates " . Each C A also issues a certificate to itself.
Broadband VPN Router User ’ s Manual 106 Figure89: Add Trusted Certificate 3. Click the " Bro w se " button, and locate the certificate file on y our P C 4. Select the file. T he na m e w ill appear in the " Certificate File " field.
Microsoft VPN 107 Delete button Use this button to delete a Self Certificate. Select the checkbox in the Delete colu m n for an y Certificates y ou w ish to delete, then click the " Delete " button. Self Certificate Requests Request List A n y current requests are listed.
Broadband VPN Router User ’ s Manual 108 Subject Na m e T his is the na m e w hich other organizations w ill see as the Holder (o w ner) of this Certificate. T his should be y our registered business na m e or official co m pan y na m e. Gener- all y , all Certificates should have the sa m e value in the Sub j ect field.
Microsoft VPN 109 8. A fter obtaining a ne w Certificate, as described above, y ou need to upload it VR T -311 / VR T -311S. • Return to the Self Certificates screen. • In the Self Certificate Requests list, select the request m atching this certificate.
Broadband VPN Router User ’ s Manual 110 Figure 95: Upload CRL 4. Upload the CRL file: • Click the " Bro w se " button, and locate the CRL file on y our P C • Select the file. T he na m e w ill appear in the " File to Upload " field.
Microsoft VPN 111 Data Rx Measures the quantit y of data w hich has been received via this S A . Buttons Refresh Update the data sho w n on screen. Vie w Log Open a ne w w indo w and vie w the contents of the V P N log.
112 Ch a pte r 9 M i c rosoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. O v er v ie w Microsoft V P N uses the Microsoft VPN Adapter w hich is provided in recent versions of Win- do w s. T his feature can be used to provide re m ote access to y our L A N b y individual P Cs.
Microsoft VPN 113 Data – Microsoft VPN Screen PP T P Ser v er Enable Use this checkbox to enable or disable this feature as required. T o allo w connection b y re m ote Windo w s clients, y ou m ust enable this feature, and enter the client details (on the Clients screen) to allo w the m to login to this Server.
Broadband VPN Router User ’ s Manual 114 Data - Microsoft VPN Client Database Screen Existing Users User List A ll existing users are listed. If y ou have not added an y users, this list w ill be e m pt y . When a user is selected, their details are displa y ed in the Properties panel.
Microsoft VPN 115 Status Screen T he Status screen is accessed b y selecting the Status option on the Microsoft VPN m enu. Figure99: M icrosoft VPN Status Screen Data - Microsoft VPN Status Screen Ser v er Status Status T his indicates w hether or not the PPTP (V P N) Server is enabled.
Broadband VPN Router User ’ s Manual 116 Windo w s Client Setup T o connect to the PPTP (V P N) Server in the V P N Broadband Gate w a y : • T he Microsoft V P N feature in the V P N Broadband Gate w a y m ust be enabled and config- ured, as described in the previous section.
Microsoft VPN 117 5. Click " Finish " to exit the Wizard. T he ne w entr y w ill no w be listed in " Dial-up Net w orking " . If necessar y , y ou can change the settings for this connection b y right-clicking on it, and select- ing Properties .
Broadband VPN Router User ’ s Manual 118 Windo w s 2000 Ensure y ou have logged on w ith A d m inistrator rights before atte m pting this procedure. 1. Open " Net w ork Connections " , and start the " Ne w Connection " Wizard. Figure103: Windo w s 2000 Net w or k Connection 2.
Microsoft VPN 119 Figure105: Windo w s 2000 VPN Host 4. On the screen above, enter the Do m ain Na m e or Internet I P address of VR T -311 / VR T- 311S y ou w ish to connect to. Click Next to continue. Figure106: Windo w s 2000 Connection Availability 5.
Broadband VPN Router User ’ s Manual 120 Figure107: Windo w s 2000 Finish Wizard 6. Enter a suitable na m e, and click " Finish " to save and exit. Setup is no w co m plete. T o establish a connection: 1. Right-click the connection in " Net w ork Connections " , and select " Connect " .
Microsoft VPN 121 Windo w s XP Ensure y ou have logged on w ith A d m inistrator rights before atte m pting this procedure. 1. Open Network Connections (Start-Settings-Net w ork Connections), and start the Ne w Connection Wizard. Figure108: Windo w s XP Net w or k Connection Type 2.
Broadband VPN Router User ’ s Manual 122 Figure110: Windo w s XP Connection Na m e 4. Enter a suitable na m e for this connection. Click Next to continue. Figure111: Windo w s XP Public Net w or k 5. On the screen above, select " Do not dial the initial connection " .
Microsoft VPN 123 6. On the screen above, enter the Do m ain Na m e or Internet I P address of VR T -311 / VR T- 311S y ou w ish to connect to. Click Next to continue. Figure113: Windo w s XP Connection Availability 7. Choose w hether to allo w this connection for ever y one, or onl y for y ourself, as required.
124 Ch a pte r 10 Ot her Fea t ure s & Se tt in gs This Chapter explains the screens and settings available via the " Other " menu. O v er v ie w Nor m all y , it is not necessar y to use these screens, or change an y settings.
Other Features and Settings 125 Config File T his feature allo w s y ou to backup (do w nload) the current settings fro m VR T -311 / VR T -311S, and save the m to a file on y our P C. You can restore a previousl y -do w nloaded configuration file to VR T -311 / VR T -311S, b y uploading it to VR T -311 / VR T -311S.
Broadband VPN Router User ’ s Manual 126 Net w ork Diagnostics T his screen allo w s y ou to perfor m a "P ing " or a " DNS lookup " . T hese activities can be useful in solving net w ork proble m s. A n exa m ple Network Diagnostics screen is sho w n belo w .
Other Features and Settings 127 PC Database T he P C Database is used w henever y ou need to select a P C (e.g. for the " DMZ " P C). It eli m i- nates the need to enter I P addresses. A lso, y ou do not need to use fixed I P addresses on y our L A N.
Broadband VPN Router User ’ s Manual 128 Data - PC Database Screen Kno w n PCs T his lists all current entries. Data displa y ed is name (IP Address) type . T he " t y pe " indicates w hether the P C is connected to the L A N. Na m e If adding a ne w P C to the list, enter its na m e here.
Other Features and Settings 129 PC Database ( A dmin) T his screen is displa y ed if the " A dvanced A d m inistration " button on the PC Database is clicked. It provides m ore control than the standard PC Database screen. Figure117: PC Database (Ad m in) Data - PC Database ( A dmin) Screen Kno w n PCs T his lists all current entries.
Broadband VPN Router User ’ s Manual 130 M AC Address Select the appropriate option • Auto m atic discovery - Select this to have VR T -311 / VR T -311S contact the P C and find its M A C address. T his is onl y possible if the P C is connected to the L A N and po w ered On.
Other Features and Settings 131 Remote A dministration Re m ote A d m inistration allo w s y ou to connect to this interface via the Internet, using y our Web bro w ser. Figure118: Re m ote Ad m inistration Screen Data - Remote A dministration Screen Information Infor m ation T o establish a connection fro m the Internet: 1.
Broadband VPN Router User ’ s Manual 132 nected to the Internet. But if using a D y na m ic I P A ddress, this value can change each ti m e y ou connect to y our IS P . T here are 2 solutions to this proble m : • Have y our IS P allocate y ou a Fixed I P address.
Other Features and Settings 133 Routing O v er v ie w • If y ou don ' t have other Routers or Gate w a y s on y our L A N, y ou can ignore the " Routing " page co m pletel y .
Broadband VPN Router User ’ s Manual 134 Figure119: Routing Screen Data - Routing Screen RIP Enable RIP Check this to enable the RI P (Routing Infor m ation P rotocol) feature of VR T -311 / VR T -311S. VR T -311 / VR T -311S supports RI P 1 onl y .
Other Features and Settings 135 Properties • Destination Net w ork - T he net w ork address of the re m ote L A N seg m ent. For standard class " C " L A Ns, the net w ork address is the first 3 fields of the Destination I P A ddress. T he 4th (last) field can be left at 0.
Broadband VPN Router User ’ s Manual 136 Other Routers on the Local L A N Other routers on the local L A N m ust use VR T -311 / VR T -311S ' s Local Router as the Default Route . T he entries w ill be the sa m e as VR T -311 / VR T -311S ' s local router, w ith the exception of the Gateway IP Address .
Other Features and Settings 137 Metric 3 For Router A 's Default Route Destination I P A ddress 0.0.0.0 Net w ork Mask 0.0.0.0 Gate w a y I P A ddress 192.168.0.1 (VR T -311 / VR T -311S ’ s I P A ddress) Interface L A N For Router B's Default Route Destination I P A ddress 0.
Broadband VPN Router User ’ s Manual 138 Upgrade Firm w are Use this screen to upgrade y our VR T -311 / VR T -311S ' s fir mw are. • You m ust do w nload the required fir mw are file, and store it on y our P C. • During the upgrade process, all existing Internet connections w ill be ter m inated.
Other Features and Settings 139 UPnP A n exa m ple U P n P screen is sho w n belo w . Figure122: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Services • U P n P (Universal P lug and P la y ) allo w s auto m atic discover y and configuration of equip m ent attached to y our L A N.
140 Append i x A T ro u bl e s h ooti n g This Appendix covers the most likely problems and their solutions. O v er v ie w T his chapter covers so m e co mm on proble m s that m a y be encountered w hile using VR T -311 / VR T -311S and so m e possible solutions to the m .
Appendi x A - Troubleshooting 141 Solution 2: VR T -311 / VR T -311S processes the data passing through it, so it is not transparent. Use the Special Applications feature to allo w the use of Internet applications w hich do not function correctl y . If this does solve the proble m y ou can use the DMZ function.
142 Append i x B Sp ec ifi ca tio n s VRT-311 / VRT-311S Model VR T -311 / VR T -311S Di m ensions VR T -311 : 170 mm (W) * 147 mm (D) * 27 mm (H) VR T -311S : 148 mm (W) * 120 mm (D) * 30 mm (H) Oper.
Appendi x B - Specifications 143 FCC Radiation Exposure Statement T his equip m ent co m plies w ith FCC RF radiation exposure li m its set forth for an uncontrolled environ m ent. T his equip m ent should be installed and operated w ith a m ini m u m distance of 20 centi m eters bet w een the radiator and y our bod y .
An important point after buying a device Planet Technology VRT-311 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Planet Technology VRT-311 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Planet Technology VRT-311 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Planet Technology VRT-311 you will learn all the available features of the product, as well as information on its operation. The information that you get Planet Technology VRT-311 will certainly help you make a decision on the purchase.
If you already are a holder of Planet Technology VRT-311, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Planet Technology VRT-311.
However, one of the most important roles played by the user manual is to help in solving problems with Planet Technology VRT-311. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Planet Technology VRT-311 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center