[. . . ] Table of Contents CHAPTER 1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Broadband VPN Gateway Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Physical Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] Enter the finish time using a 24 hr clock. 60 Security Configuration Firewall -- Log The Logs record various types of activity on the Broadband VPN Gateway. This data is useful for troubleshooting, but enabling all logs will generate a large amount of data and adversely affect performance. Since only a limited amount of log data can be stored in the Broadband VPN Gateway, log data can also be E-mailed to your PC or sent to a Syslog Server. Figure 38: Log Screen Data - Log Screen Log Log Contents Throughput/Connection Interval Delete Redundant Log Time Zone Time Zone Time Server. . . First Server Name/IP Address Select the correct Time Zone for your location. Enter the desired time for the interval. If enabled, it will delete the redundant log. 61 Broadband VPN Gateway User Guide Second Server Name/IP Address System Log Enable System Log System Log Server Include This is optional. If enabled, log data will be sent to your system log Server. Select the logs you wish to be included in the data sent to the System Log Server. 62 Security Configuration Services Services are used in defining traffic to be blocked or allowed by the Firewall Rules features. Many common Services are pre-defined, but you can also define your own services if required. To view the Services screen, select the Services link on the Firewall menu. Figure 39: Services Screen Data - Services Screen Available Services Available Services Delete Button This lists all defined Services. Note that you can only delete Services you have added; the predefined services can not be deleted. Add New Service Name Type Start Port Enter a suitable name for this Service. If the "Type" (above) is TCP, UDP, or TCP/UDP, enter the port number for this Service. If a port range is required, enter the beginning of the range here, and the end of the range in the "Finish Port" field. If the "Type" (above) is TCP, UDP, or TCP/UDP, this field can be used to enter the end of range of port numbers. This can be left blank if not required. End Port 63 Broadband VPN Gateway User Guide Security This screen allows you to set Firewall and other security-related options. Figure 40: Security Screen Data - Security Screen Firewall Echo ICMP on LAN Port The ICMP protocol is used by the "ping" and "trace route" programs, and by network monitoring and diagnostic programs. · · Allow VPN passthrough If checked, the Broadband VPN Gateway will respond to ICMP packets received from the Internet. Disabling this option provides a slight increase in security. If enabled, PCs on the LAN can use VPN software to connect to remote clients via the Internet connection. The protocols supported are: · IPSec IPSec protocol is used to establish a secure connection, and is widely used by VPN (Virtual Private Networking) programs. PPTP PPTP (Point to Point Tunneling Protocol) is widely used by VPN (Virtual Private Networking) programs. L2TP L2TP is a protocol developed by Cisco for VPNs (Virtual Private Networks). · · MAX 3D Engine Options Host number in the network Network used in Select the desired number as required. Select the desired internet environment as required. 64 Security Configuration Maximum Connections per PC Maximum Applications per host Set New Connection(s) not upto: Connection Priority Enter the maximum value for the connections of each PC. Enter the maximum value for the applications of each host. There are 2 options to set the priority: · Connection may be released after idling for - The connection is automatically disconnected when idle for the time period specified in this field. Use QoS when the network load is reaching its maximum level If enabled, the router will check all connections in the network. · TCP/UDP Connection time out It is recommended not to change the default value. It will be used when the network flow is very big. 65 Broadband VPN Gateway User Guide DMZ This feature, if enabled, allows the DMZ computer or computers on your LAN to be exposed to all users on the Internet. [. . . ] If you follow the suggested steps and the Broadband VPN Gateway still does not function properly, contact your dealer for further advice. General Problems Problem 1: Solution 1: Can't connect to the Broadband VPN Gateway to configure it. Check the following: · · · · The Broadband VPN Gateway is properly installed, LAN connections are OK, and it is powered ON. Ensure that your PC and the Broadband VPN Gateway are on the same network segment. (If you don't have a router, this must be the case. ) If your PC is set to "Obtain an IP Address automatically" (DHCP client), restart it. [. . . ]