AirLive IP-2000VPN Specifications

6. Specifications 1 AirLive WLA-9000AP User’s Manual IP-2000VPN Internet VPN Router User’s Manual

AirLive IP-2000VPN User’s Manual 7LAN Features • 3-Port Switching Hub. The IP-2000VPN incorporates a 3-port 10/100BaseT switching hub, making it e

Step 4: IPSec VPN Site B – Authentication and Encryption Data – Network Configuration Setting Type Value Notes IKE Direction Both Directions D

AirLive IP-2000VPN User’s Manual 98method IKE Authentication algorithm MD5 Must match with Site A IKE Encryption 3DES Must match with Site A I

8.2 Office-to-office IPSec VPN – Connecting IP-2000VPN and RS-1200 In this example, IP-2000VPN will connect VPN with RS-1200, and gains access to t

Setting Type Value Notes Name To_RS12 Name does not affect operation. Select a meaningful name. Enable Policy Enable Allow NetBIOS traffic En

Setting Type Value Notes IKE Direction Both Directions Using "Responder only" is not possible. Local Identify WAN IP Address System

2. Configure DDNS service and fill in the necessary setting, in order to resolve the Dynamic Domain Name (ex. airlive98.dyndns.org) with current IP ad

6. Select Data Encryption + Authentication in IPSec Algorithm list. Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the

Step 6: Configure RS-1200 Outgoing and Incoming Policy 1. Enter the following setting in Outgoing Policy. • Tunnel: Select To_IP2K_Tunnel • Click O

8.3 Getting into Office Network from Internet (PPTP) – Windows XP PPTP Client In this example, a Windows XP client connects to the IP-2000VPN and gai

Step 2: Set up IP-2000VPN PPTP Server 1. Select Microsoft VPN Æ Clients, and tick the selection of “Allow Connection” in Properties. 2. Fill in with

1.2 Installation of the Router Requirement • Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors. • TCP/IP protocol

Step 3: Set up Windows XP PPTP client software Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network

4. Enter a suitable name for this connection. Click Next to continue. 5. On the screen above, select "Do not dial the initial connection&q

6. On the screen above, enter the Domain Name or Internet IP address of the IP-2000VPN you wish to connect to. Click Next to continue. 7. Choos

Step 4: Connect Windows XP PPTP client to IP-2000VPN 1. When user finishes Windows XP PPTP client configuration, it will pop up a login windows for

3. Click “Connect” button and start the PPTP connection with IP-2000VPN. 4. After verifying client’s user name and password, if the connection is

7. Try to connect the resource PC (192.168.1.4) and search for the shared folder. 8. When you find out the shared folder, PPTP client can access t

8.4 Getting into Office Network from Internet (IPSec) – Windows XP IPSec Client In this example, a Windows 2000/XP client connects to the IP-2000VPN

Step 1: IP-2000VPN – Network Configuration Setting Type Value Notes Name To_XP Name does not affect operation. Select a meaningful name. Enab

Step 2: IP-2000VPN –Authentication and Encryption Setting Type Value Notes IKE Direction Both Directions Using "Responder only" is

IKE Authentication algorithm MD5 Must match with Client PC. IKE Encryption DES Must match with Client PC. IKE Exchange mode Main Mode Windows

AirLive IP-2000VPN User’s Manual 94. Power Up • Power on the Broadband modem. • Connect the supplied power adapter to the IP-2000VPN and power up. P

3. Click "Next", and then enter a policy name, for example "2KVPN To XP", then click "Next". 4. Step through the Wiz

1. No rules are in use. Two (2) rules are required - incoming and outgoing. 2. The outgoing rule will be added first. 6. Deselect the "Use Add

9. Enter the Source IP address and the Destination IP address. • Since this is the outgoing filter, the Source IP address is "My IP address"

11. On the resulting screen (above), ensure the "To 2KVPN" filter is selected, then click the Filter Action tab to see a screen like the fo

13. On the resulting screen (above), select Encryption and Integrity then click "OK" to save your changes and return to the Require Securit

14. Ensure the following settings are correct, and then click "OK" to return to the Filter Action tab of the Edit Rule Properties screen.

16. Click the Authentication Methods tab. 17. Click the "Edit" and select Use this string (preshared key), then enter your preshared key

18. Click "OK" to save your changes and return to the Authentication Methods tab of the Edit Rule Properties screen. 19. Click "Close

21. Click “Add” and fill in the name with "To WinXP", and then click "Add". 22. Enter the Source IP address and the Destination

23. Click "OK" to save the setting. 24. Ensure the "To Win2K" filter is selected, and then click the Filter Action tab. Air

1.3 Front Panel and Rear Panel LED Function Color Status Description Power Power indication ● Green On Power on On Error condition Status Syste

25. Select Require Security, then click "Edit". Check the Negotiate Security is selected. 26. Click "OK" to return to the Filter

28. Select the Authentication Methods tab, and click the "Edit" button. 29. Select Use this string (preshared key), then enter your presha

30. Click "OK" to save your settings, then "Close" to return to the 2KVPN to XP Properties screen. There should now be 2 IP Filer

32. Click the "Advanced" button to see the screen below. 33. Click the "Methods" button to see the screen below. 34. Move u

36. Right click the 2KVPN to XP Policy and select "Assign" to make your policy active. 37. Configuration is now complete.

AirLive IP-2000VPN User’s Manual 132CCChhhaaapppttteeerrr 999 SSStttaaatttuuusss Status Screen Use the Status link on the main menu to view

AirLive IP-2000VPN User’s Manual 133LAN IP Address The IP Address of the IP-2000VPN. Network Mask The Network Mask (Subnet Mask) for the IP Address ab

9.1 Connection Status – PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the "Connection Det

AirLive IP-2000VPN User’s Manual 135update the messages shown on screen. Buttons Connect If not connected, establish a connection to your ISP. Disconn

9.2 Connection Status – PPTP If using PPTP (Peer-to-Peer Tunneling Protocol), a screen like the following example will be displayed when the "Co

AirLive IP-2000VPN User’s Manual 111.4 Packing List The following items should be included: • IP-2000VPN Internet VPN Router • Installation CD-ROM •

AirLive IP-2000VPN User’s Manual 137Disconnect If connected to your ISP, hang up the connection. Clear Log Delete all data currently in the Log. This

9.3 Connection Status – Telstra Big Pond Data – Telstra Big Pond Screen Connection Physical Address The hardware address of this device, as seen b

AirLive IP-2000VPN User’s Manual 139Disconnect If connected to Telstra Big Pond, terminate the connection. Clear Log Delete all data currently in the

9.4 Connection Status – SingTel RAS If using the SingTel RAS access method, a screen like the following example will be displayed when the "Conn

AirLive IP-2000VPN User’s Manual 141Button will display EITHER "Release" OR "Renew" automatically on connection. (Dynamic IP addre

9.5 Connection Status – Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the following example will be

AirLive IP-2000VPN User’s Manual 143OR "Renew" • If the ISP's DHCP Server has NOT allocated an IP Address for the IP-2000VPN, this but

9.6 Connection Status – L2TP If using L2TP (Layer 2 Tunneling Protocol), a screen like the following example will be displayed when the "Connect

AirLive IP-2000VPN User’s Manual 145Buttons Connect If not connected, establish a connection to your ISP. Disconnect If connected to your ISP, hang up

AirLive IP-2000VPN User’s Manual 146CCChhhaaapppttteeerrr 111000 OOOttthhheeerrr FFFeeeaaatttuuurrreeesss& &&S SSeeettttttiii

AirLive IP-2000VPN User’s Manual 12CCChhhaaapppttteeerrr 222 DDDeeepppllloooyyymmmeeennnttt Overview This chapter describes the setup proced

Config File Screen Data – Config File Screen Config File Backup Config Use this to download a copy of the current configuration, and store the fil

10.2 Network Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These activities can be useful in solving

10.3 PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It eliminates the need to enter IP addre

IP Address Enter the IP Address of the PC. The PC will be sent a "ping" to determine its hardware address. If the PC is not available (not c

AirLive IP-2000VPN User’s Manual 151Data – PC Database (Admin) Screen PC Database (Admin) Known PCs This lists all current entries. Data displayed is

10.4 Remote Administration Remote Administration allows you to connect to this interface via the Internet, using your Web browser. Data – Remote

IP Address To manage this device via the Internet, you need to know the IP Address of this device, as seen from the Internet. This IP Address is alloc

AirLive IP-2000VPN User’s Manual 15410.5 Routing Overview • If you don't have other Routers or Gateways on your LAN, you can ignore the "

Data – Routing Screen RIP RIP Select the RIP (Routing Information Protocol) type based on the request and save the setting to enable it. The IP-2

AirLive IP-2000VPN User’s Manual 156Properties • Destination Network - The network address of the remote LAN segment. For standard class "C"

AirLive IP-2000VPN User’s Manual 13Configure or use any of the following: • Configuration File backup and restore. • Network Diagnostic • PC Database

AirLive IP-2000VPN User’s Manual 157Other Routers on the Local LAN Other routers on the local LAN must use the IP-2000VPN's Local Router as the D

10.6 Upgrade Firmware Use this screen to upgrade your IP-2000VPN's firmware. • You must download the required firmware file, and store it on yo

10.7 UPnP An example UPnP screen is shown below. Data – UPnP Screen UPnP Enable UPnP Services • UPnP (Universal Plug and Play) allows automatic

AirLive IP-2000VPN User’s Manual 160AAAppppppeeennndddiiixxx AAA PPPCCC CCCooonnnfffiiiggguuurrraaatttiiiooonnn Overview For each PC, the

3. Click on the Properties button. You should then see a screen like the following. Ensure your TCP/IP settings are correct, as follows: Using DHCP

• On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your IS

3. Select the network card for your LAN. 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address,

6. The DNS should be set to the address provided by your ISP, as follows: • Click the DNS tab. • On the DNS screen, shown below, click the Add but

Checking TCP/IP Settings- Windows 2000 1. Select Control Panel - Network and Dial-up Connection. 2. Right click the Local Area Connection icon and s

Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting, and it is recommended to use

Using your Web Browser To establish a connection from your PC to the IP-2000VPN: 1. Start your WEB browser. 2. In the Address box, enter "http:/

5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default

4. Close the TCP/IP panel, saving your settings. If using manually assigned IP addresses instead of DHCP, the required changes are: • Set the Rout

AirLive IP-2000VPN User’s Manual 169AAAppppppeeennndddiiixxx BBB VVVPPPNNN OOOvvveeerrrvvviiieeewww This section describes the VPN (Virtua

AirLive IP-2000VPN User’s Manual 170Policies VPN configuration settings are stored in Policies. Note that different vendors use different terms. Gene

AirLive IP-2000VPN User’s Manual 171IPSec parameters The IPSec parameters at each endpoint must match.

AirLive IP-2000VPN User’s Manual 172AAAppppppeeennndddiiixxx CCC TTTrrrooouuubbbllleeessshhhooooootttiiinnnggg Overview This chapter covers

AirLive IP-2000VPN User’s Manual 173Problem 2: Some applications do not run properly when using the IP-2000VPN. Solution 2: The IP-2000VPN processes

AirLive IP-2000VPN User’s Manual 174AAAppppppeeennndddiiixxx DDD SSSpppeeeccciiifffiiicccaaatttiiiooonnnsss Model IP-2000VPN Dimensions 14

AirLive IP-2000VPN User’s Manual 15CCChhhaaapppttteeerrr 333 CCCooonnnfffiiiggguuurrreee RRRooouuuttteeerrr Home Screen The first time you

AirLive IP-2000VPN User’s Manual 163.1 Setup Wizard The main purpose of Setup Wizard works to configure WAN type, when you finish the WAN port’s conf

Declaration of ConformityWe, Manufacturer/ImporterDeclare that the productInternet VPN Routeris in conformity withIn accordance with 89/336 EEC-EMC Di

DSL Modem Login method Type Details ISP Data required Dynamic IP Address Your IP Address is allocated automatically, when you connect to you ISP

Dynamic IP Address You connect to the ISP only when required. The IP address is usually allocated automatically. Usually, none. None Static IP Addr

SingTel RAS For this connection method, the following data is required: • User Name • Password • RAS Plan AirLive IP-2000VPN User’s Manual 19

Others (e.g. Fixed Wireless) Type Details ISP Data required Dynamic IP Address Your IP Address is allocated automatically, when you connect to you

3.2 LAN Use the LAN link on the main menu to reach the LAN screen. An example screen is shown below. Data - LAN Screen TCP/IP IP Address IP address

What DHCP Server Can Do A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request

AirLive IP-2000VPN User’s Manual 23Operation Once both the IP-2000VPN and the PCs are configured, operation is automatic. However, there are some sit

AirLive IP-2000VPN User’s Manual 24CCChhhaaapppttteeerrr 444 IIInnnttteeerrrnnneeettt FFFeeeaaatttuuurrreeesss 4.1 WAN Port Overview The

AirLive IP-2000VPN User’s Manual 25Data – WAN Port Configuration Screen Identification Hostname Normally, there is no need to change the default nam

AirLive IP-2000VPN User’s Manual 26DNS Automatically obtain from Server The DNS (Domain Name Server) address will be obtained automatically from your

AirLive IP-2000VPN CE Declaration StatementCountry Declaration Country DeclarationcsČesky [Czech]OvisLink Corp. tímto prohlašuje, že tento AirLive IP-

disconnected by your ISP, the connection will be re-established immediately. (However, this does not ensure that your Internet IP address will remain

Communication Applications Most applications are supported transparently by the IP-2000VPN. But sometimes it is not clear which PC should receive an i

Data – Special Applications Screen Special Applications Checkbox Use this to Enable or Disable this Special Application as required. Name Enter a des

This allows unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers. • This allows almost any application

AirLive IP-2000VPN User’s Manual 31Data – URL Filter Screen Filter Strings Current Entries This lists any existing entries. If you have not entered a

Dynamic DNS Screen Select Internet on the main menu, then Dynamic DNS, to see a screen like the following: Data – Dynamic DNS Screen DDNS Service D

4.4 Virtual Server This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to ac

Using the DMZ port for Virtual Servers You should connect your Virtual Servers to the DMZ port, for the following reasons: • Traffic passing between

AirLive IP-2000VPN User’s Manual 35Data – Virtual Servers Screen Servers Servers This lists a number of pre-defined Servers, plus any Servers you hav

4.5 Options This screen allows advanced users to enter or change a number of settings. For normal operation, there is no need to use this screen or c

AirLive IP-2000VPN User’s Manual 1Copyright The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in a

AirLive IP-2000VPN User’s Manual 37CCChhhaaapppttteeerrr 555 SSSeeecccuuurrriiitttyyy Overview The following advanced configurations are pr

Enter the "User Name" and "Password" you set on the Admin Login screen above. AirLive IP-2000VPN User

5.2 Access Control This feature is accessed by the Access Control link on the Security menu. The Access Control feature allows administrators to rest

AirLive IP-2000VPN User’s Manual 40Data – Access Control Screen Group Group Select the desired Group. The screen will update to display the settings

Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Use this screen to add or remove memb

5.3 Firewall Rule For normal operation and LAN protection, it is not necessary to use this screen. The Firewall will always block DoS (Denial of Serv

AirLive IP-2000VPN User’s Manual 43Data – Firewall Rules Screen Rule List View Rules for … Select the desired option; the screen will update and list

Define Firewall Rule Clicking the "Add" button in the Firewall Rules screen will display a screen like the example below.

AirLive IP-2000VPN User’s Manual 45Data – Define Firewall Rule Screen Define Firewall Rule Name Enter a suitable name for this rule. Type This deter

5.4 Logs The Logs record various types of activity on the IP-2000VPN. This data is useful for troubleshooting, but enabling all logs will generate a

AirLive IP-2000VPN User’s Manual 2Table of Contents Chapter 1 Introduction...

AirLive IP-2000VPN User’s Manual 47Data – Logs Screen Enable Logs Incoming Traffic Select the desired option: • All IP traffic - this will log all

AirLive IP-2000VPN User’s Manual 48System Log Select the desired option: • Router operations (start up, get time etc) - This option will log normal

5.5 E-mail Data – E-mail Screen E-Mail Alerts Send E-Mail alert If enabled, an E-mail will be sent immediately if a DoS (Denial of Service) attack

AirLive IP-2000VPN User’s Manual 50Subject Enter the text string to be shown in the "Subject" field for the E-mail. SMTP Server Enter the ad

5.6 Security Options This screen allows you to set Firewall and other security-related options. Data – Security Options Screen Firewall Enable D

AirLive IP-2000VPN User’s Manual 52Options Respond to ICMP (ping) The ICMP protocol is used by the "ping" and "trace route" progra

5.7 Scheduling • This schedule can be (optionally) applied to any Access Control Group. • Blocking will be performed during the scheduled time (bet

5.8 Services Services are used in defining traffic to be blocked or allowed by the Access Control or Firewall Rules features. Many common Services ar

AirLive IP-2000VPN User’s Manual 55CCChhhaaapppttteeerrr 666 IIIPPPSSSeeeccc VVVPPPNNN 6.1 Common VPN Situations VPN Pass-through Here, a

Office-to-Office VPN Gateway This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. • The 2 LANs MUST

AirLive IP-2000VPN User’s Manual 3Chapter 9 Status...

6.2 VPN Configuration This section covers the configuration required on the IP-2000VPN when using Manual Key Exchange (Manual Policies) or IKE (Autom

Move The order in which policies are listed is only important if you have multiple polices for the same remote site. In that case, the first matching

• If you prefer to use a single setup screen instead of a Wizard, click the Setup Screen button. This is recommended for experienced users only. • Ot

2. Click Next to continue. You will see a screen like the following: • For outgoing VPN connections, these settings determine which traffic will ca

Remote IP addresses Type • Single address - enter an IP address in the "Start IP address" field. • Range address - enter the starting IP a

AirLive IP-2000VPN User’s Manual 62Manually assigned Keys AH Authentication AH (Authentication Header) specifies the authentication protocol for the V

ESP SPI This is required if either ESP Encryption or ESP Authentication is enabled. • Each SPI (Security Parameter Index) must be unique. • The &qu

AirLive IP-2000VPN User’s Manual 64IKE Phase 1 (IKE SA) Local Identity This setting must match the "Remote Identity" on the remote VPN. Sele

Direction Select the desired option: • Initiator - Only outgoing connections will be created. Incoming connection attempts will be rejected. • Respo

IKE Phase 2 (IPSec SA) IPSec SA Life Time This setting does not have to match the remote VPN endpoint; the shorter time will be used. Although measure

AirLive IP-2000VPN User’s Manual 4CCChhhaaapppttteeerrr 111 IIInnntttrrroooddduuuccctttiiiooonnn The AirLive Internet VPN Router, IP-2000VPN

6.3 Certificates Certificates are used to authenticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certif

Requesting a Trusted Certificate 1. After obtaining a new Certificate from the CA, you need to upload it to the IP-2000VPN. 2. On the "Certifi

AirLive IP-2000VPN User’s Manual 69Active Self Certificates Name The name you assigned to this Certificate. You should select a name which helps to id

2. Complete this screen. Name Enter a name which helps to identify this particular certificate. This name is only for your reference, it is not vi

3. Click "Next" to continue to the following screen. 4. Check that the data displayed in the Certificate Details section is correct. Thi

9. Upload the Certificate: • Click the Browse button, and locate the certificate file on your PC. • Select the file. The name will appear in the C

6.4 CLRs • CRLs are only necessary if using Certificates. • CRL (Certificate Revocation List) files show Certificates which have been revoked, and

6.5 Status This screen lists all VPN SAs (Security Association) which exist at the current time. • If no VPN tunnels exist at the current time, th

AirLive IP-2000VPN User’s Manual 75CCChhhaaapppttteeerrr 777 MMMiiicccrrrooosssooofffttt VVVPPPNNN (((PPPPPPTTTPPP))) Overview Microsof

Data – Microsoft VPN Screen PPTP Server Enable Use this checkbox to enable or disable this feature as required. To allow connection by remote Windows

AirLive IP-2000VPN User’s Manual 51.1 Features IPSec VPN Features • IPSec. Support for IPSec standards, including IKE and certificates. • 10 Tun

AirLive IP-2000VPN User’s Manual 77Data – Microsoft VPN Client Database Screen Existing Users User List All existing users are listed. If you have no

Status Screen The Status screen is accessed by selecting the Status option on the Microsoft VPN menu. Data – Microsoft VPN Status Screen Server S

7.2 Windows PPTP Clients Setup To connect to the PPTP (VPN) Server in the IP-2000VPN: • The Microsoft VPN feature in the IP-2000VPN must be enabled

4. Enter the Internet IP address or domain name of this device. (If you don't have a fixed IP address, you can use a Dynamic DNS service to obta

Windows 2000 Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open "Network Connections", and star

3. On the screen above: • Select "Do not dial the initial connection" if Internet access is via the LAN. • If using a PPPoE software clie

5. Choose whether to allow this connection for everyone, or only for yourself, as required. Click Next to continue. 6. Enter a suitable name, a

Windows XP Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network Connections (Start-Settings-Network

3. On the next screen, shown above, select the "Virtual Private Network connection" option. Click Next to continue. 4. Enter a suitab

5. On the screen above, select "Do not dial the initial connection". Click Next to continue. 6. On the screen above, enter the Domain N

AirLive IP-2000VPN User’s Manual 6Advanced Internet Functions • Communication Applications. Support for Internet communication applications, such

AirLive IP-2000VPN User’s Manual 877. Choose whether to allow this connection for everyone, or only for yourself, as required. Click Next to contin

Windows Vista Ensure you have logged on with Administrator rights before attempting this procedure. 1. Select Control Panel Æ Network and Sharing Cen

3. On the next screen, select and press “Use my Internet connection (VPN)”. 4. If PC was configured to dial up ISP with PPPoE or else, system wil

5. User should fill in the PPTP server IP address in the screen “Type the Internet address to connect to”. 6. Type in the user name and password

7. If PPTP client connect successfully to PPTP server, user can see the following screen. 8. Ping the IP-2000VPN LAN IP address (192.168.1.1) and

AirLive IP-2000VPN User’s Manual 92CCChhhaaapppttteeerrr 888 VVVPPPNNN EEExxxaaammmpppllleee This section describes some examples of using

8.1 Office-to-office IPSec VPN – Connecting to 2 IP-2000VPN In this example, 2 IP-2000VPN will connect VPN with each other and gains access to the bo

Data – Network Configuration Setting Type Value Notes Name Policy_A Name does not affect operation. Select a meaningful name. Enable Policy Enab

AirLive IP-2000VPN User’s Manual 95Data – Authentication and Encryption Setting Type Value Notes IKE Direction Both Directions Do not have to ma

Step 3: IPSec VPN Site B – Network Configuration Data – Network Configuration Setting Type Value Notes Name Policy_B Name does not affect op