HP OfficeConnect Router Series User's Manual

dua08609-5aaa01.book Page 1 Thursday, September 11, 2003 12:15 PM


3Com Corporation

350 Campus Drive

Marlborough, MA 01752-3064

Copyright © 2003, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com

Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.

3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or

!LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in

DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in

DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com, the 3Com logo and OfficeConnect are registered trademarks of 3Com Corporation.

Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS,

Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and

NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the

United States and other countries, licensed exclusively through X/Open Company, Ltd.

Netscape Navigator is a registered trademark of Netscape Communications.

JavaScript is a trademark of Sun Microsystems

All other company and product names may be trademarks of the respective companies with which they are associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.


C

ONTENTS

Contents 3

About This Guide 7

Naming Convention 7

Conventions 7

Introducing the OfficeConnect Secure Router 9

OfficeConnect Secure Router 9

Secure Router Advantages 10

Package Contents 11

Minimum System and Component Requirements 11

Front Panel 12

Rear Panel 13

Installing the Router 15

Introduction 15

Positioning the Router 15

Safety Information 15

Using the Rubber Feet 15

Using the Stacking Clip 15

Before you Install your Router 16

Dynamic IP Address (DSL or Cable) 16

PPPoE (DSL only) 16

Static IP Address (DSL or Cable) 16

PPTP (DSL or Cable) 16

Powering Up the Router 17

Connecting the Secure Router 17

3

Setting Up Your Computers 19

Obtaining an IP Address Automatically 19

Windows 2000, XP, 2003 Server 19

Windows 95, 98 20

Macintosh OS 8.5, 9.x

20

Disabling PPPoE and PPTP Client Software 20

Disabling Web Proxy 21

Running the Setup Wizard 23

Accessing the Wizard 23

Setting the Password 24

Setting the Time Zone 25

Auto-Configuration Settings 26

Internet Settings 26

Choosing your LAN Settings 30

Activating DHCP 30

Viewing the Summary 31

Router Configuration 33

Navigating Through the Router Configuration Pages 33

Main Menu 33

Option Tabs 33

Welcome Screen 34

Viewing the Notice Board 34

Changing the Administration Password 35

Setup Wizard 35


Network Settings 35

Connection to ISP 36

LAN Settings 41

DHCP Clients List 42

Advanced Networking 44

Setting up NAT 44

Static Routing 46

Dynamic Routing 47

Dynamic DNS 48

Configuring the Router 48

The Virtual Servers Menu 48

PC Privileges 50

Special Applications 52

Advanced 55

Content Filtering 56

Allow/Block Lists 56

Filter Policy 57

Configuring VPNs 58

Setting the VPN Mode 58

Viewing VPN Connections 60

Editing IPSec Routes 66

4

Accessing the System Tools 67

Restart 67

Time Zone 68

Diagnostics Tools 68

Loading and Saving the Router Configuration 69

Upgrading the Firmware of your Router 69

Viewing Status and Logs 70

Obtaining Support and Feedback for your Router 72

Troubleshooting 75

Basic Connection Checks 75

Browsing to the Router Configuration Screens 75

Connecting to the Internet 76

Forgotten Password 76

Alert LED 77

Recovering from Corrupted Software 77

Frequently Asked Questions 78

Using Discovery 79

Running the Discovery Application 79

Windows Installation (95/98/XP/2000/2003 Server/NT) 79

IP Addressing 81

The Internet Protocol Suite 81

IP Addresses and Subnet Masks 81


How does a Device Obtain an IP Address and Subnet Mask?

82

DHCP Addressing 82

Static Addressing 82

Auto-IP Addressing 83

Private IP Addresses 83

Technical Specifications 85

Interfaces 85

Operating Temperature 85

Power 85

Humidity 85

Dimensions 85

Weight 85

VPN Tunnels 85

Standards 85

System Requirements 86

Operating Systems 86

Ethernet Performance 86

Cable Specifications 86

Safety Information 87

Important Safety Information 87

Wichtige Sicherheitshinweise 87

Consignes importantes de sécurité 88

Obtaining Support for your Product 91

Register Your Product to Gain Service Benefits 91

Purchase Value-Added Services 91

5

Troubleshoot Online 91

Access Software Downloads 91

Contact Us 92

Telephone Technical Support and Repair 92

End User Software Licence Agreement 95

3Com Corporation

END USER SOFTWARE LICENSE AGREEMENT 95

ISP Information 97

Information Regarding Popular ISPs 97

Glossary 99

Index 105

Regulatory Notices 111


6


A

BOUT

T

HIS

G

UIDE

This guide is intended for use by those responsible for installing and setting up network equipment; consequently, it assumes a basic working knowledge of LANs (Local Area Networks) and

Internet security systems.

If a release note is shipped with this OfficeConnect Secure Router and contains information that differs from the information in this guide, follow the information in the release note.

Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) on the 3Com World

Wide Web site: http://www.3com.com

Conventions

Table 1 and Table 2 list conventions that are used throughout this

guide.

Icon

Table 1 Notice Icons

Notice Type

Information note

Caution

Warning

Description

Information that describes important features or instructions

Information that alerts you to potential loss of data or potential damage to an application, system, or device

Information that alerts you to potential personal injury

Naming Convention

Throughout this guide, the OfficeConnect Secure Router is referred to as the Router.

Category 3 and Category 5 Twisted Pair Cables are referred to as

Twisted Pair Cables throughout this guide.

Table 2 Text Conventions

Convention Description

The words “enter” and “type”

When you see the word “enter” in this guide, you must type something, and then press Return or Enter.

Do not press Return or Enter when an instruction simply says “type.”

Keyboard key names

If you must press two or more keys simultaneously, the key names are linked with a plus sign (+).

Example:

Press Ctrl+Alt+Del

7


Table 2 Text Conventions (continued)

Convention

Words in italics

Description

Italics are used to:

■

■

Emphasize a point.

Denote a new term at the place where it is defined in the text.

■

Identify menu names, menu commands, and software button names. Examples:

From the Help menu, select Contents.

Click OK.

Feedback about this User Guide

Your suggestions are very important to us. They will help make our documentation more useful to you. Please e-mail comments about this document to 3Com at: [email protected]

Please include the following information when commenting:

■ Document title

■

■

Document part number (on the title page)

Page number (if appropriate)

Example:

■ OfficeConnect Secure Router User Guide

■

■

Part Number DUA08609-5AAA0x

Page 24

8

Do not use this e-mail address for technical support questions.

For information about contacting Technical Support, please refer to

“Obtaining Support for your Product” on page 91 .


I

NTRODUCING THE

O

FFICE

C

ONNECT

S

ECURE

R

OUTER

Welcome to the world of networking with 3Com

®

. In the modern business environment, communication and sharing information is crucial. Computer networks have proved to be one of the fastest modes of communication but, until recently, only large businesses could afford the networking advantage. The

OfficeConnect

® product range from 3Com has changed all this, bringing networks to the small office.

Figure 1 Example Network Without a Secure Router

Cable/DSL

Modem

Internet

The products that compose the OfficeConnect line give you, the small office user, the same power, flexibility, and protection that has been available only to large corporations. Now, you can network the computers in your office, connect them all to a single Internet outlet, and harness the combined power of all of your computers.

OfficeConnect Secure Router

The OfficeConnect Secure Router is designed to provide a cost-effective means of sharing a single broadband Internet connection amongst several computers.

The Router also increases your network security by acting as a firewall, preventing unauthorised external access to your network, and by creating Virtual Private Networks (VPNs) — encrypted links to other private networks.

The example in Figure 1 shows a network connected to the

Internet without a Router. One computer is connected to the

Internet using a Cable or DSL modem. This computer must always be powered on for the other computers on the network to access the Internet.

OfficeConnect

Switch

9


When you use the Secure Router in your network ( Figure 2 ), it

becomes your connection to the Internet. Connections can be made directly to the Router, or through an OfficeConnect Hub or

Switch, expanding the number of computers you can have in your network.

Figure 2 Example Network Using a Secure Router

Your existing

Cable/DSL

Modem

Internet

OfficeConnect

Secure Router

Secure Router Advantages

The advantages of using the Secure Router include:

■

■

■

■

■

■

■

■

Provides firewall protection against Internet hacker attacks.

■

Implements Stateful Packet Inspection (SPI) to block network intrusions.

■

■

Blocks Denial of Service (DoS) attacks by using pattern detection.

Supports Virtual Private Networks (VPNs).

■

Initiates and terminates IPSec connections.

Terminates PPTP and L2TP over IPSec connections.

■

Provides hardware accelerated encryption for IPSec VPNs, including L2TP over IPSec.

Shared Internet connection.

No need for a dedicated, “always on” computer serving as your Internet connection.

Cross-platform operation for compatibility with Windows,

Unix and Macintosh computers.

Easy-to-use, Web-based setup and configuration.

Provides centralization of all network address settings (DHCP).

Provides Virtual Server redirection to enable remote access to

Web, FTP, and other services on your network

OfficeConnect

Switch

10


Package Contents

The OfficeConnect Secure Router kit includes the following items:

■

■

■

■

■

■

■

■

■

■

One OfficeConnect Secure Router

One power adapter for use with the Router

Four rubber feet

One stacking clip

One Ethernet cable

One CD-ROM containing

■ the Discovery program

■

■ this User Guide the license agreement

One Installation Guide

One Support and Safety Information sheet

One Warranty flyer

One License Agreement

If any of these items are missing or damaged, please contact your retailer.

Minimum System and Component Requirements

Your OfficeConnect Secure Router requires that the computer(s) and components in your network be configured with at least the following:

■ A computer with an operating system that supports TCP/IP networking protocols (for example Windows

95/98/NT/Me/2000/XP, Unix, Mac OS 8.5 or higher).

■

■

■

■

An Ethernet 10 Mbps or 10/100 Mbps NIC for each computer to be connected to the four-port switch on your Router.

An Internet access device with an Ethernet (RJ-45) port, for example a cable modem or DSL modem.

An active Internet access account.

A Web browser program that supports JavaScript, such as

Netscape 4.7 or higher or Internet Explorer 5.5 or higher.

11


Front Panel

Alert

The front panel of the Secure Router contains a series of indicator lights (LEDs) that help describe the state of various networking and connection operations.

Figure 3 Secure Router - Front Panel

1 2 3 4

LAN Status Cable/DSL

1 Alert LED (Orange)

Indicates a number of different conditions, as described below.

Off

The Router is operating normally.

Flashing quickly

Indicates one of the following conditions:

■ The Router has just been started up and is running a self-test routine.

The Alert LED may continue to flash for one minute or longer, depending on your network configuration.

■ The system software is in the process of being upgraded.

In each of these cases, wait until the Router has completed the current operation and the alert LED is Off.

Flashing slowly

The Firmware is corrupt or the Router has

booted in fail-safe mode. See “Troubleshooting” on page 75 .

On for 2 seconds, then off

The Router has detected and prevented a hacker from attacking your network from the

Internet.

Continuously on

A fault has been detected with your Router during the start-up process. See

“Troubleshooting”

on

page 75 .

The Alert LED will be on for a period of between three and five seconds during the power on self test. This is normal and no cause for alarm.

2 Power LED (Green)

Indicates that the Router is powered on.

3 Four LAN Status LEDs

Green (100 Mbps link) / Yellow (10 Mbps link)


On

The link between the port and the next piece of network equipment is OK.

Flashing

The link is OK and data is being transmitted or received.

Off

Indicates one of the following

■ nothing is connected

■

■ the connected device is switched off there is a problem with the connection.

“Troubleshooting” on page 75

.

12


4 Cable/DSL Status LED

Green (100 Mbps link) / Yellow (10 Mbps link)


On

The link between the Router and the cable or DSL modem is OK.

Flashing

The link is OK and data is being transmitted or received.

Off

Indicates one of the following

■ nothing is connected

■

■ the modem is switched off there is a problem with the connection.

“Troubleshooting” on page 75 .

Rear Panel

The rear panel (

Figure 4 ) of the Router contains four LAN ports,

one Ethernet Cable/DSL port, and a power adapter socket.

Figure 4 Secure Router - Rear Panel

5 6 7

Ethernet

Cable/

DSL

LAN

5 Power Adapter socket

Only use the power adapter that is supplied with this Router. Do not use any other adapter.

6 Ethernet Cable/DSL port

Use the supplied patch cable to connect the Router to the

10/100 port on your cable or DSL modem. This port will automatically adjust for the correct speed, duplex and cable type.

You can connect your Cable/DSL modem using either straight-through or crossover cables.

7 Four 10/100 LAN ports

Use suitable cable with RJ-45 connectors. You can connect your

Router to a computer, or to any other piece of equipment that has an Ethernet connection (for example, a hub or a switch). All ports will automatically adjust for the correct speed, duplex and cable type. You can connect your Ethernet devices using either straight-through or crossover cables.

13


14


I

NSTALLING THE

R

OUTER

Introduction

This chapter will guide you through a basic installation of the

OfficeConnect Secure Router, including:

■

■

Connecting the Router to the Internet.

Connecting the Router to your network.

Positioning the Router

You should place the Secure Router in a location that:

■ is conveniently located for connection to the cable or DSL modem that will be used to connect to the Internet.

■

■ allows convenient connection to the computers that are to be connected to the four LAN ports on the rear panel.

allows easy viewing of the front panel LED indicator lights, and access to the rear panel connectors, if necessary.

Safety Information

WARNING: Please read the “Important Safety Information” section before you start.

VORSICHT: Bitte lesen Sie den Abschnitt “Wichtige

Sicherheitsinformationen” sorgfältig durch, bevor Sie das Gerät einschalten.

AVERTISSEMENT: Veuillez lire attentivement la section

“Consignes importantes de sécurité” avant de mettre en route.

When positioning your Router, ensure:

■

■

■

■

It is out of direct sunlight and away from sources of heat.

Cabling is away from power lines, fluorescent lighting fixtures, and sources of electrical noise such as radios, transmitters and broadband amplifiers.

Water or moisture cannot enter the case of the unit.

Air flow around the unit and through the vents in the side of the case is not restricted. We recommend you provide a minimum of 25mm (1in.) clearance.

Using the Rubber Feet

Use the four self-adhesive rubber feet to prevent your Router from moving around on your desk or when stacking with flat top

OfficeConnect units. Only stick the feet to the marked areas at each corner of the underside of your Routerl.

Using the Stacking Clip

The stacking clip allows you to stack your OfficeConnect units together neatly and securely.

CAUTION: You can stack up to a maximum of four units. Smaller units must be stacked above larger units.

To fit the clip:

1

2

Place your unit on a flat surface.

Fit the clip across the top of the unit, as shown in

Figure 5

(picture 1), ensuring that the longer sections of the fastening pieces are pointing downwards.

3 Align the fastening pieces over the slots found on each side of the unit.

15


4 Push the clip down gently to secure it, ensuring the fastening pieces snap into the slots on the unit.

To fit another unit:

1 Rest the second unit on top of the clip and align it with the front of the unit below.

2 Press down gently on the unit to secure it onto the clip, ensuring the fastening pieces fit into the slots on the unit below, as shown in

Figure 5

(picture 2).

Figure 5 Stacking Your Units Together

1

Fastening

Piece

2

Fastening

Piece

To remove the clip:

1

2

Remove the top unit together with the clip. If you hook a finger around one of the the fastening pieces and then pull it gently from out of the slot, the clip should come away with the upper unit attached to it.

Push the clip in the center, so it bends towards the base of the unit, and then separate once the clip is loose.

Before you Install your Router

Before you can configure the Router you need to know the IP information allocation method used by your ISP. There are four different ways that ISPs allocate IP information, as described below:

Dynamic IP Address (DSL or Cable)

Dynamic IP addressing (or DHCP) automatically assigns the Router

IP information. This method is popular with Cable providers. This method is also used if your modem has a built in DHCP server.

PPPoE (DSL only)

If the installation instructions that accompany your modem ask you to install a PPPoE client on your PC then select this option.

Note that when you install the Router, you will not need to use the PPPoE software on your PC. To configure the Router you will need to know the following: Username, Password, and Service

Name (if required by your ISP).

Static IP Address (DSL or Cable)

The ISP provides the IP addressing information for you to enter manually. To configure the Router you will need to know the following: IP Address, Subnet Mask, ISP Gateway Address, and

DNS address(es).

PPTP (DSL or Cable)

PPTP is used by some providers, mostly in Europe. If the installation instructions that accompany your modem ask you to setup a dialup connection using a PPTP VPN tunnel then select

16

dua08609-5aaa01.book Page 17 Thursday, September 11, 2003 12:15 PM this option. Note that when you install the Router, you will not need to use the dialup VPN on your PC anymore. To configure the Router you will need to know the following: Username,

Password, and VPN Server address (usually your modem). You will be asked for the IP Allocation Mode when you run the Setup

Wizard.

Powering Up the Router

1 Plug the power adapter into the power adapter socket located

on the back panel of the Router (refer to “Power Adapter socket”

on

page 13 ).

2 Plug the power adapter into a standard electrical wall socket.

Connecting the Secure Router

The first step for installing your Secure Router is to physically connect it to a cable or DSL modem in order to be able to access the Internet.

:

Figure 6 Connecting the Secure Router

Your existing

Cable/DSL

Modem

Internet

5

Ethernet

Cable/

DSL

LAN

OfficeConnect

OfficeConnect

Secure Router

1

2

OfficeConnect

Switch

To use your Secure Router to connect to the Internet through an external cable or DSL modem (

Figure 6

)

Use the supplied cable to connect the Router's Ethernet

Cable/DSL port to your Cable/DSL modem. Ensure that your modem is connected to the Internet and switched on.

Connect your computer to one of the 10/100 LAN ports on the

Router.

17


3

4

Connect the power adaptor to the Router and wait for the Alert

LED to stop flashing. Check that the Cable/DSL Status LED is illuminated.

Switch on your computer. Once your computer is ready to use, check that the LAN Port Status LED on the Router is illuminated.

You have now completed the hardware installation of your

Router. You now need to set up your computers so that they can make use of the Router to communicate with the Internet.

18


S

ETTING

U

P

Y

OUR

C

OMPUTERS

The OfficeConnect Secure Router has the ability to dynamically allocate network addresses to the computers on your network, using DHCP. However, your computers need to be configured correctly for this to take place. To change the configuration of your computers to allow this, follow the instructions in this chapter.

If your computers are configured with static addresses (also known as fixed addresses) and you do not wish to change this, then you should use the Discovery program on the Router

CD-ROM to detect and configure your Router. Refer to

“Using

Discovery”

on

page 79

for information on using the Discovery program.

4

5

Click on Properties.

A screen similar to Figure 7 should be displayed. Select Internet

Protocol (TCP/IP) and click on Properties.

Figure 7 Local Area Connection Properties

Obtaining an IP Address Automatically

Windows 2000, XP, 2003 Server

1

2

3

If you are using Windows 2000, Windows XP or Windows 2003

Server, use the following procedure to change your TCP/IP settings (Windows XP and 2003 Server specific instructions in brackets):

From the Windows Start Menu, select Settings > Control Panel

(select Control Panel directly from the Start menu in Windows

XP)

Double click on Network and Dial-Up Connections (Network and

Internet Connections). For XP and 2003 Server only — click on

Network Connections.

Double click on Local Area Connection.

19

6 Ensure that the options Obtain an IP Address automatically, and

Obtain DNS server address automatically are both selected as shown in

Figure 8 . Click OK.


Figure 8 Internet Protocol Properties 3

4

5

In the TCP/IP control panel, set Configure: to “Using DHCP

Server.”

Close the TCP/IP dialog box, and save your changes.

Restart your computer.

7 Restart your computer.

Windows 95, 98

1 From the Windows Start Menu, select Settings > Control Panel.

2

3

4

Double click on Network. Select the TCP/IP item for your network card and click on Properties.

In the TCP/IP dialog, select the IP Address tab, and ensure that

Obtain IP address automatically is selected. Click OK.

Restart your computer.

Macintosh OS 8.5, 9.x

If you are using a Macintosh computer, use the following procedure to change your TCP/IP settings:

1

2

From the desktop, select Apple Menu, Control Panels, and TCP/IP.

In the TCP/IP control panel, set Connect Via: to “Ethernet.”

Disabling PPPoE and PPTP Client Software

If you have PPPoE or PPTP client software installed on your computer, you will need to disable it. To do this:

1

2

3

4

From the Windows Start menu, select Settings > Control Panel.

Double click on Internet Options.

Select the Connections Tab. A screen similar to Figure 9 should

be displayed.

Select the Never Dial a Connection option and click OK.

20


Figure 9 Internet Properties

You may wish to remove the PPPoE client software from your computer to free resources, as it is not required for use with the

Router.

Disabling Web Proxy

Ensure that you do not have a web proxy enabled on your computer.

Go to the Control Panel and click on Internet Options. Select the

Connections tab and click on LAN Settings at the bottom. Make sure that the Use Proxy Server option is unchecked.

21


22


R

UNNING THE

S

ETUP

W

IZARD

If the Router needs to be configured, for example if it has not yet been used or has been reset, it will run the Setup Wizard automatically. This detects some of the settings the Router needs to function and asks that you input the others.

Accessing the Wizard

The Secure Router Setup Wizard is Web-based, which means that it is accessed through your Web browser (Netscape Navigator or

Internet Explorer).

1

2

To use the Setup Wizard:

Ensure that you have at least one computer connected to the

Router. See

“Installing the Router” on page 15

.

Launch your Web browser on the computer. Enter the URL of your Router in to the location or address box of your browser

(

Figure 10 ).

The default URL for the Router is http://192.168.1.1. If you have changed the IP address of the unit you should substitute this for the default address within the URL.

Figure 10 Web Browser Location Field (Factory Default)

3

The Login screen, as shown in

Figure 11 , should appear in your

browser. If it does not, refer to “Troubleshooting” on page 75 .

To log in, enter the password (the default password is admin) in the System Password field and click Log in.

Figure 11 Login Screen

4 If the password is correct, the OfficeConnect Secure Router

Welcome screen, shown in

Figure 12 , will appear. If your Router has not been configured before, the Wizard, shown in Figure 13,

will also launch automatically.

23


Figure 12 Welcome Screen Figure 13 Wizard Screen

5

If the Wizard does not launch automatically (this may occur if the

Router has been powered up or configured previously) you can launch the Wizard manually.

To launch the Wizard manually click on the Setup Wizard tab in the welcome screen followed by the WIZARD... button.

Click Next to continue.

You will now be guided through the setup of your Router.

Setting the Password

When the Change Administration Password screen ( Figure 14 )

appears, type the Old Password, then a new password in both the New Password and Confirm Password fields.

The default password for the Router is ‘admin’. It is case sensitive and must be entered as the Old Password the first time you configure the Router. 3Com recommends that you change the password from its default value.

24


Figure 14 Change Administration Password Screen

1

2

3

To set the Router to World Time (UTC):

Select (GMT) Greenwich Mean Time from the drop-down menu.

Ensure that the Enable Daylight Saving box is cleared.


Figure 15 Time Zone Screen

Choose a password that you can remember but that others are unlikely to guess. Remember that the password is case sensitive.

Click Next to display the Time Zone setup screen (

Figure 15

).

Setting the Time Zone

The Router sets its time automatically when it connects to the

Internet. This time is used when recording information log files.

1

2

3

To set the Router to your local time:

Select your time zone from the drop-down menu.

Check the Enable Daylight Saving box to automatically adjust the time seasonally.


25

The Daylight Savings option automatically adjusts the system clock for summer and winter time. To disable this feature ensure

that the Enable Daylight Saving box is cleared.


Auto-Configuration Settings

If the Router is able to detect a PPPoE or DHCP server on its

Ethernet Cable/DSL port then it will offer you the option of configuring its Internet settings automatically. As an example, the

Auto-Configuration screen for PPPoE is shown in

Figure 16

below.

Figure 16 PPPoE Auto-configuration Screen

Internet Settings

The Internet Settings window allows you to set up the Router for the type of Internet connection you have. Before setting up your

Internet connection mode, have the modem configuration supplied by your ISP to hand.

Figure 17 Internet Settings Screen

Click Next to accept the option you have chosen and continue.

■

■

If the Router could not automatically configure your internet settings or if you chose to configure your Internet settings

manually, continue at “Internet Settings” below.

If you chose one of the automatic configuration options

continue at “Choosing your LAN Settings” on page 29.

26

Select the Internet Addressing mode your ISP requires and click

Next. Depending on your selection, refer to:

■

■

■

■

“Static IP Mode” on page 27

“Dynamic IP Address Mode” on page 27

“PPPoE Mode” on page 28 ,

“PPTP Mode” on page 29

.


Static IP Mode

To setup the Router for use with a static IP address connection, use the following procedure:

Figure 18 Static IP Mode Screen

Dynamic IP Address Mode

To setup the Router for use with a dynamic IP address connection:

Figure 19 Hostname Screen

1

2

3

4

5

6

Enter your IP Address in the IP Address text box.

Enter your subnet mask in the Subnet Mask text box.

Enter your ISP Gateway address in the Internet (ISP) Gateway

Address text box.

Enter your primary DNS address in the Primary DNS Address text box.

If your ISP provides a secondary DNS address, enter it in the

Secondary DNS Address text box, otherwise leave the box blank.


1

2

3

If your ISP requires the addresses of a Primary and Secondary

DNS Server then enter them in the fields labelled Primary DNS

Address and Secondary DNS Address.

If your ISP does not require one of the fields to be filled in then leave it blank.

If your ISP requires you to supply a host name enter it in the Host

Name box, otherwise leave the box blank.

Click Next to continue to the Clone MAC Address screen, shown in

Figure 20 below.

27


Figure 20 Clone MAC Address Screen

PPPoE Mode

To setup the Router for use with a PPP over Ethernet (PPPoE) connection, use the following procedure:

Figure 21 PPPoE Screen

4

5

If your ISP requires an assigned MAC address, select the appropriate radio button:

■ Yes, please clone the MAC address from the PC I’m currently

using if the computer you are using now is the one that was previously connected directly to the cable or DSL modem.

■ Yes, I would like to enter a MAC address manually and manually enter the values for a MAC address if the computer you are using now was not previously connected directly to the cable or DSL modem.

Otherwise select No.

Click Next to continue

Continue at

“Choosing your LAN Settings” on page 30 .

1

2

3

Enter your PPP over Ethernet user name in the PPPoE User Name text box.

Enter your PPP over Ethernet password in the PPPoE Password text box.

If your ISP does not require one of the fields to be filled in then leave it blank.

If your ISP requires you to supply a PPPoE service name, enter it in the PPPoE Service Name text box.

28


4

5

6

7

If your ISP requires the addresses of a Primary and Secondary

DNS Server then enter them in the fields labelled Primary DNS

Address and Secondary DNS Address.

If your ISP requires you to supply a host name enter it in the Host

Name box, otherwise leave the box blank.

If your ISP charges for connection time then you may wish to set the Maximum Idle time to control costs. The Maximum Idle Time is the amount of time without activity before the Router terminates the Internet connection. By default the value will be forever.


Continue at “Choosing your LAN Settings” on page 30 .

PPTP Mode

To setup the Router for use with a PPTP connection, use the following procedure:

Figure 22 PPTP Screen

2

3

4

1

5

6

Enter your PPTP server address in the PPTP Server Address text box.

Enter your PPTP user name in the PPTP User Name text box.

Enter your PPTP password in the PPTP Password text box.

If your ISP requires the address of a Primary DNS Server then enter it in the field labelled Primary DNS Address.

If your ISP requires the address of a Secondary DNS Server then enter it in the field labelled Secondary DNS Address, otherwise leave the box blank.

If you wish to set maximum idle time enter it in the Maximum

Idle Time box, otherwise leave the box blank. If your ISP charges for connection time then you may wish to set the Maximum Idle time to control costs. The Maximum Idle Time is the amount of

29

dua08609-5aaa01.book Page 30 Thursday, September 11, 2003 12:15 PM time without activity before the Router terminates the Internet connection. By default the value will be forever.

Check all your settings, and then click Next.

7

Choosing your LAN Settings

The LAN settings screen, shown in

Figure 23

below, displays the

Router’s current IP address and subnet mask. If this is the first time the Wizard has been run it will display the default address and subnet mask.

Figure 23 LAN IP Address Screen

2

3

3Com recommends that you use the default IP address and subnet mask unless you already have a network that uses different values.

Enter your chosen subnet mask in the Subnet Mask field. This should be large enough to contain all your computers and other network devices. The default (255.255.255.0) allows for 254 devices including the Router.

If you are going to set up an IPSec VPN with another Router you must set your subnet mask to 255.255.255.0. See

“Configuring

VPNs”

on

page 58 .

Activating DHCP

The Router contains a Dynamic Host Configuration (DHCP) server that can automatically configure the TCP/IP settings of every computer on your network. The DHCP Server Setup screen is shown below.

If you intend to use the Router to control the permissions of individual machines on your network then you must use the

Router’s DHCP server to allocate addresses (or use static addressing). If you use another DHCP server you may get

unexpected results. See “PC Privileges” on page 50 .

1 Enter your chosen IP address for the Router in the IP Address field. This should be a private network so that it does not conflict with IP addresses on the Internet. See

“Private IP Addresses” on page 83

.

30


Figure 24 DHCP Server Setup Screen

Viewing the Summary

When you complete the Setup Wizard, a configuration summary will display. See

Figure 25 below. Verify the configuration

information of the Router and click Finish to save your settings and restart the Router.

Figure 25 Configuration Summary Screen

3Com recommends that you activate the DHCP server and leave it at the default values unless you already have a DHCP Server on your network.

■ To activate the DHCP Server option, select Enable the DHCP

server with the following settings:. The DHCP server will default to the addresses 192.168.1.100 to 192.168.1.200 if the IP address of the Router has been left at the default

192.168.1.1.

The Setup Wizard suggests a DHCP server address range that is valid for the LAN settings entered. If the defaults are used it will be 100 - 200. The suggested range will vary depending on the

LAN settings entered in the LAN IP Address screen.

■

To disable DHCP, select Do not enable the DHCP server.

Click Next when you have finished.

31

3Com recommends that you print the Configuration Summary screen for your records.

If you have changed the IP address of your Router your computer will need to change its IP address to communicate with the

Router. Reboot your computer once the Router has restarted to get a new address.


If want to make changes, click the Back button until you reach the screen which contains the settings you want to change and follow the instructions from that point.

Your Router is now configured.

You can start using your Router straight away or further configure your Router (see

“Router Configuration” on page 33 ).

32


R

OUTER

C

ONFIGURATION

This chapter describes all the options available through the

Router configuration pages, and is provided as a reference.

Navigating Through the Router Configuration

Pages

To get to the configuration pages, browse to the Router by entering the URL in the location bar of your browser. The default

URL is http://192.168.1.1

. If you changed the Router LAN

IP address during initial configuration, use the new IP address instead. When you have browsed to the Router, log in using your system password. The default password is ‘admin’.

Main Menu

At the left side of all screens is a main menu, as shown in

Figure 26

. When you click on a topic from the main menu, that page will appear in the main part of the screen.

Figure 26 OfficeConnect Secure Router Screen Layout

Option Tabs

Main Menu

■ Welcome — displays the firmware version of the Router and important messages on the Notice Board, allows you to change your password, and launch the Wizard.

■

■

■

■

■

■

■

■

Network Settings — allows you to set up Internet addressing modes such as PPPoE connection, dynamic IP address allocation and static IP address settings. Also allows you to configure LAN IP address and subnet mask information, set up DHCP server parameters, and display the DHCP client list.

Advanced Networking — allows you to set up Network

Address Translation (NAT), static routing, dynamic routing, and dynamic DNS.

Firewall — allows configuration of the Router’s firewall features: Virtual Servers, Special Applications, PC Privileges and other general security options.

Content Filtering — allows control of access to web sites on the internet.

VPN — Allows the administrator to set up and maintain

Virtual Private Network (VPN) connections.

System Tools — allows the administrator to perform maintenance activities on the Router.

Status and Logs — displays the current status and activity logs of the Router.

Support/Feedback — contains a comprehensive online help system and 3Com contact information.

Option Tabs

Each menu page may also provide sub-sections which are

accessed through the use of option tabs (see Figure 26

for example). To access an option, simply click on the required tab.

33


Getting Help

On every screen, a Help button is available that provides access to the context-sensitive online help system. Click this button for further assistance and guidance relating to the current screen.

Welcome Screen

The Welcome section allows you to view the Notice board and to change your Password. You can also gain access to the

Configuration Wizard. See

“Accessing the Wizard” on page 23

for details.

Viewing the Notice Board

The Notice Board, shown in

Figure 27 below, is used to display

important messages. For example, you would be warned if you had disabled the firewall feature or if the LAN and Internet addresses or subnets conflicted.

Figure 27 Notice Board Screen

34


Changing the Administration Password

You should change the password to prevent unauthorized access to the Administration System.

Figure 28 Password Screen

Setup Wizard

Figure 29 Wizard Screen

3

4

1

2

To change the password:

Enter the current password in the Old Password field.

Enter the new password in the New Password field.

Enter the new password again in the Confirm Password field.

Click Apply to save the new password.

The password is case sensitive.

35

Click the WIZARD... button to launch the configuration wizard.

Refer to

“Running the Setup Wizard”

on

page 23 for information

on how to run the wizard.

Network Settings

The Network Settings menu allows you to view and amend your

Router’s:

■

■

■

Connection to ISP.

LAN settings.

DHCP Clients list.


Connection to ISP

This option, shown in

Figure 30 , allows you to change the

method your Router uses to connect to your ISP. You should only need to change these settings if:

■ you change your Internet connection password (PPPoE only), or

■ your ISP informs you of a change in their settings or you change ISPs.

Figure 30 Connection to ISP Screen

Select the addressing method that your ISP uses to allocate your

Router’s Internet IP address. Choose from the options in the IP

Allocation Mode drop-down box and the screen will refresh with options relevant to that choice.

■

■

■

■

If you select Static IP address (to be specified manually) see

“Configuring a Static IP Address” on page 37 .

If you select Dynamic IP address (automatically allocated) see

“Configuring a Dynamic IP Address”

on

page 38 .

If you select PPPoE (PPP over Ethernet) see

“Configuring a

PPPoE connection” on page 39 .

If you select PPTP (used by some providers, mostly in Europe) see

“Configuring a PPTP connection”

on

page 40 .

If you are using One to One NAT your method of connection will already be fixed to Static. To change to another method of address allocation you must first turn off One to One NAT. See

“Setting up NAT” on page 44 .

Before you can configure the Router, you need to know the IP information allocation method used by your ISP. There are four different ways that ISPs can allocate IP information, as described below.

When you install the Router, you will not need to use the PPPoE software on your PC.

When you install the Router, you will not need to use the dialup

VPN on your PC anymore.

The Router will automatically ‘dial on demand’ PPPoE or PPTP and obtain date/time via NTP.

36


■

■

■

■

Static IP Address (DSL or Cable)

The ISP provides the IP addressing information for you to enter manually. To configure the Router you will need to know the following:

■

■

■

IP address

Subnet Mask

ISP Gateway address

■

DNS address(es)

Dynamic IP Address (DSL or Cable)

Dynamic IP addressing (or DHCP) automatically assigns the

Router IP information. This method is popular with Cable providers. This method is also used if your modem has a built in

DHCP server.

PPPoE (DSL only)

PIf the installation instructions that accompany your modem ask you to install a PPPoE client on your PC, then select this option. To configure the Router you will need to know the following:

■

■

■

Username

Password

Service Name (if required by your ISP)

PPTP (DSL or Cable)

PPTP is used by some providers, mostly in Europe. If the installation instructions that accompany your modem ask you to setup a dialup connection using a PPTP VPN tunnel then select this option. To configure the Router you will need to know the following:

37

■

■

■

Username

Password

VPN server address (usually your modem).

Configuring a Static IP Address

If your ISP has allocated you one or more static addresses you will have selected Static IP address (to be specified manually) as your IP Allocation Mode.

Figure 31 Static Address Setup Screen


The following settings are required to set up Static IP address connection. Enter the values provided by your ISP:

■ IP Address — The address allocated by your ISP for this connection.

If you have been allocated a range of IP addresses by your ISP enter the first IP address in the range.

■

■

■

■

Subnet Mask — The subnet mask supplied by your ISP for this connection.

ISP Gateway Address — The Gateway address from your ISP to the Internet.

Primary DNS Address — The address of your ISP’s Domain

Name Service server.

Secondary DNS Address — The address of your ISP’s secondary Domain Name Service server. The second server is optionally provided by an ISP in case of failure of the primary server.

Click Apply to save any changes you have made.

Configuring a Dynamic IP Address

If your ISP has allocated you a dynamic address using DHCP you will have selected Dynamic IP address (automatically allocated) as your IP Allocation Mode.

Figure 32 Dynamic Address Setup Screen

To setup the Router for use with a dynamic IP address connection the following settings are configured:

■ IP Address — The internet address allocated by your ISP for this connection is automatically configured and is not editable.

38


■

■

■

■

■

■

Subnet Mask — The subnet for the address is automatically configured but is not displayed.

ISP Gateway Address — The Gateway address from your ISP to the Internet is automatically configured but is not displayed.

Primary DNS Address — If your ISP requires the address of a

Primary DNS Server then enter it in the field labelled Primary

DNS Address.

Secondary DNS Address — If your ISP requires the address of a Secondary DNS Server then enter it in the field labelled

Secondary DNS Address, otherwise leave the box blank.

Host Name — The Host Name of your computer may be required by your ISP.

Clone MAC Address — Your ISP may require you to have a particular MAC address. This will be the MAC address of the computer you first used to connect with your ISP.

Click Apply to save any changes you have made.

Configuring a PPPoE connection

If your ISP has allocated you a dynamic address using PPPoE you will have selected PPPoE (PPP over Ethernet) as your IP Allocation

Mode.

Figure 33 PPPoE Setup Screen

39

Your ISP may need you to enter host name or PPPoE settings. To setup the Router for use with a PPPoE connection the following fields will need to be completed:

■

■

IP Address — The internet address allocated by your ISP for this connection is automatically configured and is not editable.

PPPoE User Name — The user name you use to access your

ISP.


■

■

■

■

■

■

PPPoE Password — The password you use to access your ISP.

PPPoE Service Name — Your ISP may require you to specify a service name for your connection.



DNS Address.



Host Name — The Host Name of your computer may be required by your ISP.

Maximum Idle Time — The amount of time without activity before the Router terminates the Internet connection.

Since the Router firmware contains its own PPPoE client, you no longer need to run PPPoE client software on your computer to access the Internet. You can simply start your browser and connect to the Internet immediately after setting up your cable or DSL modem.

Configuring a PPTP connection

If your ISP has allocated you a dynamic address using PPTP you will have selected PPTP (used by some European providers) as your IP Allocation Mode.

Figure 34 PPTP Setup Screen

To setup the Router for use with a PPTP connection the following fields will need to be completed.

■

■

IP Address — The internet address allocated by your ISP for this connection is automatically configured and is not editable.

PPTP Server Address - This is typically the address of your modem.

40


■

■

■

■

■

PPTP User Name - The user name you use to access your ISP.

PPTP Password - The password you use to access your ISP.



DNS Address.



Maximum Idle Time - The amount of time without activity before the Router terminates the Internet connection.

Initial IP Address and Initial Subnet Mask - IP settings must be used when establishing a PPTP connection. Alternatively, if the

PPTP server is located in your DSL modem, click Suggest to select an IP address on the same subnet as the PPTP server.

LAN Settings

The LAN Settings screen allows you to change the TCP/IP settings of your Router and its DHCP server.

Figure 35 Unit Configuration Screen

Changing the LAN Settings

These settings will have been entered during the set-up wizard when the device is first used. You only need to change these if you reconfigure your network. If you make any changes, click

Apply to save them to the Router.

When changing the IP Address of the Router choose an address that will be unique in your network and in your network’s subnet. The default IP Address of the Router is 192.168.1.1.

When you change the IP Address of the Router you must reboot all computers that gain their IP address from the Router before they will be able to access the Internet.

41


If you are using static addresses for your PCs you must alter the network configuration on each PC so that they have an IP address within the same subnet as the Router and have their default Gateway set as the Router’s LAN IP address.

If you reconfigure your network you may need to change your

Subnet Mask. The Subnet Mask detemines how many addresses are available to your network. The default Subnet Mask is

255.255.255.0.

For example if the IP Address of your Router is 192.168.1.1 and the Subnet Mask of your network is 255.255.255.0 then your network can have a maximum of 254 addresses from

192.168.1.1 to 192.168.1.254 (192.168.1.0 and 192.168.1.255 are reserved by the subnet and are not available for use).

When you change the IP Address or Subnet Mask of the Router you should review the DHCP Server settings as described below.

Changing the DHCP Server Settings

This section allows to you enable, disable and configure the settings of the Router’s DHCP server.

If you intend to use the Router to control the permissions of individual machines on your network then you must use the

Router’s DHCP server to allocate addresses (or use static addressing). If you use another DHCP server you may get unexpected results. See

“PC Privileges” on page 50

.

To enable the DHCP Server ensure that the Enable check box is ticked. To disable the DHCP Server ensure that the Enable check box is cleared. Click Apply to validate your changes.

Set the IP Pool Start Address and IP Pool End Address to the first and last address you want the Router to allocate to computers.

The IP address pool must be contained within the subnet as

defined in “Changing the LAN Settings” on page 41. The default

start and end addresses are 192.168.1.100 and 192.168.1.200.

The Local Domain Server is set to Domain as default.

If you have a WINS Server on your network enter its IP address in the WINS Server box. The Router will pass this information on to all Windows PCs that obtain an address from its DHCP server.

If you have a 3Com NBX Call Processor on your network enter its

IP address in the 3Com NBX Call Processor box. The 3Com NBX

Call Processor acts as a switchboard for voice-over-IP phones and the Router will pass on this information.

If you will be using One-to-One NAT you must set up a range that is one less than the number of public addresses allocated to you by your ISP. The DHCP range must also be identical to the

range specified when you set up One-to-One NAT. See “Setting up One-to-One NAT” on page 45 .

DHCP Clients List

The DHCP Clients List screen provides details of the devices that have been given IP addresses by the Router’s DHCP server. For each device that has been granted a lease, the IP address, Host

Name and MAC address of that device is displayed.

42


Figure 36 DHCP Clients Screen

The Router grants leases for 7 days. If a computer does not connect for a week, its IP Address may be reused.

The Router will attempt to supply a computer the same lease as was issued previously, even if that lease has expired.

Expired leases are only reused when there are no free leases available. When an expired lease is re-issued the oldest lease that is not a fixed association is used.

The Release button allows the lease for an IP address that has been issued to a device to be cleared. If you are running short of addresses in the DHCP Pool and you know of computers that are unlikely to connect to your network soon you can release the IP address allowing it to be reallocated to another machine.

43

If you have spare or expired IP addresses in the pool you will not need to release addresses.

The IP Address, Host Name and MAC Address indicate the address that has been allocated. They identify the machine by name and by the unique number (MAC Address) of the machine’s network card.

The Fixed Association check box allows you to freeze the relationship between an IP address and a particular machine. If you check the box for one row, that IP address will always be given out to the same machine and will not be allocated to another machine even if the lease has expired. Clear the check box to allow the address to revert back to normal behavior.

Click Refresh to save any changes you have made.

Click New to allocate an IP address to a MAC address. Click Add to save.

Figure 37 Fixed DHCP Mapping Screen


Advanced Networking

Setting up NAT

The Router is able to perform Network Address Translation (NAT) in one of two modes as shown in

Figure 38

:

■

■

One-to-many NAT — The Router shows only one address to the Internet.

One-to-one NAT — Every address on the Internet pool is linked to an address in the LAN pool. The Router will respond to all the addresses in the Internet pool.

Figure 38 One-to-Many and One-to-One NAT

One-to-Many NAT

172.16.57.52

192.168.1.100

192.168.1.101

192.168.1.102

One-to-One NAT

172.16.57.52

172.16.57.53

172.16.57.54

192.168.1.100

192.168.1.101

192.168.1.102

44


Setting up One-to-Many NAT

Figure 39 Network Address Translation Screen

1

2

This is very easy to set up and is the Router’s default mode. It works with any IP Allocation Mode and will map all the addresses on your LAN to the Internet address of your Router. To set up One-to-Many NAT:

Select One-to-Many NAT from the NAT Mode drop-down box.

Click Apply to save your changes.

45

Setting up One-to-One NAT

The following criteria must be met to be able to use One-to-One

NAT:

■ You must have a static Internet IP address for every computer on your network plus one for the Router itself.

■

■

The addresses must be in one continuous block in the same subnet

You must have selected Static IP Address as your IP Allocation

Mode and have given your Router the first of the Internet addresses allocated by your ISP.

Figure 40 One-to-One NAT Screen


1

2

3

4

To set up One-to-One NAT:

Select One-to-One NAT from the NAT Mode drop-down box.

Enter the second address of your Internet range of addresses in the First IP Address in ISP Pool field.

Enter the first address in your LAN range of addresses to which you want to map this range in the First IP Address in LAN Pool field.

3Com recommends that you set your DHCP pool to the same as the range of LAN addresses used as your LAN pool.

Enter the number of addresses in the range into the Pool Size field.


5

Static Routing

3

4

1

2

Setting up Static Routing

The Router supports up to 10 static routes in total, shared between LAN and WAN interfaces. WAN side static routes are only available if the mode of connection to your ISP is Static or

Dynamic (DHCP Client mode).

To set up Static Routing:

Select New on the right side of the screen to open the Static

Routing configuration dialogue box.

Enter the IP address of the Destination Network (e.g.

192.168.20.0).

Enter the IP address of the Subnet Mask (e.g. 255.255.255.0).

Enter the IP address of the Gateway Address (e.g. 192.168.1.25).

46

5

6

Select the location of the Destination Network in relation to the

Router (either LAN or WAN) from the Location drop down box.


The list of all routes (static and dynamic) are listed in the Status and Logs section.

Figure 41 Static Routing Screen


Dynamic Routing

The Router provides support for RIPv1, RIPv2 or both for each interface, for sending and receiving data, LAN routes are sent on the LAN subnet, and WAN routes are sent on the WAN subnet.

From the Dynamic Routing screen you can enable the Router to automatically adjust to physical changes in the networks layout.

Using the RIP protocols, the Router determines the network packets’ route based on the fewest number of hops between the source and the destination. The RIP protocol regularly broadcasts routing information to other devices on the network.

1

2

Setting up Dynamic Routing

To set up Dynamic Routing:

Select a Service from the pull-down list.


The list of all routes (static and dynamic) are listed in the Status and Logs section.

Figure 42 Dynamic Routing Screen

47


Dynamic DNS

The Router provides a list of dynamic DNS providers for you to choose from. Dynamic DNS is disabled by default.

Figure 43 Dynamic DNS Screen

5 Click Apply to save your changes.

Configuring the Router

On the main frame of the Firewall setup screen is a menu with four tabs: Virtual Servers, PC Privileges, Special Applications, and

Advanced. These enable you to set the access to and security of your network.

The Virtual Servers Menu

Selecting the Firewall option on the main menu displays the

Virtual Servers screen. (

Figure 44 )

Figure 44 Virtual Servers Screen

2

3

4

1

Setting up Dynamic DNS

To set up Dynamic DNS:

Check the Enable Dynamic DNS box to open the Dynamic DNS settings screen.

Enter your User Name and Password.

Select a Dynamic DNS Provider from the pull-down list.

Enter the DNS Host Name.

48


Creating a Virtual DMZ

A virtual DMZ (De-Militarized Zone) Host is a computer on your network with reduced protection provided by the firewall. This feature allows a single computer to be exposed to 2-way communication from outside of your network in One-to-Many

NAT mode. The PC is still protected against DoS and hacker attacks.

CAUTION: This feature should be used only if the Virtual Server or Special Applications options do not provide the level of access needed for certain applications.

To specify one of your computers as a DMZ host, select Redirect

Request to Virtual DMZ Host and enter the IP address of the computer in the IP Address of DMZ Host text box, and then click

SAVE.

Creating a Virtual Server

Activating and configuring a virtual server allows one or more of the computers on your network to function as an Internet service host. For example, one of your computers could be configured as an FTP host, allowing others outside of your office network to download files of your choosing. Or, if you have created a Web site, you can configure one of your computers as a Web server, so that others can view your Web site.

If you are using One-to-Many NAT you can only have one server of each type on your network. To have more than one server of a type (for example more than one web server) visible to the

Internet you must be using One-to-One NAT.

1

2

3

To configure a virtual server:

Click New on the right side of the Virtual Servers screen to open

the Virtual Server Settings dialogue box. ( Figure 45

).

Enter the IP address of the computer in the Server IP Address text box.

Select the Service from the pull-down list.

Figure 45 Virtual Servers Settings Screen

If you select Custom, the screen shown in

Figure 46 displays.

Specify a suitable name for the service and then enter the port numbers required for that service. If a service requires more than one port number enter the multiple ports as a comma separated list or a range e.g. 51,52,54-59.

49


Figure 46 Custom Setup Screen The Router’s DHCP server has been enhanced to support PC

Privileges. If you want to control access to the Internet on a user by user basis then you should either use the Router’s DHCP server or static addressing.

Figure 47 PC Privileges Screen

4

5

Select either All WAN PCs can access this server, or Authorized

Remote IP Address(es). If you select Authorized Remote IP

Address(es), you must specify an IP address or a range of addresses. For example, 162.223.41.12-162.223.41.15 gives access to all IP addresses in this range.

Click Add to save the settings.

PC Privileges

Access from the local network to the Internet can be controlled on a PC-by-PC basis. In the default configuration the Router will allow all connected PCs unlimited access to the Internet.

PC Privileges allows you to assign different access rights for different computers on your network, restricting this access and controlling your users’ access to outside resources.

Select PC Privileges to display the PC Privileges setup screen. This is shown in

Figure 47 below.

1

2

3

To use access control for all computers:

Click the Control PC Access to the Internet radio button.

Click on All PCs to setup the access rights for all computers connected to the Router.

Check the box of a service to authorize it. Clear the box to deny

the service. See Figure 48 .

50


Figure 48 All PCs Setup Screen 3

4

Enter the IP address of the computer in the PC’s IP Address text box.

Check the box of a service to authorize it. Clear the box to deny the service. See

Figure 49 .

Figure 49 PC Privileges Setup Screen

4

5

Either:

■ Enter the additional services that you wish to allow in the

except (specify ports) box and set the drop down box to

Allow.

■ Enter the services that you wish to deny in the except (specify

ports) box and set the drop down box to Deny.

Enter multiple ports as either a comma separated list e.g. 101,

105, 107, or as a range, e.g. 101-107.

Click Apply to save the settings.

1

2

To assign different access rights for different computers:

Click the Control PC Access to the Internet radio button.

Click New to display the PC Privileges setting screen.

51

5

6

Either:

■

■

Enter the additional services that you wish to allow in the

except (specify ports) box and set the drop down box to

Allow.

Enter the services that you wish to deny in the except (specify

ports) box and set the drop down box to Deny.

Enter multiple ports as either a comma separated list e.g. 101,

105, 107, or as a range, e.g. 101-107.

Click Apply to save the settings.


Example:

Allowing only web and E-mail access.

To allow web and E-mail access and block all other services across the Router’s firewall:

■

■

■

■

Ensure that the Control PC Access to the Internet radio button is selected.

Click on All PCs to pop up the PC Privileges window.

Ensure that the Email (110,25) and Web (80) boxes are checked and that other check-boxes are left cleared.

Set the Block or Allow other services: drop-down box to Block other services.

For the purposes of this example, your users also need to access a test server on port 8000. To allow this:

■

■

Enter the number 8000 in the except (specify ports): box.

Click Apply to save your changes and close the PC Privileges window.

VPN connections to other networks are unaffected by settings in

PC Privileges. To allow or deny VPN connections to other networks see

“Configuring VPNs” on page 58 .

Special Applications

Select Special Applications tab to display the Authorized

Application setup screen. See

Figure 50 below.

Figure 50 Special Applications Screen

Some software applications need a connection to be started from the Internet — an act that is usually blocked by the Router’s firewall.

52


So that these special applications can work properly and are not blocked, the firewall needs to be told about them. In each instance there will be an outgoing trigger which tells the

Router’’s firewall that the application has started and to allow the incoming connections.

Each defined Special Application only supports a single computer user and any incoming ports opened by a Special Application trigger will be closed after 20 minutes of inactivity for TCP/IP connections or 10 for UDP/IP connections.

For each special application configured by the Router, a row is added to the table. Each row contains the following items:

■

■

■

Delete button — Deletes the special application on that row.

This will prevent the Router’s firewall from opening to that connection.

Authorized Applications — Each special application is named.

This name is not used by the Router and is only to enable you to identify the connection. Clicking the name of a connection displays the Special Application Setup screen. See

“Adding and Editing Special Applications”

below.

Trigger Port — This is the TCP/IP port number that the Router uses to recognize that the application has started.

Additionally there are two buttons outside the table:

■

■

Help — displays the online help page for this screen.

New — creates a new special application. See “Adding and

Editing Special Applications” below.

1

Adding and Editing Special Applications

Click on the New button to create a new special application or on the name of a special application to edit the settings for that application.

Figure 51 Special Application Settings Screen

2

3

Select the applications from the Choose Application drop-down box. See

Figure 51 . If the application you want to define is not in the list select Custom and see “Creating Custom Special

Applications”

below.

Click Add to add the special application to the list of protocols or

Close to abort your selection and return to the Special

Applications screen.

Depending on the settings you have made in PC Privileges the

Special Application you have defined may not be allowed across

the Router. See “PC Privileges” on page 50 .

Creating Custom Special Applications

If your special application is not listed in the Choose Application drop-down box you can still configure it manually. Select Custom from the Choose Application drop-down box and the Special

53


Application Setup Screen gains the extra fields needed to describe a custom special application. These are shown in

Figure 52

below.

Figure 52 Custom Special Applications Setup Screen

■

■

Application Name — Each special application is named and will detect the ports that need to be opened so you do not need to specify them. This name is not used by the Router and is only to enable you to identify the connection.

Trigger Port — This is the TCP/IP port number that the Router uses to recognize the outgoing packet that starts special application session. Your application provider can provide you with this information.

The Router allows Trigger Ports that are a single value or a range of values but not a list. So ‘6599’ and ‘6577-6587’ are both valid but ‘6577, 6579, 6582’ is not.

■

■

Specify Protocol — Select the protocol (TCP or UDP) that your special application uses. Your application provider can provide you with this information.

Multiple Hosts Allowed — If your application provider uses more that one IP address during a session or responds from

54 an address different to the one you use to start the special application then you must ensure that the Multiple Hosts

Allowed box is checked. Otherwise leave it clear. Your application provider can provide you with this information.

CAUTION: Selecting Multiple Hosts Allowed weakens the security that your Router’s firewall is able to provide and should only be used if the special application requires it.

■ Timeout — Enter the number of seconds the Router should wait for the first reply from the special application server before it abandons the connection.

The default Timeout is three seconds. If you find that connections are being dropped enter a higher value.

■ Session Chaining — Some special applications need to take control of a session. If the special application you wish to run requires this, ensure that Session Chaining is enabled, otherwise ensure that it is disabled.

CAUTION: Allowing Session Chaining weakens the security that your Router is able to provide and should only be used if the special application requires it.

■ Address Translation Type — If your special application provider embeds IP addresses in TCP or UDP packets you will have to enable address translation on the appropriate protocol type.

Your application provider can provide you with this information.

When you have configured your special application click Add to save your changes or Close to quit without making any changes.


Advanced

Select Advanced to display the Advanced Settings screen. See

Figure 53

below.

Figure 53 Advanced Settings Screen

The Internet connects millions of computer users throughout the world. The vast majority of the computer users on the Internet are friendly and have no intention of breaking into, stealing from, or damaging your network. However, there are hackers who may try to break into your network.

The options on this screen enable you to allow PING from the internet and to disable the firewall as shown below:

■ Allow PING from the Internet — PING is a utility, which is used to determine whether a device is active at the specified

IP address. PING is normally used to test the physical connection between two devices, to ensure that everything is working correctly.

By default the Router has PING disabled so that it does not respond to PING requests. This makes the device more difficult to find on the Internet and less prone to attack.

This feature is enabled by clicking on the check box so that a tick can be seen and then selecting Apply.

3Com recommends that you leave Allow PING from the Internet disabled as this provides greater security.

■ Disable SPI Firewall — The firewall feature detects attack patterns used by hackers on the Internet and once detected will block their access to your network. The firewall feature is disabled by clicking on the check box so that a tick can be seen and then clicking Apply.

3Com recommends that you leave the firewall feature enabled

(checkbox cleared) for normal use. You may wish to turn it off for diagnostic purposes.

55


Content Filtering

Select Content Filtering to display the Content Filtering Settings screen. See

Figure 54 below. When the Content Filter Mode is set

to Block all sites only allowed sites can be viewed.

Figure 54 Content Filtering Screen

Allow/Block Lists

Select Enable Content Filtering on the Filter Settings screen and check the required content filter mode. Select the Allow/Block

Lists tab to display the Allow/Block List screen. See Figure 55

below.

Figure 55 Allow/Block Lists screen

56

1

2

3

To set up a list of sites:

Click EDIT to display the Content Filtering Edit List. See

Figure 56

below.

Enter the URLs of sites that are allowed to be viewed or blocked depending on the chosen content filtering mode.



Figure 56 Content Filtering Edit List Screen Figure 57 Filter Policy Settings Screen

Filter Policy

Select the Filter Policy tab to display the Filter Policy screen. See

Figure 57

below.

1

To set up the same content filtering policy for all PCs on the network:

Check the All PCs have filtered web access box.

To set up which PCs have the content filtered:

1

2

Check the Control which PCs have their web access filtered box.

Check the Filtered or Full Access box against each PC as

required. See Figure 57

below.

57

1

2

3

To set up a New Filter Policy:

Click New to open the Filter Poilcy Settings screen (

Figure 58

).

Enter the PC’s IP address.

Check a Policy for that PC.

Figure 58 Filter Policy Settings Screen


Configuring VPNs

Virtual private networks (VPN) provide an encrypted connection

(or tunnel) between networks or between a network and a user over a public network (such as the Internet). Instead of using a dedicated, real-world connection such as leased line, a VPN uses virtual connections through the public network. The Secure

Router supports both network to network connections and network to remote client connections.

There are two modes of operation, pass-through and server. The

Router supports IPSec tunnels, L2TP over IPSec, and PPTP connections and allows VPN pass-through to enable other secure devices on your network to set up their own secure connections.

Your Cable/DSL modem and your ISP must support IPSec pass-through, L2TP over IPSec pass-through or PPTP pass-through for you to be able to use these protocols.

To allow VPN pass-through, you must configure a virtual server.

See

“The Virtual Servers Menu” on page 48 for details of how to

configure pass-through protocols.

Setting the VPN Mode

The Router supports three modes of VPN operation:

■ IPSec Enabled — IPSec (Internet Protocol Security) is a complex secure protocol with a variety of different encryption methods. When setting up an IPSec connection between two devices they must support the same encryption method.

58

■

■

L2TP over IPSec Enabled — L2TP over IPSec is a combination of two protocols. A user is authenticated (using L2TP) and encrypts data (using IPSec). See

“L2TP Configuration” on page 59

. L2TP does not support gateway to gateway connections and is only suitable for connecting remote users

PPTP Server Enabled — PPTP (Point-to-Point Tunnelling

Protocol) is an encrypted VPN protocol like IPSec. It is not as secure as IPSec but is easy to administrate. PPTP does not support gateway to gateway connections and is only suitable for connecting remote users.

Enabling IPSec VPN will disable pass-through to IPSec and

L2TP/IPSec Virtual Servers on the LAN. Enabling L2TP over IPSec will disable pass-through to IPSec and L2TP/IPSec Virtual Servers on the LAN. Enabling the PPTP server will disable PPTP pass-through to a Virtual Server on the LAN. Pass-through outbound from clients on the LAN to servers on the internet is unaffected.

A VPN Tunnel needs the same protocol on both sides of the connection. If you are trying to establish an IPSec connection with another gateway device or with a user, the other gateway device must support IPSec or the user must have software installed that supports IPSec VPN.

The VPN Mode menu is shown in

Figure 59 below. Choose from

the options by clicking in the appropriate radio button under

VPN Server Setup.

IPSec Configuration

In the IPSec Configuration field, enter This Router’s ID as an

Internet IP address or name of the Router that you are configuring. This value is common across all IPSec connections


1 but does not apply to PPTP connections. If PPTP only is enabled,

This Router’s ID field does not appear.

If you require main mode IPSec connections then this value must be the public IP address of the Router.

Figure 59 VPN Mode Screen

L2TP Configuration

If you have enabled L2TP over IPSec you must enter the following items:

In the IPSec Configuration field, enter This Router’s ID as an

Internet IP address, the DNS address of the unit or the name of the Router that you are configuring. This value is common across

2

3

4 all IPSec connections but does not apply to PPTP connections. If

PPTP only is enabled, This Router’s ID field disappears.

In the Router ID type field, Select one of the following:

■

■

■

IP address (default). This should be the public WAN address of the Router.

The DNS address of this unit.

■ A name for this unit. Used when it is not possible to use one of the other modes, for example, if the IP address keeps changing.

In the L2TP Configuration field, enter: the Domain Name as an IP address. A Domain Name locates a website on the Internet.

■

■

The IPSec Shared Key. This is the key for the connection and is a combination of letters, numbers and punctuation and can be up to 64 characters in length. 3Com recommends that the key and password are not the same. The user will need to know the IPSec Shared Key to enable connection.

In the Encryption Level field, choose the encryption type from

DES, 3DES or AES. 3DES is more secure than DES but may take longer to encrypt and decrypt. AES provides the highest security but will take longer than 3DES to encrypt and decrypt.

3DES and AES are not shipped with the Router as standard due to international restrictions on encryption. If your country permits their use they can be downloaded from the 3Com web site at http://www.3com.com/

To set up the Router for L2TP over IPSec you must allocate IP addresses from the Router’s LAN for use with L2TP over IPSec.

59


5

The connections made by L2TP over IPSec will appear to come from these addresses. The addresses must be in a continuous range.

In the Address Pool for PPTP and L2TP clients field enter:

■ The first LAN address you wish to reserve for L2TP over IPSec in the First Remote IP Address field.

■ The last LAN address you wish to reserve for L2TP over IPSec in the Last Remote IP Address field.

If both PPTP and L2TP over IPSec modes are selected, then the

Address Pool is the same for both clients.

These addresses must be within the Router’s LAN subnet and must not form part of the DHCP pool.


PPTP Configuration

To set up the Router for PPTP you must allocate IP addresses from the Router’s LAN for use with PPTP. The connections made by PPTP will appear to come from these addresses. The addresses must be in a continuous range.

In the Address Pool for PPTP and L2TP clients field enter:

■

■

The first LAN address you wish to reserve for PPTP clients in the First Remote IP Address field.

and

The last LAN address you wish to reserve for PPTP clients in the Last Remote IP Address field.

If both PPTP and L2TP over IPSec modes are selected, then the

Address Pool is the same for both clients..

These addresses must be within the Router’s LAN subnet and must not form part of the DHCP pool.


Viewing VPN Connections

The VPN Connections Screen shows information about the IPSec,

L2TP over IPSec, and PPTP connections made by the Router. It also allows you to add, delete, edit and temporarily disable these connections.

Figure 60 VPN Connections Screen

60


For each connection configured for the Router, a row is added to the table. Each row contains the following items:

■

■

■

■

■

■

Delete button — deletes the VPN connection on that row.

This will prevent the device or user from establishing a secure connection with the Router in future.

Name — Identifies the tunnel. Clicking the name of a connection displays the Edit VPN Connection screen. See

“Adding and Editing VPN Connections” below.

Description — A text description that enables you to identify a connection. This field in the table additionally displays whether the connection is currently active.

Type — Indicates the type of connection.

Enabled — This check box allows you to enable or disable a connection without deleting it and thus losing the connection details. Check this box to enable a connection. Clear this box to disable the connection. If the connection is active it will be disconnected.

Test — attempts to establish a connection (in Gateway to

Gateway mode only).

Additionally there are three buttons outside the table:

■

■

■

Help — displays the online help page for this screen.

Refresh — updates the contents of the window allowing you to see the current status of connections.

New — creates a new VPN connection. See

“Adding and

Editing VPN Connections” below.

Adding and Editing VPN Connections

This screen also allows you to add new IPSec, L2TP over IPSec and PPTP connections and to edit existing ones. When adding or amending values on this screen remember that both sides of an

IPSec, L2TP over IPSec or PPTP connection must contain the same information.

An IPSec, L2TP over IPSec or PPTP connection cannot therefore be activated until both ends of the tunnel have been configured.

■

■

■

Connection Type — choose either Gateway to Gateway (only available with IPSec) to connect to another Gateway, Firewall or Router or Remote User Access to create a connection for a remote computer.

Tunnel Type — Choose either IPSec (either Remote User

Access or Gateway to Gateway), L2TP over IPSec or PPTP.

Description — a description of the connection. This can be different on each Router as it is not used in the connection.

If the remote site has another Gateway, Firewall or Router with an established IPSec, L2TP over IPSec or PPTP connection then there is no need to create a connection for a remote user on that site.

If you configure an IPSec connection for a remote computer then that computer will require software that supports IPSec. If you configure an L2TP over IPSec or PPTP connection for a remote computer then you should contact Microsoft for information on whether an upgrade is required.

61


Depending on which Tunnel Type you have selected, choose from the following to edit or add the remaining fields:

■

■

■

■

“IPSec Connections using Remote User Access” on page 62

“IPSec Connections using Gateway to Gateway” on page 63

“L2TP over IPSec Connections”

on

page 65

“PPTP Connections” on page 66

I PSec Connections using Remote User Access

If you have selected IPSec as a Tunnel Type and Remote User

Access as a Connection Type, enter the following values:

■

■

■

Connection Name — Enter a descriptive name for the connection.

Remote User ID — Enter the Remote User ID. This must be entered identically on the IPSec software installed on the client’s machine.

Tunnel Shared Key — this is the password for the connection and is a combination of letters, numbers and punctuation and can be up to 64 characters in length.

Figure 61 IPSec Connection - Remote User Access

■ Encryption type — choose the encryption type from DES,

3DES or AES. 3DES is more secure than DES but may take longer to encrypt and decrypt. AES provides the highest security but will take longer than 3DES to encrypt and decrypt.


■

■

Exchange keys using — choose the encryption method used to exchange shared keys. Diffie-Hellman Group 5 and

Diffie-Hellman Group 2 are more secure but less common than Diffie-Hellman Group 1.

Use Perfect Forward Secrecy — Choose whether to use perfect forward secrecy. Using perfect forward secrecy will change the encryption keys during the course of a connection

62

dua08609-5aaa01.book Page 63 Thursday, September 11, 2003 12:15 PM making the tunnel more secure but slowing data transfer. To enable perfect forward secrecy ensure that the Use Perfect

Forward Secrecy box is checked. To keep the same key for the length of a connection leave the box unchecked.

Click Apply to save your changes or Close to return without saving.

IPSec Connections using Gateway to Gateway

If you have selected IPSec as a Tunnel Type and Gateway to

Gateway as a Connection Type, enter the following values:

■

■

■

Remote IPSec Server ID — The ID of the remote server. In the case of another 3Com Secure Router this is the This Router's

ID field on the VPN Mode page.

Remote IPSec Server Address — enter the Internet IP address

or DNS name of the remote device (Figure 62). A DNS name

may only be entered if it is the same as the Remote IPSec

Server ID in the box above.

Remote Network address — enter the LAN IP address of the remote network. This is the first IP address of a subnet, one below the first address available for use.

Figure 62 IPSec Connection - Gateway to Gateway

63

If the remote device has a LAN IP address of 192.168.1.1 and a subnet mask of 255.255.255.0 then the LAN IP address of the remote subnet is 192.168.1.0.

The devices must be configured with LAN IP address ranges that do not overlap.

■

■

Remote Subnet Mask — this is set as 255.255.255.0 as default.

Tunnel Shared Key — this is the password for the connection and is a combination of letters, numbers and punctuation and can be up to 64 characters in length.

If you are creating a Gateway to Gateway connection you have no need to remember the Tunnel Shared Key once the tunnel is established and do not have to make the key a memorable password.


■ Encryption type — choose the encryption type from DES,

3DES or AES. 3DES is more secure than DES but may take longer to encrypt and decrypt. AES offers the highest security but will take longer than 3DES to encrypt and decrypt.


■

■

■

■

Hash Algorithm — choose either SHA-1 or MD5 from the drop-down list. Both ends of the connection must use the same value.

Exchange keys using — choose the encryption method used to exchange shared keys. Diffie-Hellman Group 5 and

Diffie-Hellman Group 2 are more secure but less common than Diffie-Hellman Group 1.

Renegotiate after (seconds) — this controls how often the connection will be renegotiated (and the encryption key changed). Longer periods are less secure but may be useful for connections to older equipment which does not have the processing power to negotiate frequently. The default value is

600 seconds (10 minutes).

Use Perfect Forward Secrecy — Choose whether to use perfect forward secrecy. Using perfect forward secrecy will change the encryption keys during the course of a connection making the tunnel more secure but slowing data transfer. To enable perfect forward secrecy ensure that the Use Perfect

Forward Secrecy box is checked. To keep the same key for the length of a connection leave the box unchecked.

64

■ Use IKE keep-alive — when checked the gateway will attempt to ensure that this tunnel remains operational once it has been established, even if there is no traffic on it. This is useful for tunnels where only one end can establish the connection

(eg one end of the tunnel is on a dynamic IP address, in this case set IKE keep-alive on the 'dynamic' end of the tunnel).

Example:

Setting up an IPSec connection between two Secure

Routers.

Secure Router One is located at the head office and is configured with the following settings:

■

■

■

Internet IP address: 174.19.201.162

LAN IP address: 192.168.1.1

LAN Subnet Mask: 255.255.255.0

Secure Router Two is located at the sales office and is configured with the following settings:

■

■

■ Internet IP address: 172.27.34.202

LAN IP address: 192.168.2.1

Remote Subnet Mask: 255.255.255.0

1

2

To set up an IPSec Connection between the two Secure Routers, do the following on each device:

Select IPSec Enabled from the VPN Mode screen.

Enter the Internet IP address of the Router you are configuring in the This Router’s ID field.

a b

Enter 174.19.201.162 on Router One.

Enter 172.27.34.202 on Router Two.


3

4

5

6

7

8

9

10

11

12

Switch to the VPN Connections screen and click New.

Ensure that the Gateway to Gateway radio button is selected.

The remote Secure Router used in this example could be any other IPSec-terminating VPN enabled device, e.g. a 3Com

SuperStack 3 Firewall.

Check that IPSec is selected as the Tunnel Type.

In the Tunnel Description field enter: Connection from head office to sales office.

In the Remote IPSec Server ID field enter the ID of the REMOTE

Router.

a b

Enter 172.27.34.202. on Router One

Enter 174.19.201.162 on Router Two

Enter the Internet IP address of the other Secure Router in the

Remote IPSec Server Address field.

a b



Enter the IP address of the other LAN subnet in the Remote

Network address field.

a b



In this example, the Remote Subnet Mask is a default setting of

255.255.255.0; this is the subnet mask on the LANs of the two devices.

Enter a password in the Tunnel Shared Key field in both

Gateways e.g. TYP0249//23b.

Choose 3DES as the Encryption Type.

65

15

16

17

18

13

14

Choose SHA-1 as the Hash Algorithm.

Choose Diffie-Hellman Group 2 (1024- bit) in the Exchange Keys

Using drop-down box.

Set Renegotiate After (seconds) to 600.

Ensure that the Use Perfect Forward Secrecy box is checked

Leave the Use IKE Keep-Alive box unchecked

Click Add to save your new connection or Close to return without saving.

L2TP over IPSec Connections

If you have selected L2TP over IPSec as your Tunnel Type, enter

the following values. See Figure 63

:

■

■

User Name — This is the username that the remote VPN client will use to connect.

Password — The password that will need to be supplied to connect.

Figure 63 L2TP over IPSec Connections


Click Apply to save your changes or Close to return without saving. When you have created a user account the user will need to know in order to enable connection.

PPTP Connections

If you have selected PPTP as a Tunnel Type, enter the following:

■

■

Username — This is the username that the remote VPN client will use to connect.

Password — The Password that the user will need to supply

to connect. (Figure 64)

When you have created a user account the user will need to know the User Name and Password you have given them.

Figure 64 PPTP Connections


Editing IPSec Routes

The IPSec Routes tab is only displayed when IPSec Enabled is selected on the VPN Mode screen. This screen allows you to add

and replace networks in the existing IPSec Route. See Figure 65

1

2

3

4

To do this:

Select edit to display the Edit Route screen. ( Figure 66 ).

Click in the table and add a new Network and Subnet Mask entry.

Leave the Negotiate all subnets whenever tunnel is triggered check box blank, unless the remote subnet cannot open the connection, and needs to try more than one subnet.


The gateway for a remote network must also be set to use the

VPN tunnel to access your local network. Therefore, if you include a subnet for a remote network in your IPSec route then the remote network must also include your subnet in its IPSec route also.

The screens to edit and add a PPTP user contain the same fields.

66


Figure 65 IPSec Routes

Accessing the System Tools

The System Tools menu includes four administration items:

Restart, Time Zone, Diagnostics Tools, Configuration, and

Upgrade. See Figure 67 .

Restart

Pressing the Restart the Gateway button has the same effect as power cycling the unit. No configuration information will be lost but the log files will be erased. This function may be of use if you are experiencing problems and you wish to re-establish your

Internet connection.

Figure 67 Restart Screen

Figure 66 Edit Route

67


Any network users who are currently accessing the Internet will have their access interrupted whilst the restart takes place, and they may need to reboot their computers when the restart has completed and the Router is operational again.

Time Zone

Choose the time zone that is closest to your actual location. The time zone setting is used by the system clock when displaying the correct time in the log files.

If you use Daylight saving tick the Enable Daylight savings box, and then click Apply. (

Figure 68 )

Figure 68 Time Zone Screen

The Router reads the correct time from NTP servers on the

Internet and sets its system clock accordingly. The Daylight

Savings option automatically adjusts the clock to daylight savings time as appropriate to your time zone.

Diagnostics Tools

This screen provides Ping, Trace Route and Host Name Lookup facilities.

Figure 69 Diagnostics Screen

68


Loading and Saving the Router Configuration

Figure 70 Configuration Screen

Select the Configuration tab to display the Configuration screen

(

Figure 70 ).

■ Click BACKUP to save the current configurations of the

OfficeConnect Secure Router. You will be prompted to download and save a file to disk.

■ If you want to reinstate the configuration settings previously saved to a file, click Browse to locate the backup file on your computer, and then RESTORE to copy the configuration back to the Router.

For security purposes restoring the configuration does not change the password.

69

■ If you want to reset the settings on your Router to those that were loaded at the factory, click RESET. You will lose all your configuration changes. The Router LAN IP address will revert to 192.168.1.1, and the DHCP server on the LAN will be enabled. You may need to reconfigure and restart your computer to re-establish communication with the Router.

Upgrading the Firmware of your Router

The Upgrade facility allows you to install on the Router any new releases of system software that 3Com may make available.

3DES and AES encryption are not shipped with the Router as standard due to international restrictions on encryption. If your country permits their use they can be downloaded from the

3Com web site at http://www.3com.com/


Figure 71 Upgrade Screen The upgrade procedure can take a few minutes, and is complete when the Alert LED has stopped flashing and is permanently off.

Make sure that you do not interrupt power to the Router during the upgrade procedure; if you do, the software may be corrupted and the Router may not start up properly afterwards. If the Alert

LED comes on continuously or flashing slowly after a failed

upgrade, refer to “Troubleshooting” on page 75.

Once you have downloaded the software, use the Browse button to locate the file on your computer, and then click on Apply.

You may need to change the file type in the dialog box displayed by your web browser to *.* to be able to see the file.

The file will be copied to the Router, and once this has completed, the Router will restart. Although the upgrade process has been designed to preserve your configuration settings, 3Com recommends that you make a backup of the configuration beforehand, in case the upgrade process fails for any reason (for example, the connection between the computer and the Router is lost while the new software is being copied to the Router).

70

Viewing Status and Logs

Selecting Status and Logs from the Main menu displays the

Status and Logs screens in your Web browser. The Status and

Logs screen displays a tabular representation of your network and Internet connection.

Status — to display the current unit status, including a summary of the configuration. See

Figure 72 .

Routing Table — to display the configured static and dynamic routings. See

Figure 73 .

Usage Monitor — to display the amount of data transmitted to and received from the Internet. This information is provided for guidance only, and may differ from that used by your ISP for billing purposes. See

Figure 74

.

Log Settings — to choose whether to store the log on the Router or to send to the remote user or both and to choose to to

enable or disable some log entries. See Figure 75 .

If you choose the option to store the log on the Router the log file will be overwritten when it is full. If you choose the option to send logs to a remote server then you will need to specify the IP address of the remote server. The IP address must be within the


LAN subnet and a syslog server must be installed on the remote server.

Logs — to view both the normal events, and security threats logged by the Router

Figure 72 Status Screen

Figure 73 Routing Table screen

Figure 74 Usage Monitor Screen

You may be asked to refer to the information on the Status screen if you contact your supplier for technical support.

71


Figure 75 Log Settings Screen

Obtaining Support and Feedback for your Router

Selecting Support/Feedback on the main menu generates both:

■ The support links screen, which contains a list of Internet links that provide information and support concerning the Router.

(

Figure 76 )

Figure 76 Support Screen

72

■ The feedback links screen, which contains an Internet link to the 3Com website so that you can provide feedback on the

product. ( Figure 77

)

3Com is always looking for product improvements. If you would like to help us by providing feedback please do so by

dua08609-5aaa01.book Page 73 Thursday, September 11, 2003 12:15 PM clicking on the Provide Feedback button on the Support/Feedback screen which will connect you to 3Com's website.

Figure 77 Feedback Screen

73


74


T

ROUBLESHOOTING

Basic Connection Checks

■ Check that the Router is connected to your computers and to the Cable/DSL modem, and that all the equipment is powered on. Check that the LAN and Cable/DSL port link status LEDs on the Router are illuminated, and that any corresponding

LEDs on the Cable/DSL modem and the NIC are also illuminated.

■

■

■

Ensure that the computers have completed their start-up procedure and are ready for use. Some network interfaces may not be correctly initialized until the start-up procedure has completed.

Ensure that the Router has completed its power on self test.

Refer to “Alert LED” on page 77 for details.

If the link status LED does not illuminate for a port that is connected, check that you do not have a faulty cable. Try a different cable.

Browsing to the Router Configuration Screens

If you have connected your Router and computers together but cannot browse to the Router configuration screens, check the following:

■ Confirm that the physical connection between your computer and the Router is OK, and that the link status LEDs on the

Router and NIC are illuminated and indicating the same speed

(10Mbps or 100Mbps). Some NICs do not have status LEDs, in which case a diagnostic program may be available that can give you this information. Refer to the documentation supplied with your NIC for details.

75

■

■

■

■

Ensure that you have configured your computer as described in

“Setting Up Your Computers” on page 19 . Restart your

computer while it is connected to the Router to ensure that your computer receives an IP address.

When entering the address of the Router into your web browser, ensure that you include the full URL including the http:// prefix. (e.g. http://192.168.1.1

)

If you cannot browse to the Router, use the winipcfg utility in

Windows 95/98/ME to verify that your computer has received the correct address information from the Router. From the

Start menu, choose Run and then enter winipcfg. Check that the computer has an IP address of the form 192.168.1.xxx

(where xxx is in the range 2-254), the subnet mask is

255.255.255.0, and the default Router is 192.168.1.1 (the address of the Router). If these are not correct, use the

Release and Renew functions to obtain a new IP address from the Router. Under Windows NT/2000/XP, use the ipconfig command-line utility to perform the same functions.

If you still cannot browse to the Router, then use the

Discovery program on the accompanying CD-ROM as

described in “Using Discovery” on page 79

.


Connecting to the Internet

If you can browse to the Router configuration screens but cannot access sites on the Internet, check the following:

■

■

■

■

■

■

■

Confirm that the physical connection between the Router and the Cable/DSL modem is OK, and that the link status LEDs on both Router and modem are illuminated.

Confirm that the connection between the modem and the

Cable/DSL interface is OK.

Ensure that you have entered the correct information into the

Router configuration screens as required by your Internet

Service Provider. Use the “Internet Settings” screen to verify this.

For DSL users, check that the PPPoE or PPTP user name, password and service name are correct, if these are required.

Only enter a PPPoE service name if your ISP requires one.

For cable users, check whether your ISP requires a fixed MAC

(Ethernet) address. If so, use the Clone MAC Address feature in the Router to ensure that the correct MAC address is presented, as described in

“Configuring a Dynamic IP

Address”

on

page 38 .

Ensure that your computers are not configured to use a Web proxy. On Windows computers, this can be found under

Control Panel > Internet Options > Connections.

Check PC Privileges to see if you have allowed your PCs to connect to the Internet. See

“PC Privileges” on page 50 .

Forgotten Password

If you can browse to the Router configuration screen but cannot log on because you do not know or have forgotten the password, follow the steps below to reset the Router to it’s factory default configuration. Warning: all your configuration changes will be lost, and you will need to run the configuration wizard again before you can re-establish

your Router connection to the Internet. Also, other computer users will lose their network connections whilst this process is taking place, so choose a time when this would be convenient.

1

2

3

4

5

Remove power from the Router.

Disconnect all your computers and the cable/DSL modem from the Router.

Using an Ethernet cable, connect the Ethernet Cable/DSL port on the rear of the Router to any one of the LAN ports.

Re-apply power to the Router. The Alert LED will flash as the

Router starts up, and after approximately 30 seconds will start to flash more slowly (typically 2 seconds on, 2 seconds off). Once the Alert LED has started to flash slowly, remove power from the

Router.

Remove the cable connecting the Cable/DSL port to the LAN port, and reconnect one of your computers to one of the Router

LAN ports.

76


6

7

Re-apply power to the Router, and when the start-up sequence has completed, browse to: http://192.168.1.1 and run the configuration wizard. You may need to restart your computer before you attempt this.

When the configuration wizard has completed, you may reconnect your network as it was before.

Alert LED

When the Router is first powered on, the Alert LED will be on for between three and five seconds, and then start to flash while the system software checks the hardware for proper operation. The

Alert LED may continue to flash for one minute or longer, depending on your network configuration. Once the Router has started normal operation, the Alert LED will go out.

■

■

If the Alert LED does not go out following start up, but illuminates continuously, this indicates that the software has detected a possible fault with the hardware. If the Alert LED is flashing slowly this indicates a firmware failure. Remove power from the Router, wait 10 seconds and then re-apply power. If the Alert LED comes on continuously again, then a

fault has been detected, refer to “Recovering from Corrupted

Software” below. If this does not fix the problem, contact

your supplier for further advice.

During normal operation, you may notice the Alert LED lighting briefly from time to time. This indicates that the

Router has detected a hacker attack from the Internet and has prevented it from harming your network. You need take no specific action on this, unless you decide that these attacks are happening frequently in which case you may wish to discuss this with your ISP. The Router logs such attacks, and this information is available through the configuration screens.

Recovering from Corrupted Software

If the Alert LED flashes slowly on and off following power-up, it is possible that the system software has become corrupted. In this condition, the Router will enter a fail-safe state; DHCP is disabled, and the LAN IP address is set to 192.168.1.1. Follow the instructions below to upload a new copy of the system software to a Router unit in this state.

1

2

3

4

Ensure that one of your computers has a copy of the new software image file stored on its hard disk. If not contact 3Com by visiting: http://www.3com.com

Remove power from the Router and disconnect the Cable/DSL modem and all your computers, except for the one computer with the software image.

You will need to reconfigure this computer with the following static IP address information:

■

■

IP address: 192.168.1.2

Subnet mask: 255.255.255.0

■ Default Gateway address: 192.168.1.1

Restart the computer, and re-apply power to the Router.

Using the Web browser on the computer, enter the following

URL in the location bar: http://192.168.1.1

77


5

6

7

This will connect you to the fail-safe mode of the Router.

Follow the on-screen instructions. Enter the path and filename of the software image file.

When the upload has completed, the Router will restart, run the self-test and, if successful, resume normal operation. The Alert

LED will go out.

Reconnect your Router to the Cable/DSL modem and the computers in your network. Do not forget to reconfigure the computer you used for the software upload.

If the Router does not resume normal operation following the upload, it may be faulty. Contact your supplier for advice.

Frequently Asked Questions

How many computers on the LAN does the Secure Router support?

A maximum of 253 computers on the LAN are supported.

There are only 4 LAN ports on the Router. How are additional computers connected?

You can expand the number of connections available on your

LAN by using hubs and switches connected to the Router. 3Com

OfficeConnect hubs and switches provide a simple, reliable means of expanding your network; contact your supplier for more information, or visit: http://www.3com.com

.

Does the Router support virtual private networks (VPNs)?

The Router fully supports VPNs It is capable of:

■

■

■

■

■

Initiating and terminating IPSec connections.

Terminating L2TP over IPSec and PPTP connections.

Providing hardware accelerated encryption for IPSec VPNs and

IPSec VPNs within L2TP over IPSec.

Providing VPN pass-through.

Configuring up to two VPN Tunnels.

Where can I download software upgrades for the Router?

Upgrades to the Secure Router software are posted on the 3Com support web site, accessible by visiting: http://www.3com.com

What other online resources are there?

The 3Com Knowledgebase at: http://knowledgebase.3com.com

is a database of technical information covering all 3Com products. It is updated daily with information from 3Com technical support services, and it is available 24 hours a day, 7 days a week.

78


U

SING

D

ISCOVERY

Running the Discovery Application

3Com provides a user-friendly Discovery application for detecting the OfficeConnect Secure Router on the network.

If your computers are configured with static addresses (also known as fixed addresses) and you do not wish to change this, then you should use the Discovery program on the Router

CD-ROM to detect and configure your Router.

Windows Installation (95/98/XP/2000/2003 Server/NT)

1 Insert the Router CD-ROM in the CD-ROM drive on your computer. A menu will appear; select Gateway Discovery.

Discovery will find the Router even if it is unconfigured or misconfigured.

Figure 78 Discovery Welcome Screen

79


2 When the Welcome screen is displayed click on Next and wait until the application discovers the Routers connected to your

LAN.

Figure 79 Discovered Router

3

Figure 79 shows an example Discovered Devices screen. Highlight

the Secure Router by clicking on it, and press Next.

Figure 80 Discovery Finish Screen

In Figure 79 the serial number of the unit has been replaced with

xxxxxxxxxx.

4 Click on Finish to launch a web browser and display the login page for the Router.

80


IP A

DDRESSING

The Internet Protocol Suite

The Internet protocol suite consists of a well-defined set of communications protocols and several standard application protocols. Transmission Control Protocol/Internet Protocol (TCP/IP) is probably the most widely known and is a combination of two of the protocols (IP and TCP) working together. TCP/IP is an internationally adopted and supported networking standard that provides connectivity between equipment from many vendors over a wide variety of networking technologies.

IP Addresses and Subnet Masks

Each device on your network must have a unique IP address to operate correctly. An IP address identifies the address of the device to which data is being sent and the address of the destination network. IP addresses have the format n.n.n.x where n is a decimal number between 0 and 255 and x is a number between 1 and 254 inclusive.

However, an IP Address alone is not enough to make your device operate. In addition to the IP address, you need to set a subnet mask. All networks are divided into smaller sub-networks and a subnet mask is a number that enables a device to identify the sub-network to which it is connected.

For your network to work correctly, all devices on the network must have:

■ The same sub-network address.

■ The same subnet mask.

The only value that will be different is the specific host device number. This value must always be unique.

An example IP address is ‘192.168.100.8’. However, the size of the network determines the structure of this IP Address. In using the Router, you will probably only encounter two types of IP

Address and subnet mask structures.

Type One

In a small network, the IP address of ‘192.168.100.8’ is split into two parts:

■

■

Part one (‘192.168.100’) identifies the network on which the device resides.

Part two (‘.8’) identifies the device within the network.

This type of IP Address operates on a subnet mask of

‘255.255.255.0’.

See

Table 3

for an example about how a network with three PCs and a Secure Router might be configured.

Table 3 IP Addressing and Subnet Masking in a Small Network

Device

PC 1

PC 2

PC 3

Secure Router

IP Address

192.168.100.8

192.168.100.33

192.168.100.188

192.168.100.72

Subnet Mask

255.255.255.0

255.255.255.0

255.255.255.0

255.255.255.0

81


Type Two

In larger networks, where there are more devices, the IP address of ‘192.168.100.8’ is, again, split into two parts but is structured differently:

■ Part one (‘192.168’) identifies the network on which the device resides.

■ Part two (‘.100.8’) identifies the device within the network.

This type of IP Address operates on a subnet mask of

‘255.255.0.0’.

See

Table 4 for an example about how a network (only four PCs

represented) and a Secure Router might be configured.

Table 4 IP Addressing and Subnet Masking in a Large Network

Device

PC 1

PC 2

PC 3

PC 4

Secure Router

IP Address

192.168.100.8

192.168.201.30

192.168.113.155

192.168.2.230

192.168.2.72

Subnet Mask

255.255.0.0

255.255.0.0

255.255.0.0

255.255.0.0

255.255.0.0

How does a Device Obtain an IP Address and

Subnet Mask?

There are three different ways to obtain an IP address and the subnet mask. These are:

■

■

■

Dynamic Host Configuration Protocol (DHCP) Addressing

Static Addressing

Automatic Addressing (Auto-IP Addressing)

DHCP Addressing

The Secure Router contains a DHCP server, which allows computers on your network to obtain an IP address and subnet mask automatically. DHCP assigns a temporary IP address and subnet mask which gets reallocated once you disconnect from the network.

DHCP will work on any client Operating System such as

Windows

®

XP, Windows 98 or Windows NT 4.0. Also, using

DHCP means that the same IP address and subnet mask will never be duplicated for devices on the network. DHCP is particularly useful for networks with large numbers of users on them.

Static Addressing

You must enter an IP Address and the subnet mask manually on every device. Using a static IP and subnet mask means the address is permanently fixed.

82


Auto-IP Addressing

Network devices use automatic IP addressing if they are configured to acquire an address using DHCP but are unable to contact a DHCP server. Automatic IP addressing is a scheme where devices allocate themselves an IP address at random from the industry standard subnet of 169.254.x.x (with a subnet mask of 255.255.0.0). If two devices allocate themselves the same address, the conflict is detected and one of the devices allocates itself a new address.

Automatic IP addressing support was introduced by Microsoft in the Windows 98 operating system and is also supported in

Windows 2000/XP/NT.

Private IP Addresses

The following address ranges have been reserved by the Internet

Engineering Task Force (IETF) for private use:

■ 10.0.0.0 – 10.255.255.255

■

■

172.16.0.0 – 172.31.255.255

192.168.0.0 – 192.168.255.255

The Router has a default subnet of 192.168.1.0 –

192.168.1.255. 3Com recommends that you use this subnet for the LAN addresses of your first Device and subsequent ranges

(192.168.2.0 – 192.168.2.255) for the LAN range of other

Devices that you will connect to by VPN.

83


84


T

ECHNICAL

S

PECIFICATIONS

This section lists the technical specifications for the OfficeConnect

Secure Router.

Interfaces

Cable or DSL modem connection - one 10/100 Mbps Ethernet port (10BASE-T/100BASE-TX) with Auto-MDI/MDIX.

LAN connection - four 10/100 Mbps Ethernet ports

(10BASE-T/100BASE-TX) with Auto-MDI/MDIX.

Operating Temperature

0 °C to 40 °C (32 °F to 105 °F)

Power

7 W power dissipated

Humidity

0 % to 90 % (non-condensing) humidity

Dimensions

Width = 220 mm (8.7 in.)

Depth = 135 mm (5.3 in.)

Height = 36 mm (1.4 in.)

Weight

Approximately 537 g (1.18 lbs)

VPN Tunnels

Two

Standards

Functional:ISO 8802/3

IEEE 802.3

Safety:UL 60950, EN 60950

CSA 22.2 #60950

IEC 60950

EMC:EN 55022 Class B

†

EN 55024

AS/NZS 3548 B

†

FCC Part 15 Class B

†

*

ICES-003 Class B

†

VCCI Class B

†

CNS 13438 Class A

Environmental:EN 60068 (IEC 68)

†

Category 5 screened cables must be used to ensure compliance with the Class B requirements of this standard. The use of unscreened cables (Category 3 or Category 5) complies with the

Class A requirements.

Category 5 cables must be used if you are connecting to

100 Mbps devices.

*See

“Safety Information” on page 87 for conditions of

operation.

85


System Requirements

Operating Systems

The Secure Router will support the following Operating Systems:

■

■

■

■

■

■

■

Windows 95, 98, Me

Windows NT 4.0

Windows 2000

Windows XP

Windows 2003 Server

Mac OS 8.5 or higher

Unix

Ethernet Performance

The Secure Router complies with the IEEE 802.3i, u and x specifications.

Cable Specifications

The Secure Router supports the following cable types and maximum lengths:

■

■

Category 3 (Ethernet) or Category 5 (Fast Ethernet or Dual

Speed Ethernet) Twisted Pair — shielded and unshielded cable types.

Maximum cable length of 100m (327.86 ft).

Category 5 cables are required for a 100BASE-TX connection.

86


S

AFETY

I

NFORMATION

Important Safety Information

WARNING: Warnings contain directions that you must

follow for your personal safety. Follow all directions carefully.

You must read the following safety information carefully before you install or remove the unit:

WARNING: Exceptional care must be taken during

installation and removal of the unit.

problem solving actions in this guide, contact your supplier.

WARNING: Disconnect the power adapter before moving

the unit.

WARNING: RJ-45 ports. These are shielded RJ-45 data

sockets. They cannot be used as telephone sockets. Only connect RJ-45 data connectors to these sockets.

WARNING: Only stack the Router with other

OfficeConnect units.

WARNING: To ensure compliance with international safety

standards, only use the power adapter that is supplied with the unit.

WARNING: The socket outlet must be near to the unit

and easily accessible. You can only remove power from the unit by disconnecting the power cord from the outlet.

WARNING: This unit operates under SELV (Safety Extra

Low Voltage) conditions according to IEC 60950. The conditions are only maintained if the equipment to which it is connected also operates under SELV conditions.

WARNING: There are no user-replaceable fuses or

user-serviceable parts inside the Router. If you have a physical problem with the unit that cannot be solved with

87

Wichtige Sicherheitshinweise

VORSICHT: Warnhinweise enthalten Anweisungen, die Sie

zu Ihrer eigenen Sicherheit befolgen müssen. Alle

Anweisungen sind sorgfältig zu befolgen.

Sie müssen die folgenden Sicherheitsinformationen sorgfältig durchlesen, bevor Sie das Geräts installieren oder ausbauen:

VORSICHT: Bei der Installation und beim Ausbau des

Geräts ist mit höchster Vorsicht vorzugehen.

VORSICHT: Stapeln Sie das Geräts nur mit anderen

OfficeConnect Gerätes zusammen.

VORSICHT: Aufgrund von internationalen

Sicherheitsnormen darf das Gerät nur mit dem mitgelieferten Netzadapter verwendet werden.


VORSICHT: Die Netzsteckdose muß in der Nähe des

Geräts und leicht zugänglich sein. Die Stromversorgung des Geräts kann nur durch Herausziehen des

Gerätenetzkabels aus der Netzsteckdose unterbrochen werden.

VORSICHT: Der Betrieb dieses Geräts erfolgt unter den

SELV-Bedingungen (Sicherheitskleinstspannung) gemäß IEC

60950. Diese Bedingungen sind nur gegeben, wenn auch die an das Gerät angeschlossenen Geräte unter

SELV-Bedingungen betrieben werden.

VORSICHT: Es sind keine von dem Benutzer zu ersetzende

oder zu wartende Teile in dem Gerät vorhanden. Wenn Sie ein Problem mit dem Router haben, das nicht mittels der

Fehleranalyse in dieser Anleitung behoben werden kann, setzen Sie sich mit Ihrem Lieferanten in Verbindung.

VORSICHT: Vor dem Ausbau des Geräts das

Netzadapterkabel herausziehen.

VORSICHT: RJ-45-Anschlüsse. Dies sind abgeschirmte

RJ-45-Datenbuchsen. Sie können nicht als

Telefonanschlußbuchsen verwendet werden. An diesen

Buchsen dürfen nur RJ-45-Datenstecker angeschlossen werden.

Consignes importantes de sécurité

AVERTISSEMENT: Les avertissements présentent des

consignes que vous devez respecter pour garantir votre sécurité personnelle. Vous devez respecter attentivement toutes les consignes.

Nous vous demandons de lire attentivement les consignes de sécurité ci-après avant d'installer ou de désinstaller l'appareil:

AVERTISSEMENT: Faites très attention lors de l'installation

et de la désinstallation de l'appareil.

AVERTISSEMENT: L'appareil ne doit être empilé qu'avec

d'autres produits OfficeConnect.

AVERTISSEMENT: Pour garantir le respect des normes

internationales de sécurité, utilisez uniquement l'adaptateur électrique remis avec cet appareil.

AVERTISSEMENT: La prise secteur doit se trouver à

proximité de l'appareil et son accès doit être facile. Vous ne pouvez mettre l'appareil hors circuit qu'en débranchant son cordon électrique au niveau de la prise.

AVERTISSEMENT: L'appareil fonctionne à une tension de

sécurité extrêmement basse, conformément à la norme

CEI 60950. La conformité à cette norme n'est maintenue

88

dua08609-5aaa01.book Page 89 Thursday, September 11, 2003 12:15 PM que si l'équipement auquel il est raccordé fonctionne

également dans des conditions conformes à cette norme.

AVERTISSEMENT: Il n'y a pas d'élément remplaçable ou

réparable par l'utilisateur à l'intérieur de l'appareil. Si vous rencontrez avec cet appareil un problème ne pouvant être résolu par les actions de résolution de problèmes présentés dans ce manuel, veuillez contacter votre fournisseur.

AVERTISSEMENT: Débranchez l'adaptateur électrique

avant de désinstaller cet appareil.

AVERTISSEMENT: Ports RJ-45. Il s'agit de prises de

données femelles blindées RJ-45. Vous ne pouvez pas les utiliser comme prise de téléphone. Branchez uniquement des connecteurs de données RJ-45 dans ces prises femelles.

89


90


O

BTAINING

S

UPPORT FOR YOUR

P

RODUCT

Register Your Product to Gain Service Benefits

To take advantage of warranty and other service benefits, you must first register your product at

http://eSupport.3com.com/.

3Com eSupport services are based on accounts that you create or have authorization to access. First time users must apply for a user name and password that provides access to a number of eSupport features including Product Registration, Repair Services, and Service Request.

Troubleshoot Online

You will find support tools posted on the 3Com web site at

http://www.3com.com/

■ 3Com Knowledgebase helps you troubleshoot 3Com products. This query-based interactive tool is located at

http://knowledgebase.3com.com

and contains thousands of technical solutions written by 3Com support engineers.

■ Connection Assistant helps you install, configure and troubleshoot 3Com desktop and server NICs, wireless cards and Bluetooth devices. This diagnostic software is located at:

http://www.3com.com/prodforms/software/con nection_assistant/ca_thankyou.html

Purchase Value-Added Services

To enhance response times or extend warranty benefits, contact

3Com or your authorized 3Com reseller. Value-added services can include 24x7 telephone technical support, software upgrades, onsite assistance or advance hardware replacement.

Experienced engineers are available to manage your installation with minimal disruption to your network. Expert assessment and implementation services are offered to fill resource gaps and ensure the success of your networking projects. More information on 3Com Extended Warranty and Professional

Services is available at


Contact your authorized 3Com reseller or 3Com for additional product and support information.

91

Access Software Downloads

Software Updates are the bug fix / maintenance releases for the version of software initially purchased with the product. In order to access these Software Updates you must first register your product on the 3Com web site at

http://eSupport.3com.com/

.

First time users will need to apply for a user name and password.

A link to software downloads can be found at


, or under the Product

Support heading at


Software Upgrades are the software releases that follow the software version included with your original product. In order to access upgrades and related documentation you must first purchase a service contract from 3Com or your reseller.


Contact Us

3Com offers telephone, e-mail and internet access to technical support and repair services. To access these services for your region, use the appropriate telephone number, URL or e-mail address from the list below. You will find a current directory of support telephone numbers posted on the 3Com web site at

http://csoweb4.3com.com/contactus/

Telephone Technical Support and Repair

To obtain telephone support as part of your warranty and other service benefits, you must first register your product at


When you contact 3Com for assistance, please have the following information ready:

■ Product model name, part number, and serial number

■

■

■

A list of system hardware and software, including revision level

Diagnostic error messages

Details about recent configuration changes, if applicable

To send a product directly to 3Com for repair, you must first obtain a return authorization number (RMA). Products sent to

3Com, without authorization numbers clearly marked on the outside of the package, will be returned to the sender unopened, at the sender’s expense. If your product is registered and under warranty, you can obtain an RMA number online at


. First time users will need to apply for a user name and password.

92

Telephone numbers are correct at the time of publication. Find a current directory of support telephone numbers posted on the

3Com web site at

http://csoweb4.3com.com/contactus/

Country Telephone Number

Asia, Pacific Rim Telephone Technical Support and Repair

Australia

Hong Kong

India

Indonesia

Japan

Malaysia

New Zealand

Pakistan

Philippines

P.R. of China

Singapore

S. Korea

Taiwan

Thailand

1 800 678 515

800 933 486

+61 2 9424 5179 or

000800 6501111

001 803 61 009

00531 616 439 or

03 5977 7991

1800 801 777

0800 446 398

+61 2 9937 5083

1235 61 266 2602 or

1800 1 888 9469

10800 61 00137 or

021 6350 1590 or

00800 0638 3266

800 6161 463

080 333 3308

00801 611 261

001 800 611 2000

You can also obtain support in this region using the following e-mail: [email protected]

Or request a repair authorization number (RMA) by fax using this number: +65 543 6348



Europe, Middle East, and Africa Telephone Technical

Support and Repair

From anywhere in these regions, call:

+44 (0)1442 435529

From the following countries, you may use the numbers shown:

Austria

Belgium

Denmark

Finland

France

Germany

Hungary

Ireland

Israel

Italy

Luxembourg

Netherlands

Norway

Poland

Portugal

South Africa

Spain

Sweden

Switzerland

U.K.

01 7956 7124

070 700 770

7010 7289

01080 2783

0825 809 622

01805 404 747

06800 12813

01407 3387

1800 945 3794

199 161346

342 0808128

0900 777 7737

815 33 047

00800 441 1357

707 200 123

0800 995 014

9 021 60455

07711 14453

08488 50112

0870 909 3266

You can also obtain support in this region using the following

URL: http://emea.3com.com/support/email.html

.


Latin America Telephone Technical Support and Repair

From the Caribbean, Central and South America, call:

Antigua

Argentina

Aruba

Bahamas

Barbados

Belize

Bermuda

Bonaire

Brazil

Cayman

Chile

Colombia

Costa Rica

Curacao

Ecuador

Dominican Republic

Guatemala

Haiti

Honduras

Jamaica

Martinique

Mexico

Nicaragua

Panama

Paraguay

Peru

Puerto Rico

Salvador

Trinidad and Tobago

Uruguay

Venezuela

Virgin Islands

1 800 988 2112

0 810 444 3COM

1 800 998 2112

1 800 998 2112

1 800 998 2112

52 5 201 0010

1 800 998 2112

1 800 998 2112

0800 13 3COM

1 800 998 2112

AT&T +800 998 2112

AT&T +800 998 2112

AT&T +800 998 2112

1 800 998 2112

AT&T +800 998 2112

AT&T +800 998 2112

AT&T +800 998 2112

57 1 657 0888

AT&T +800 998 2112

1 800 998 2112

571 657 0888

01 800 849CARE

AT&T +800 998 2112

AT&T +800 998 2112

54 11 4894 1888

AT&T +800 998 2112

1 800 998 2112

AT&T +800 998 2112

1 800 998 2112

AT&T +800 998 2112

AT&T +800 998 2112

57 1 657 0888

93



You can also obtain support in this region using the following:

Spanish speakers, enter the URL: http://lat.3com.com/lat/support/form.html

Portuguese speakers, enter the URL: http://lat.3com.com/br/support/form.html

English speakers in Latin America should send e-mail to: [email protected]

US and Canada Telephone Technical Support and Repair

1 800 876 3266

94


E

ND

U

SER

S

OFTWARE

L

ICENCE

A

GREEMENT

3Com Corporation

END USER SOFTWARE LICENSE AGREEMENT

YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE

DOWNLOADING, INSTALLING AND USING THIS PRODUCT, THE USE OF WHICH IS

LICENSED BY 3COM CORPORATION ("3COM") TO ITS CUSTOMERS FOR THEIR USE ONLY

AS SET FORTH BELOW. DOWNLOADING, INSTALLING OR OTHERWISE USING ANY PART

OF THE SOFTWARE OR DOCUMENTATION INDICATES THAT YOU ACCEPT THESE TERMS

AND CONDITIONS. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS

AGREEMENT, DO NOT DOWNLOAD, INSTALL OR OTHERWISE USE THE SOFTWARE OR

DOCUMENTATION, DO NOT CLICK ON THE "I AGREE" OR SIMILAR BUTTON. AND IF YOU

HAVE RECEIVED THE SOFTWARE AND DOCUMENTATION ON PHYSICAL MEDIA, RETURN

THE ENTIRE PRODUCT WITH THE SOFTWARE AND DOCUMENTATION UNUSED TO THE

SUPPLIER WHERE YOU OBTAINED IT.

LICENSE: 3Com grants you a nonexclusive, nontransferable (except as specified herein) license to use the accompanying software program(s) in executable form (the "Software") and accompanying documentation (the "Documentation"), subject to the terms and restrictions set forth in this Agreement. You are not permitted to lease, rent, distribute or sublicense (except as specified herein) the Software or Documentation or to use the

Software or Documentation in a time-sharing arrangement or in any other unauthorized manner. Further, no license is granted to you in the human readable code of the Software

(source code). Except as provided below, this Agreement does not grant you any rights to patents, copyrights, trade secrets, trademarks, or any other rights with respect to the

Software or Documentation.

Subject to the restrictions set forth herein, the Software is licensed to be used on any workstation or any network server owned by or leased to you, for your internal use, provided that the Software is used only in connection with this 3Com product. You may reproduce and provide one (1) copy of the Software and Documentation for each such workstation or network server on which the Software is used as permitted hereunder.

Otherwise, the Software and Documentation may be copied only as essential for backup or archive purposes in support of your use of the Software as permitted hereunder. Each copy of the Software and Documentation must contain 3Com's and its licensors' proprietary rights and copyright notices in the same form as on the original. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation delivered to you under this Agreement.

ASSIGNMENT; NO REVERSE ENGINEERING: You may transfer the Software,

Documentation and the licenses granted herein to another party in the same country in which you obtained the Software and Documentation if the other party agrees in writing to accept and be bound by the terms and conditions of this Agreement. If you transfer the

Software and Documentation, you must at the same time either transfer all copies of the

Software and Documentation to the party or you must destroy any copies not transferred.

Except as set forth above, you may not assign or transfer your rights under this

Agreement.

Modification, reverse engineering, reverse compiling, or disassembly of the Software is expressly prohibited. However, if you are a European Union ("EU") resident, information necessary to achieve interoperability of the Software with other programs within the meaning of the EU Directive on the Legal Protection of Computer Programs is available to you from 3Com upon written request.

EXPORT RESTRICTIONS: The Software, including the Documentation and all related technical data (and any copies thereof) (collectively "Technical Data"), is subject to United

States Export control laws and may be subject to export or import regulations in other countries. In addition, the Technical Data covered by this Agreement may contain data encryption code which is unlawful to export or transfer from the United States or country where you legally obtained it without an approved U.S. Department of Commerce export license and appropriate foreign export or import license, as required. You agree that you will not export or re-export the Technical Data (or any copies thereof) or any products utilizing the Technical Data in violation of any applicable laws or regulations of the United

States or the country where you legally obtained it. You are responsible for obtaining any licenses to export, re-export or import the Technical Data.

In addition to the above, the Product may not be used, exported or re-exported (i) into or to a national or resident of any country to which the U.S. has embargoed; or (ii) to any one on the U.S. Commerce Department's Table of Denial Orders or the U.S. Treasury

Department's list of Specially Designated Nationals.

TRADE SECRETS; TITLE: You acknowledge and agree that the structure, sequence and organization of the Software are the valuable trade secrets of 3Com and its suppliers. You agree to hold such trade secrets in confidence. You further acknowledge and agree that ownership of, and title to, the Software and Documentation and all subsequent copies thereof regardless of the form or media are held by 3Com and its suppliers.

UNITED STATES GOVERNMENT LEGENDS: The Software, Documentation and any other technical data provided hereunder is commercial in nature and developed solely at private expense. The Software is delivered as "Commercial Computer Software" as defined in

DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in this Agreement, which is

3Com's standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov. 1995) or FAR 52.227-14 (June

1987), whichever is applicable.

TERM AND TERMINATION: The licenses granted hereunder are perpetual unless terminated earlier as specified below. You may terminate the licenses and this Agreement at any time by destroying the Software and Documentation together with all copies and merged portions in any form. The licenses and this Agreement will also terminate immediately if you fail to comply with any term or condition of this Agreement. Upon

95

dua08609-5aaa01.book Page 96 Thursday, September 11, 2003 12:15 PM such termination you agree to destroy the Software and Documentation, together with all copies and merged portions in any form.

LIMITED WARRANTIES AND LIMITATION OF LIABILITY: All warranties and limitations of liability applicable to the Software are as stated on the Limited Warranty Card or in the product manual, whether in paper or electronic form, accompanying the Software. Such warranties and limitations of liability are incorporated herein in their entirety by this reference.

GOVERNING LAW: This Agreement shall be governed by the laws of the State of

California, U.S.A. excluding its conflicts of laws principles and excluding the United

Nations Convention on Contracts for the International Sale of Goods.

SEVERABILITY: In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired and a valid, legal and enforceable provision of similar intent and economic impact shall be substituted therefor.

ENTIRE AGREEMENT: This Agreement sets forth the entire understanding and agreement between you and 3Com and supersedes all prior agreements, whether written or oral, with respect to the Software and Documentation, and may be amended only in a writing signed by both parties.

Should you have any questions concerning this Agreement or if you desire to contact

3Com for any reason, please contact the 3Com subsidiary serving your country, or write:

3Com Corporation, 350 Campus Drive, Marlborough, MA 01752-3064.

This product contains encryption and may require U.S. and/or local government authorisation prior to export or import to another country.

96


ISP I

NFORMATION

Information Regarding Popular ISPs

Internet

Connection

Types

Dynamic IP

(Clone MAC)

Dynamic IP

(Hostname)

PPPoE

(DSL)

Characteristics Popular ISPs

Cable modem ISP, non-hostname based. Need to clone MAC in the DHCP page of router.

Cable ISP, Requires

Hostname to authenticate i.e. cx213818-B. Need to enter the hostname in the

DHCP page of the router, exactly as it appears in your documentation.

Usually special software installed on PC,

MacPOET/WinPOET,

EnterNet 300. The Secure

Router has this software built in and you can safely remove it from your PC.

You will need to enter the account name and password that your ISP provided to you in the

PPPoE page of the Router.

Leave the service name blank unless your ISP requires it.

MediaOne,

RoadRunner, Optimum

Online, Time Warner,

Charter and Adelphia,

Metrocast, RCN

@Home Network,

Cogoco, ComCast,

Cox, Excite, Rogers,

Shaw, Insight,

Videotron

Bell*, Century Tel,

Citizens, Primus,

Prodigy, Snet, Sprint FC,

Verizon, First World,

Brightnet, Earthlink,

Ameritech, Covad,

Mindspring, Sympatico

DSL, USwest, Qwest,

SNet

Internet

Connection

Types

Characteristics Popular ISPs

PPTP

Static

(DSL)

Cable or DSL, always on.

Some European ISPs require a PPTP tunnel to authenticate their network.

DSL Modem, always on.

Need to enter ALL IP information from ISP in the

“Static IP” section of the

Router.

KPN (Netherlands),

Austria Telecom

CableSpeed, Cnet,

Direct Link, Drizzle, DSL

Extreme, Earthlink

Wireless, Fast Point,

Flashcom,

GTE-WhirlWind,

Heavenet, HSA Corp,

I-55, InterAccess,

LinkLine, Mission,

Nauticom, NAS, Omitel,

Onterra, Phatpipe,

Rhythms, Speakeasy,

Sterling, XO, Zyan

Static

(Cable)

Cable Modem, Always on,

ISP assigns specific IP information which needs to be entered on the “Static

IP” page of the Router.

Cox Cable, Sprint, US

Cable, Cable-Cable

* Bell includes Bell Advantage, Bell Canada, Bell South, PacBell and

Southwestern Bell

97


98


G

LOSSARY

10BASE-T

The IEEE specification for 10 Mbps Ethernet over Category 3, 4 or 5 twisted pair cable.

100BASE-TX

The IEEE specification for 100 Mbps Fast Ethernet over Category

5 twisted-pair cable.

3DES

Triple DES (See DES). 3DES is an extremely secure 168 bit encryption system that works by applying the DES encryption system three times on the same message using different keys. It is typically used in military applications where it is expected that the VPN traffic will be intercepted and an effort made to decode it.

AES

Advanced Encryption Standard. A 256 bit FIPS-approved symmetric encryption algorithm that may be used by U.S.

Government organizations (and others) to protect sensitive information. AES provides much higher security than 3DES.

Auto-negotiation

Some devices in the OfficeConnect range support auto-negotiation. Auto-negotiation is where two devices sharing a link, automatically configure to use the best common speed.

The order of preference (best first) is: 100BASE-TX full duplex,

100BASE-TX half duplex, 10BASE-T full duplex, and 10BASE-T half duplex. Auto-negotiation is defined in the IEEE 802.3 standard for Ethernet and is an operation that takes place in a few milliseconds.

Bandwidth

The information capacity, measured in bits per second, that a channel can transmit. The bandwidth of Ethernet is 10 Mbps, the bandwidth of Fast Ethernet is 100 Mbps.

Category 3 Cables

One of five grades of Twisted Pair (TP) cabling defined by the

EIA/TIA-586 standard. Category 3 is voice grade cable and can only be used in Ethernet networks (10BASE-T) to transmit data at speeds of up to 10 Mbps.

Category 5 Cables

One of five grades of Twisted Pair (TP) cabling defined by the

EIA/TIA-586 standard. Category 5 can be used in Ethernet

(10BASE-T) and Fast Ethernet networks (100BASE-TX) and can transmit data up to speeds of 100 Mbps. Category 5 cabling is better to use for network cabling than Category 3, because it supports both Ethernet (10 Mbps) and Fast Ethernet (100 Mbps) speeds.

Client

The term used to described the desktop PC that is connected to your network.

DES

Data Encryption Standard. DES is one of the encryption protocols that can be used by an IPSec Virtual Private Network. It is a strong encryption standard only currently exceeded in security by 3DES.

99


DHCP

Dynamic Host Configuration Protocol. This protocol automatically assigns an IP address for every computer on your network. Windows 95, Windows 98 and Windows NT 4.0 contain software that assigns IP addresses to workstations on a network. These assignments are made by the DHCP server software that runs on Windows NT Server, and Windows 95 and

Windows 98 will call the server to obtain the address. Windows

98 will allocate itself an address if no DHCP server can be found.

DNS

Domain Name System. DNS allows Internet host computers to have a domain name (such as 3com.com) and one or more IP addresses (such as 192.34.45.8). A DNS server keeps a database of host computers and their respective domain names and IP addresses, so that when a domain name is requested (as in typing “3com.com” into your Internet browser), the user is sent to the proper IP address. The DNS server address used by the computers on your home network is the location of the DNS server your ISP has assigned.

DSL modem

Digital Subscriber Line. A DSL modem uses your existing phone lines to send and receive data at high speeds.

Ethernet

A LAN specification developed jointly by Xerox, Intel and Digital

Equipment Corporation. Ethernet networks use CSMA/CD to transmit packets at a rate of 10 Mbps over a variety of cables.

Ethernet Address

See MAC address.

Fast Ethernet

An Ethernet system that is designed to operate at 100 Mbps.

Firewall

Electronic protection that prevents anyone outside of your network from seeing your files or damaging your computers.

Full Duplex

A system that allows packets to be transmitted and received at the same time and, in effect, doubles the potential throughput of a link.

Gateway

A device that acts as a central hub by connecting to each computer's network interface card and managing the data traffic between the local network and the Internet.

Half Duplex

A system that allows packets to transmitted and received, but not at the same time. Contrast with full duplex.

Hub

A device that regenerates LAN traffic so that the transmission distance of that signal can be extended. Hubs are similar to repeaters, in that they connect LANs of the same type; however they connect more LANs than a repeater and are generally more sophisticated.

100


IEEE

Institute of Electrical and Electronics Engineers. This

American organization was founded in 1963 and sets standards for computers and communications.

IETF

Internet Engineering Task Force. An organization responsible for providing engineering solutions for TCP/IP networks. In the network management area, this group is responsible for the development of the SNMP protocol.

IP

Internet Protocol. IP is a layer 3 network protocol that is the standard for sending data through a network. IP is part of the

TCP/IP set of protocols that describe the routing of packets to addressed devices. An IP address consists of 32 bits divided into two or three fields: a network number and a host number or a network number, a subnet number, and a host number.

IP Address

Internet Protocol Address. A unique identifier for a device attached to a network using TCP/IP. The address is written as four octets separated with periods (full-stops), and is made up of a network section, an optional subnet section and a host section.

IPSec

IPSec (Internet Protocol Security) is a VPN encryption protocol based on TCP/IP. It is a flexible protocol with a wide range of encryption options. IPSec is commonly used for both connections between separate private networks and for connections between remote PCs and private networks.

ISP

Internet Service Provider. An ISP is a business that provides connectivity to the Internet for individuals and other businesses or organizations.

LAN

Local Area Network. A network of end stations (such as PCs, printers, servers) and network devices (hubs and switches) that cover a relatively small geographic area (usually not larger than a floor or building). LANs are characterized by high transmission speeds over short distances (up to 1000 metres).

L2TP over IPSec

L2TP over IPSec is a combination of protocols commonly used to authenticate a user (L2TP) and encrypt data (using IPSec).

MAC

Media Access Control. A protocol specified by the IEEE for determining which devices have access to a network at any one time.

MAC Address

Media Access Control Address. Also called the hardware, physical or Ethernet address. A layer 2 address associated with a particular network device. Most devices that connect to a LAN have a MAC address assigned to them as they are used to identify other devices in a network. MAC addresses are 6 bytes long.

101


NAT

Network Address Translation. NAT enables all the computers on your network to share one IP address. The NAT capability of the Router allows you to access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP.

Network

A Network is a collection of computers and other computer equipment that are connected for the purpose of exchanging information or sharing resources. Networks vary in size, some are within a single room, others span continents.

Network Interface Card (NIC)

A circuit board installed into a piece of computing equipment, for example, a computer, that enables you to connect it to the network. A NIC is also known as an adapter or adapter card.

Ping

Packet Internet Groper. An internet utility used to determine whether a particular IP address is online. It is used to test and debug a network by sending out a packet and waiting for a response.

Protocol

A set of rules for communication between devices on a network.

The rules dictate format, timing, sequencing and error control.

PPPoE

Point-to-Point Protocol over Ethernet. Point-to-Point Protocol is a method of secure data transmission originally created for dial-up connections; PPPoE is for Ethernet connections.

PPTP

Point-to-Point Tunnelling Protocol. PPTP is a simple VPN encryption protocol based on the Point to Point protocol. It is most frequently used to connect remote PCs to private networks.

RIP

Routing Information Protocol. A simple routing protocol that is part of the TCP/IP protocol suite. It determines a route based on the smallest hop count between source and destination. RIP is a distance vector protocol that routinely broadcasts routing information to its neighbouring routers.

Router

Protocol dependant device that connects subnetworks together.

Routers are useful in breaking down a very large network into smaller subnetworks, they introduce longer delays and typically have much lower throughput rates than bridges.

RJ-45

A standard connector used to connect Ethernet networks. The

"RJ" stands for "registered jack".

Server

A computer in a network that is shared by multiple end stations.

Servers provide end stations with access to shared network services such as computer files and printer queues.

102


SPI

Stateful Packet Inspection. This feature requires the Router to remember what outgoing requests have been sent and only allow responses to those requests back through the Router. This way, un-requested attempts to access the network will be denied.

Subnet Address

An extension of the IP addressing scheme that allows a site to use a single IP network address for multiple physical networks.

Subnet mask

A subnet mask, which may be a part of the TCP/IP information provided by your ISP, is a set of four numbers configured like an

IP address. It is used to create IP address numbers used only within a particular network (as opposed to valid IP address numbers recognized by the Internet, which must assigned by

InterNIC).

Subnets

A network that is a component of a larger network.

Switch

A device that interconnects several LANs to form a single logical

LAN that comprises of several LAN segments. Switches are similar to bridges, in that they connect LANs of a different type; however they connect more LANs than a bridge and are generally more sophisticated.

TCP/IP

Transmission Control Protocol/Internet Protocol. This is the name for two of the most well-known protocols developed for the interconnection of networks. Originally a UNIX standard,

TCP/IP is now supported on almost all platforms, and is the protocol of the Internet.

Traffic

The movement of data packets on a network.

VPN

TCP relates to the content of the data travelling through a network — ensuring that the information sent arrives in one piece when it reaches its destination. IP relates to the address of the end station to which data is being sent, as well as the address of the destination network.

Virtual Private Network. A VPN is a private network where the data is passed across a public network infrastructure such as the

Internet. The data is kept private by using encryption.

WAN

Wide Area Network. A network that connects computers located in geographically separate areas (for example, different buildings, cities, or countries). The Internet is an example of a wide area network.

Wizard

A Windows application that automates a procedure such as installation or configuration.

103


104


I

NDEX

Numbers

100BASE-TX 99

10BASE-T 99

3DES

defined 99

upgrading to 69

A

access rights 50

adding special applications 53

address

TCP/IP 81

admin password 23

changing 35

advanced settings 55

AES 99

alert LED 12

allow/block lists 56

Apple Macintosh. see Macintosh

auto-configuration wizard 26

Auto-IP addressing 83

Auto-negotiation 99

B

bandwidth 99

BCIQ statement 111

blocking Internet access 50

broadband sharing 9

105

C

cable specifications 86

cable/DSL Ethernet port 13

cable/DSL modem

connecting to 17

cable/DSL status LED 13

category 3 cables 99 category 5 cables 99

changing the admin password 35

client 99

configuring computers 19

configuring the Router 33

connecting the cable/DSL modem 17

connecting to the Internet 36

Consignes importantes de sécurité 88

content filtering 56, 57

creating a virtual server 49

CSA statement 111

D

data encryption standard 99

daylight saving 68

DES 99

DHCP 100

wizard 30

DHCP Internet settings 38

DHCP server

configuring 42

DHCP settings

Macintosh OS 8.5/9.x 20

Windows 2000/XP/2003 Server 19

Windows 95/98/ME 20

dua08609-5aaa01.book Page 106 Thursday, September 11, 2003 12:15 PM diagram

front panel 12

rear panel 13

sample network 9

digital subscriber line 100

disabling IPSec 61

disabling PPPoE client software 20

disabling the firewall 55

disabling web proxies 21

discovery application 79

DMZ

virtual 49

DNS 100 domain name system 100

DSL 100

DSL Ethernet port 13

DSL modem 100

DSL status LED 13

dynamic host control protocol 100

dynamic IP address 16, 37

configuring 38

dynamic routing 47

E

End User Software Licence Agreement 95

Ethernet 100

Ethernet port

cable/DSL 13

LAN 13

F

Fast Ethernet 100

FCC statement 111

feedback 8

filter policy 57

finding the Router 79

firewall 9

defined 100

disabling 55

settings 48

firmware

upgrading 69

front panel diagram 12

full duplex 100

G

Gateway

defined 100

firewall 9

Gateway to Gateway connection 64

getting help 34

giving feedback 8

Glossary 99

H

half duplex 100

help menu 34

hub 100

106

I

IEEE 101

IETF 101

installation information 16

Internet protocol 81


Internet Settings

PPTP 40

Internet settings

blocking access 50

configuring 36

DHCP 38

PPPoE 39

static address 37

wizard 26

inventory 11

IP address 81

allocation methods 16, 36

IP defined 101

IPSec

defined 101

IPSec Routes

editing 66

ISP defined 101

ISP Information 97

L

L2TP 58

editing 65

LAN defined 101

LAN Ethernet port 13

LAN settings

configuring 35

wizard 30

LAN status LED 12

LED

alert 12

cable/DSL status 13

LAN status 12 power 12

107

loading Router configuration 69

local area network 101

login screen 23

logs

viewing 70

M

MAC address 101

Macintosh OS 8.5/9.x

setting up 20

main menu

accessing 33

media access control 101

multiple hosts 54

N

NAT

configuring 33, 44

defined 102

network address

remote 63

network address translation 33, 44, 102

network defined 102 network interface card defined 102

NIC defined 102

notice board 34

NTP server 68

O

obtaining support/feedback 72

dua08609-5aaa01.book Page 108 Thursday, September 11, 2003 12:15 PM one-to-many NAT

configuring 45

one-to-one NAT

configuring 45

P

package contents 11

password

changing 35

system 23

wizard 24

PC privileges

setting 50

PING

allowing 55

port

cable/DSL Ethernet 13

LAN Ethernet 13

positioning the Router 15

power adapter socket 13

power cycle 67

power LED 12

powering up the Router 17

PPPoE 16, 37

changing the password 36

configuring a connection 39

defined 102

disabling 20 disabling client software 20

PPTP 16, 37

configuring a connection 40

defined 102

disabling 20

editing 66

users 58

private IP addresses 83

privileges

setting 50

protocol defined 102

R

rear panel diagram 13

remote network address 63

remote User ID 62

restarting the Router 67

restoring Router configuration 69

RJ-45 defined 102

Router

changing the password 35

connecting the cable/DSL modem 17

installation information 16

positioning 15

powering up 17

restarting 67

Router configuration 33

108

S

safety information 87

sample network diagram 9

saving Router configuration 69

server defined 102

session chaining 54

setting up

Macintosh OS 8.5/9.x 20

Windows 2000/XP/2003 Server 19

Windows 95/98/ME 20

setting up computers 19

dua08609-5aaa01.book Page 109 Thursday, September 11, 2003 12:15 PM settings

advanced 55

setup wizard 23

shared key 62, 63, 65, 66

sharing broadband 9

special applications 52

adding 53 custom 53

stacking clip

using 15

static IP address 16, 37 configuring 37

status

viewing 70

status LED

cable/DSL 13

LAN 12

subnet mask 42, 103

support 72

Support for your product 91

switch 103

system password 23

system requirements 86

system tools 67

T

TCP/IP 81, 101

defined 103

technical specifications 85

time zone

setting 68

wizard 25

traffic 103

trigger port 54

Triple DES 99

tunnel shared key 62, 63, 65, 66

U

upgrading firmware 69

usage monitor 70

User ID 62

UTC (world time) 25

V

VCCI statement 111

viewing status and logs 70

virtual DMZ 49

virtual private network 103

virtual servers 48

creating 49

VPN

defined 103

example 64

VPN mode 58

109

W

WAN. See wide area network

web proxies

disabling 21

Wichtige Sicherheitshinweise 87

wide area network 103

Windows 2000/XP/2003 Server

setting up 19

Windows 95/98/ME

setting up 20

dua08609-5aaa01.book Page 110 Thursday, September 11, 2003 12:15 PM wizard

auto-configuration 26

defined 103

DHCP 30

Internet settings 26

LAN settings 30

launching manually 24

setup 23

summary 31

world time (UTC) 25

110


R

EGULATORY

N

OTICES

FCC Statement

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules, and the Canadian Department of

Communications Equipment Standards entitled, “Digital Apparatus,” ICES-003. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.

Information to the User

If this equipment does cause interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

■

■

■

■

Reorient the receiving antenna.

Relocate the equipment with respect to the receiver.

Move the equipment away from the receiver.

Plug the equipment into a different outlet so that equipment and receiver are on different branch circuits.

Consult the dealer or an experienced radio/television technician for help.

■

The user may find the following booklet prepared by the Federal Communications

Commission helpful:

How to Identify and Resolve Radio-TV Interference Problems

This booklet is available from the U.S. Government Printing Office, Washington, DC

20402, Stock No. 004-000-00345-4. In order to meet FCC emissions limits, this equipment must be used only with cables which comply with IEEE 802.3.

CE Statement (Europe)

This product complies with the European Low Voltage Directive 73/23/EEC and EMC

Directive 89/336/EEC as amended by European Directive 93/68/EEC.

CSA Statement

This Class B digital apparatus meets all requirements of the Canadian

Interference-Causing Equipment Regulations.

Cet appareil numérique de la classe B respecte toutes les exigences du Règlement sur le matériel brouilleur du Canada.

VCCI Statement

111


DUA08609-5AAA01

Published September 2003

No results