XiNCOM Twin WAN XC-DPG503 manual

    Twin W AN VPN Gateway CUTTING EDGE INNOV A TIONS.[...]

T able of C ontents Introduction 4 Features 5 Physical Details 7 Basic Setup 9 Configuring your LAN 10 Connecting Broadband Modems 12 Configuring for Interent Access 13 Configuring your LAN PCs 14 Advanced Port 16 Port Options 17 Load Balance 18 Advanced PPPoE 19 Advanced PPTP 20 Advanced Setup 21 Host IP Setup 22 Virtual Server 23 Custom Virtua[...]

T able of C ontents QoS Configuration 33 VPN Configuration 34 IPSec Global Setting 35 Policy Setup 36 Management Assistant 38 SNMP 38 Email Alert 38 Syslog 39 Upgrade Firmware 40 Operation & Status 42 System Status 42 Restore Factory Defaults 43 WAN Status 43 LAN Status 43 Advanced LAN Configuration 44 Existing DHCP Server 44 Static Routing [...]

Chapter 1 - Introduction XiNCOM XC-DPG503 is a VPN capable Dual W AN Gateway with the industry standard IPsec encryption. It provides extremely secure LAN-to-LAN connectivity over the Internet. The 503 supports VPN by encryption, encapsulation, and authentication using the following methods: DES/3DES/AES, MD5, SHA-1 and SHA-2; up to 50 IPsec tunnel[...]

F e a t u r e s Built-in VPN Endpoint Full VPN Endpoint with support for up to 50 VPN tunnels using the IPsec encryption protocol. Multiple Connection Methods All popular DSL and Cable Modems and connection methods are supported, including Fixed IP , Dynamic IP , PPPoE, even multiple-session PPPoE. 2 x 10/100 W AN Ports The XC-DPG503 incorporates d[...]

Other Features: DHCP Server Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request. The XC-DPG503 can act as a DHCP Server for devices on your local LAN. Multi Segment LAN Support LANs containing one or more segments are supported via the XC-DPG503’s built-in static routing table. ARP prox[...]

Twin WAN VPN Gateway XC-DPG503 F ront P anel: Operation of the Front Panel LEDs is as follows: System: Power OFF - No Power . ON - Normal Operation Status OFF - Normal Operation ON - Firmware not loaded or Hardware Error Blinking - Data in/out W AN: LINK/ACT ON - Physical connection to the Broadband modem on W AN port 1/2 established. OFF - No phys[...]

Ph ysical Details LAN Ports WAN1 WAN2 Reset DC 5V F ront P anel Status and Error c onditions LED Action Condition W AN1 LINK/ACT & 10M/100M LEDs flash alternatively . Firmware Download in progress. W AN1 LINK/ACT & 10M/100M LEDs flash concurrently . MAC address not assigned. W AN1 LINK/ACT & 10M/100M LEDs solid On SDRAM error W AN2 LI[...]

Chapter 2 - Basic Setup Overview Basic setup of your XC-DPG503 wil involve the following steps: 1. Connect the XC-DPG503 to one (1) PC and configure it to your existing LAN. 2. Connecting one or two Broadband Modems to your XC-DPG503. 3. Configuring the XC-DPG503 for Interent Access. 4. Configuring all PCs on your LAN to use the XC-DPG503. Requi[...]

C onfigur ing the X C-DPG503 f or your LAN a 1. 2. 3. 4. 5. 6. 7. 8. 9. Procedur e Use a standard LAN cable to connect your PC to any LAN port on the XC-DPG503. Connect the power adapter and power up the XC-DPG503. Only use the power adapter provided with the product; using a different one may cause hardware damage. Start your PC or restart your PC[...]

Ensure these settings are suitable for your LAN: • The default settings are suitable for many situations. • See the following table for details of each setting. Figure 3. LAN & DHCP C onfigur ing the X C-DPG503 f or your LAN 11[...]

LAN Ports WAN1 WAN2 Reset DC 5V C onnec ting two br oadband modems a 1. 2. 3. 4. 5. Procedur e Ensure the XC-DPG503 and the DSL/Cable modem are powered OFF . Leave the modem or modems connected to their data line. Connect the Broadband modem(s) to the XC-DPG503. If using only one (1) Broadband modem, connect it to the “WAN 1” port. Use standard[...]

Select Primary Setup from the menu. Configure WAN 1 and/or W AN 2 as required. For any of the following situations, refer to Chapter 3: Advanced Port Setup for any further configuration which may be required such as: • Using both ports • Multiple IP addresses on either port • Multiple PPPoE sessions • PPTP connection method 1. 2. Settings[...]

C onfigure PCs on your LAN Over view For each PC, the following may need to be configured: TCP/IP network settings Internet Access configuration T CP/IP Settings When using Windows 95/98/ME/2000/XP and the XC-DPG503’s TCP/IP default settings, no changes need to be made. Just start or reboot your PC. By default, the XC-DPG503 will act as a DHCP [...]

For Apple Clients Open the TCP/IP Control Panel. Select Ethernet from the Connect via pop-up menu. Select Using DHCP Server from the Configure pop-up menu. The DHCP Client ID field can be left blank. Close the TCP/IP panel, saving your settings. Note: If using manually assigned IP addresses instead of DHCP , the required changes are: • Set the [...]

Chapter 3 - A dvanced P or t Overview Port Options contains some options which can be set on either or both W AN ports. For most situations, the default values are satisfactory .Virtual Server Load Balance screen is only functional if you are using both W AN ports. It allows you to determine the proportion of W AN traffic sent through each port. A[...]

P or t Options Figure 6. Port Options Connection V alidation PPPoE / PPtP Connection Options T ransparent Bridge Mode Health Check Use this field to select the type of connection validation to perform. When set to ICMP , the XC-DPG503 sends out ICMP echo requests. When set to HTTP , the XC- DPG503 requests web pages. Alive Indicator This is the IP[...]

L oad Balance Figure 7. Load Balance Console Configuring Load Balancing The T win WAN line of products uses a session based Load Balancing algorithm by allowing you to manage sessions using several different options: Bytes rx+tx By monitoring real time speed of both WAN connections, the XC-DPG503 will establish new sessions on the WAN port with th[...]

A dvanced PPP oE Figure 8. Advanced PPP oE Settings - Advanced PPPoE W AN Port PPPoE Session Select the desired Port and Session, then click the “Select” button. The data for the selected Port/Session will then be displayed in the W AN IP Account section. W AN IP Account • User Name – Enter the PPPoE user name assigned by your ISP . • Pas[...]

A dvanced PPTP Figure 9. Advanced PPTP Settings - Advanced PPTP W AN Port Select the desired Port and click the “Select” button. The data for the selected Port will then be displayed in the W AN IP Account section. W AN IP Account • User Name – The PPTP user name (login name) assigned by your ISP . • Password – This field is associated[...]

21 Chapter 4 - A dvanced Setup Overview The following advanced features are provided. Host IP Setup Virtual Server Custom Virtual Server Special Applications Dynamic DNS Multi DMZ Advanced Features UPnP This chapter contains details of the configuration and use of each of these features. XC-DPG503 T win W AN VPN Gateway Chapter C ontents • Host [...]

Host IP Host IP This feature is used in the following situations: When you have Multi-Session PPPoE and wish to bind each session to a particular PC on your LAN. When you wish to use the Access Filter feature. This requires that each PC be identified by using the Host IP Setup screen. When you wish to have different Block URL settings for differen[...]

V ir tual Ser vers Figure 10. Virtual Ser vers Vir tual Ser vers This feature allows you to make Servers on your LAN accessible to Internet users. Normally , Internet users would not be able to access a server on your LAN because: Y our Server’s IP address is only valid on your LAN, not on the Internet. Attempts to connect to devices on your LAN [...]

C ustom Vir tual Ser vers Settings - Custom Vir tual Ser vers Select Custom Server Name Server List If creating a new entry , ignore this list. T o edit an existing entry , select it, and then click the “Select” button. The screen will update with data for the selected entry . Custom Server Configuration This data defines the Custom Virtual S[...]

Special Applications Settings - Special Applications Select Special Application Name Select Name Item This lists any special applications which are currently defined. • Ignore this list if adding a new Special Application. Enter your data in the Special Application Configuration section, and click the “Add” button. • T o edit an existing [...]

D ynamic DNS Dynamic DNS Dynamic DNS is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your V irtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect to your ISP . [...]

Multi DMZ & UP nP Dynamic DNS This feature allows each W AN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that W AN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC. This allows unrestricted 2-way communication between th[...]

A dvanced F eatures Advanced F eatures NA T – NA T (Network Address T ranslation) is the technology which allows a number of LAN PCs to share one (1) Internet IP address. Remote Access Configuration – This feature allows you to manage the XC-DPG503 via the Internet. Y ou can restrict access to a specified IP address or address range. External[...]

A dvanced F eatures (c ontinued) Using Remote W eb-based Setup T o connect to the XC-DPG503 from a remote PC via the Internet: 1. Ensure that both your PC and the XC-DPG503 are connected to the Internet. 2. Start your Web Browser . 3. In the Address bar enter: HTTP:// (Internet IP Address of the XC-DPG503) The Port number is also required. (After t[...]

Chapter 5 - Securit y Management Overview Block URL - This feature blocks specific web sites by IP address, URL, or keywords. Access Filter - Block all Internet access, well-known ports, or block user define ports by groups. Session Limit - Eliminate users’ Internet access and send email alert to the administrator if the device detects new sess[...]

Block URL Block URL This feature allows you to block access to undesirable Web sites. Y ou can block by URL, IP address, or Keyword. Y ou can also have different blocking settings for different groups of PCs. Every URL is searched to see if it matches or contains any of the URL or keywords entered here. After a DNS lookup determines the IP address [...]

Session Limit & F irew all Exc eption Session Limit This new feature allows to drop the new sessions from both W AN and LAN side. If the new sessions number are exceed the maximum sessions in a sampling time. Settings - Session Limit Firewall Exception System Firewall Exception Rules: The rules with which any received packets is complied, the p[...]

Chapter 6 - QoS C onfiguration Overview The XC-DPG503 provides QoS, which supports the high quality of network service. Classifying outgoing packets based on some policies defined by users provides real-time applications to get better response or performance. Settings - QoS Setup QoS Feature • Enable QoS – This will allow users enable QoS fun[...]

Chapter 7 - VPN Configura tion Overview Virtual Private Network (VPN) uses encryption to connect computers over a public network such as the Internet. Encrypted connections between computers are commonly referred to as a tunnel . These secure tunnels permit sending private data from one computer to another without the risk of unauthorized access f[...]

IPSec Global S ettings IPSec Global Setting IP Global Setting Enable Enabling either WAN 1, W AN 2, or both will start the VPN global setting. ISAkmp Port Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify , and delete security associations and their attributes. In particular , it was assi[...]

P olic y Setup VPN Policy Setup IPSec Traffic Binding VPN T unnel List It shows the tunnels that you have entered. The router can setup up to 50 tunnels T unnel Name This distinguishes different “tunnels” by name. T unnel The tunnel can only be connected when the Enable check box is selected. W AN port Y ou can choose WAN1, W AN2 or Any to mak[...]

P olic y Setup VPN Policy Setup (continued) Key Management Key - Key T ype: There are two key types (manual key and auto key) available for the key exchange management. Manual Key: If manual key is selected, no key negotiation is needed. Encryption Key - This field specifies a key to encrypt and decrypt IP traffic. Authentication Key - This fie[...]

Chapter 8 - Management Assistan t SNMP - Simple Network Management Protocol This section is to compliment any SNMP (Simple Network Management Protocol) software installed on your PC. If you have SNMP software, you can use a standard MIB II file with the XC-DPG503. Settings - SNMP System Information • Contact Person - The name of the person respo[...]

Management Assistant Email Aler t (continued) Email (SMTP) Server Address This field sets the email sever’s address for the warning email will be sent to. (Email Alert must be enabled) For example: mail.domain.com Email Recipient Address This field sets the email address for the warning email will be sent to. This is usually the system administ[...]

Management Assistant Admin Pass word Scr een The password screen allows you to assign a password to the XC-DPG503. Enter the desired password. Re-enter the password in the V erify Password field and then save it. When you connect to the XC-DPG503 with your Browser , you will be prompted for the password when you connect, as shown below . Enter “[...]

Management Assistant Example of how to configure to save file. Uploading the Firmw are Using the TFTP utility you are able to update the firmware on the XC-DPG503, this is useful when you also need to recover the router from a crash. T o upload the firmware to the router: 1. Open the TFTP utility by double-clicking on it. 2. Enter the routers I[...]

Chapter 9 - Oper ation & Status Operation & Status Overview Once both the XC-DPG503 and the PCs are configured, operation is automatic. However , there are some situations where additional Internet configuration may be required (Refer to Chapter 4 - Advanced Features for further details) System Status W AN Information Connection Status ?[...]

Operation & Sta tus R estor e Factor y Defaults When the “Restore Factory Defaults” button on the Status screen above is clicked, the following screen is displayed. If the “Restore Default V alue” button on this screen is clicked: • ALL of your settings will be erased. • The default IP address, password and ALL other settings will b[...]

44 Chapter 10 - A dvanced LAN C onfiguration Overview These settings are provided to deal with non-standard situations or to provide additional options for advanced users. Existing DHCP Server If your LAN already has a DHCP Server , and you wish to continue using it, the following configuration is required. The DHCP Server function in the XC-DPG5[...]

45 A dvanced LAN C onfiguration Static R outing This section is only relevant if your LAN has other Routers or Gateways. If you do not have other Routers or Gateways on your LAN, skip the Static Routing page. If your LAN has other Gateways and Routers, you must configure the Static Routing screen as described below . Y ou also need to configure t[...]

46 A dvanced LAN C onfiguration For the XC-DPG503 Gateway’ s Routing T able Entry 1 (Segment 1) Destination IP Address 192.168.2.0 Network Mask 255.255.255.0 Gateway IP Address 192.168.1.100 Interface LAN Metric 2 Entry 2 (Segment 2) Destination IP Address 192.168.3.0 Network Mask 255.255.255.0 (Standard Class C) Gateway IP Address 192.168.1.100 [...]

47 Appendices Appendix A Specifications Model XC-DPG503 Dimensions 245mm (W) x 137mm (D) x 30mm (H) Operating T emperature 0° C to 40° C Storage T emperature -10° C to 70° C Network Protocol TCP/IP Network Interface 6 Ethernet: 4 x 10/100BaseT (RJ45) auto-Switching Hub ports for LAN devices 2 x 10/100BaseT (RJ45) for W AN LEDs 8 LAN 4 WAN 1 St[...]

48 Appendices Appendix B W indows T CP/IP Setup T CP/IP Settings If using the default XC-DPG503 settings, and the default Windows 95/98/ ME/2000 TCP/IP settings, no changes need to be made. By default, the XC-DPG503 will act as a DHCP Server and automatically provide a suitable IP Address (and related information) to each PC when the PC boots. For [...]

49 Appendices On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty , enter the DNS address provided by your ISP in the fields beside the Add button, then click Add . Figure D. DNS T ab (Windows 95/98) Checking T CP/IP Settings - W indows 2000: 1. Select Control Panel - Network and Dial-up Conne[...]

Appendices Appendices 50 Checking T CP/IP Settings - W indows XP: 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties . Y ou should see a screen like the following: Figure G. Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties bu[...]

Appendices Appendices 51 Appendix C T roubleshooting Overview This chapter covers some common problems that may be encountered while using the XC-DPG503 and some possible solutions to them. If you follow the suggested steps and the XC-DPG503 still does not function properly , contact XiNCOM for further advice. General Pr oblems Problem: I can’t c[...]