dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 2 Thursday , No vem ber 7 , 2002 3:09 PM 3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
dua08 569-5aaa02.bo o k Pag e 3 Thursday , No vem ber 7 , 2002 3:09 PM CONTENTS Contents 3 About This Guide 7 Naming Convention Conventions 7 Setting Up Your Computers 19 Obtaining an IP Address Automatically 19 Windows 2000, XP 19 Windows 95, 98, ME 20 Macintosh OS 8.5, 9.
dua08 569-5aaa02.
dua08 569-5aaa02.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 7 Thursday , No vem ber 7 , 2002 3:09 PM ABOUT THIS GUIDE This guide is intended for use by those responsible for installing and setting up network equipment; consequently, it assumes a basic working knowledge of LANs (Local Area Networks) and Internet gateway systems. Conventions Table 1 and Table 2 list conventions that are used throughout this guide.
dua08 569-5aaa02.bo o k Pag e 8 Thursday , No vem ber 7 , 2002 3:09 PM Table 2 Do not use this e-mail address for technical support questions. For information about contacting Technical Support, please refer to the Support and Safety Information sheet. Text Conventions (continued) Convention Description Words in italics Italics are used to: ■ Emphasize a point. ■ Denote a new term at the place where it is defined in the text. ■ Identify menu names, menu commands, and software button names.
dua08 569-5aaa02.bo o k Pag e 9 Thursday , No vem ber 7 , 2002 3:09 PM INTRODUCING THE OFFICECONNECT CABLE/DSL SECURE GATEWAY Welcome to the world of networking with 3Com®. In the modern business environment, communication and sharing information is crucial. Computer networks have proved to be one of the fastest modes of communication but, until recently, only large businesses could afford the networking advantage.
dua08 569-5aaa02.bo o k Pag e 10 Thursday , No vem ber 7 , 2002 3:09 PM Figure 2 Example Network Using a Cable/DSL Secure Gateway Cable/DSL Secure Gateway Advantages Your existing Cable/DSL Modem The advantages of using a Gateway include: Internet OfficeConnect Cable/DSL Secure Gateway ■ Shared Internet connection. ■ No need for a dedicated, “always on” computer serving as your Internet connection. ■ Cross-platform operation for compatibility with Windows, Unix and Macintosh computers.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 12 Thursday , No vem ber 7 , 2002 3:09 PM normal operation. See “Recovering from Corrupted Software” on page 69. Front Panel The front panel of the Gateway contains a series of indicator lights (LEDs) that help describe the state of various networking and connection operations. Figure 3 1 2 On for 2 seconds, and then off The Gateway has detected and prevented a hacker from attacking your network from the Internet.
dua08 569-5aaa02.bo o k Pag e 13 Thursday , No vem ber 7 , 2002 3:09 PM ■ the connected device is switched off ■ there is a problem with the connection. “Troubleshooting” on page 67. Rear Panel The rear panel (Figure 4) of the Gateway contains four LAN ports, one Ethernet Cable/DSL port, and a power adapter socket.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 15 Thursday , No vem ber 7 , 2002 3:09 PM INSTALLING THE GATEWAY When positioning your Gateway, ensure: Introduction This chapter will guide you through a basic installation of the OfficeConnect Cable/DSL Secure Gateway, including: ■ Connecting the Gateway to the Internet. ■ Connecting the Gateway to your network.
dua08 569-5aaa02.bo o k Pag e 16 Thursday , No vem ber 7 , 2002 3:09 PM PPPoE DHCP If your ISP allocates IP information dynamically using DHCP they may require you to use keep a fixed MAC Address and Host Name for security purposes.
dua08 569-5aaa02.bo o k Pag e 17 Thursday , No vem ber 7 , 2002 3:09 PM To use your Cable/DSL Secure Gateway to connect to the Internet through an external cable or DSL modem (Figure 5): Powering Up the Gateway 1 Plug the power adapter into the power adapter socket located on the back panel of the Gateway (refer to “Power Adapter socket” on page 13). 1 Use the supplied cable to connect the Gateway's Ethernet Cable/DSL port to your Cable/DSL modem.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 19 Thursday , No vem ber 7 , 2002 3:09 PM SETTING UP YOUR COMPUTERS The OfficeConnect Cable/DSL Secure Gateway has the ability to dynamically allocate network addresses to the computers on your network, using DHCP. However, your computers need to be configured correctly for this to take place. To change the configuration of your computers to allow this, follow the instructions in this chapter. 5 A screen similar to Figure 6 should be displayed.
dua08 569-5aaa02.bo o k Pag e 20 Thursday , No vem ber 7 , 2002 3:09 PM Figure 7 Internet Protocol Properties 3 In the TCP/IP control panel, set Configure: to “Using DHCP Server.” 4 Close the TCP/IP dialog box, and save your changes. 5 Restart your computer. Disabling PPPoE and PPTP Client Software If you have PPPoE or PPTP client software installed on your computer, you will need to disable it. To do this: 7 1 From the Windows Start menu, select Settings > Control Panel.
dua08 569-5aaa02.bo o k Pag e 21 Thursday , No vem ber 7 , 2002 3:09 PM Figure 8 Internet Properties You may wish to remove the PPPoE client software from your computer to free resources, as it is not required for use with the Gateway. Disabling Web Proxy Ensure that you do not have a web proxy enabled on your computer. Go to the Control Panel and click on Internet Options. Select the Connections tab and click on LAN Settings at the bottom. Make sure that the Use Proxy Server option is unchecked.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 23 Thursday , No vem ber 7 , 2002 3:09 PM RUNNING THE SETUP WIZARD If the Gateway needs to be configured, for example if it has not yet been used or has been reset, it will run the Setup Wizard automatically. This detects some of the settings the Gateway needs to function and asks that you input the others. The Login screen, as shown in Figure 10, should appear in your browser. If it does not, refer to “Troubleshooting” on page 67.
dua08 569-5aaa02.bo o k Pag e 24 Thursday , No vem ber 7 , 2002 3:09 PM Figure 11 Welcome Screen Figure 12 Wizard Screen Click Next to continue. You will now be guided through the setup of your Gateway. If the Wizard does not launch automatically (this may occur if the Gateway has been powered up or configured previously) you can launch the Wizard manually.
dua08 569-5aaa02.bo o k Pag e 25 Thursday , No vem ber 7 , 2002 3:09 PM Figure 13 To set the Gateway to World Time (UTC): Change Administration Password Screen 1 Select (GMT) Greenwich Mean Time from the drop-down menu. 2 Ensure that the Enable Daylight Saving box is cleared. 3 Click Next to continue. Figure 14 Time Zone Screen Choose a password that you can remember but that others are unlikely to guess. Remember that the password is case sensitive.
dua08 569-5aaa02.bo o k Pag e 26 Thursday , No vem ber 7 , 2002 3:09 PM Auto-Configuration Settings Internet Settings If the Gateway is able to detect a PPPoE or DHCP server on its Ethernet Cable/DSL port then it will offer you the option of configuring its Internet settings automatically. As an example, the Auto-Configuration screen for PPPoE is shown in Figure 15 below. The Internet Settings window allows you to set up the Gateway for the type of Internet connection you have.
dua08 569-5aaa02.bo o k Pag e 27 Thursday , No vem ber 7 , 2002 3:09 PM Static IP Mode Dynamic IP Address Mode To setup the Gateway for use with a static IP address connection, use the following procedure: To setup the Gateway for use with a dynamic IP address connection: Figure 17 Figure 18 Static IP Mode Screen 1 Enter your IP Address in the IP Address text box. 2 Enter your subnet mask in the Subnet Mask text box.
dua08 569-5aaa02.bo o k Pag e 28 Thursday , No vem ber 7 , 2002 3:09 PM Figure 19 PPPoE Mode Clone MAC Address Screen To setup the gateway for use with a PPP over Ethernet (PPPoE) connection, use the following procedure: Figure 20 4 If your ISP requires an assigned MAC address, select the appropriate radio button: ■ ■ Yes, please clone the MAC address from the PC I’m currently using if the computer you are using now is the one that was previously connected directly to the cable or DSL modem.
dua08 569-5aaa02.bo o k Pag e 29 Thursday , No vem ber 7 , 2002 3:09 PM 4 If your ISP requires the addresses of a Primary and Secondary DNS Server then enter them in the fields labelled Primary DNS Address and Secondary DNS Address. 2 Enter your PPTP user name in the PPTP User Name text box. 3 Enter your PPTP password in the PPTP Password text box. 4 Enter your primary DNS address in the Primary DNS Address text box.
dua08 569-5aaa02.bo o k Pag e 30 Thursday , No vem ber 7 , 2002 3:09 PM Choosing your LAN Settings The LAN settings screen, shown in Figure 23 below, displays the Gateway’s current IP address and subnet mask. If this is the first time the Wizard has been run it will display the default address and subnet mask. Figure 23 LAN IP Address Screen 2 Enter your chosen subnet mask in the Subnet Mask field. This should be large enough to contain all your computers and other network devices. The default (255.255.
dua08 569-5aaa02.bo o k Pag e 31 Thursday , No vem ber 7 , 2002 3:09 PM Figure 24 Click Next when you have finished. DHCP Server Setup Screen Viewing the Summary When you complete the Setup Wizard, a configuration summary will display. See Figure 25 below. Verify the configuration information of the Gateway and click Finish to save your settings and restart the Gateway.
dua08 569-5aaa02.bo o k Pag e 32 Thursday , No vem ber 7 , 2002 3:09 PM If want to make changes, click the Back button until you reach the screen which contains the settings you want to change and follow the instructions from that point. Your Gateway is now configured. You can start using your Gateway straight away or further configure your Gateway (see “Gateway Configuration” on page 33).
dua08 569-5aaa02.bo o k Pag e 33 Thursday , No vem ber 7 , 2002 3:09 PM GATEWAY CONFIGURATION This chapter describes all the options available through the Gateway configuration pages, and is provided as a reference. ■ LAN Settings — allows you to configure IP address and subnet mask information, set up DHCP server parameters, and display the DHCP client list.
dua08 569-5aaa02.bo o k Pag e 34 Thursday , No vem ber 7 , 2002 3:09 PM Changing the Administration Password Welcome Screen You should change the password to prevent unauthorized access to the Administration System. The Welcome section allows you to view the Notice board and to change your Password. You can also gain access to the Configuration Wizard. See “Accessing the Wizard” on page 23 for details.
dua08 569-5aaa02.bo o k Pag e 35 Thursday , No vem ber 7 , 2002 3:09 PM Setup Wizard Figure 29 LAN IP Settings The Unit Configuration screen allows you to change the TCP/IP settings of your Gateway and its DHCP server. Wizard Screen Figure 30 Unit Configuration Screen Click the WIZARD... button to launch the configuration wizard. Refer to “Running the Setup Wizard” on page 23 for information on how to run the wizard.
dua08 569-5aaa02.bo o k Pag e 36 Thursday , No vem ber 7 , 2002 3:09 PM If you intend to use the Gateway to control the permissions of individual machines on your network then you must use the Gateway’s DHCP server to allocate addresses (or use static addressing). If you use another DHCP server you may get unexpected results. See “PC Privileges” on page 47. When changing the IP Address of the Gateway choose an address that will be unique in your network and in your network’s subnet.
dua08 569-5aaa02.bo o k Pag e 37 Thursday , No vem ber 7 , 2002 3:09 PM DHCP Clients List Expired leases are only reused when there are no free leases available. When an expired lease is re-issued the oldest lease that is not a fixed association is used. The DHCP Clients screen provides details of the devices that have been given IP addresses by the Gateway’s DHCP server. For each device that has been granted a lease, the IP address, Host Name and MAC address of that device is displayed.
dua08 569-5aaa02.bo o k Pag e 38 Thursday , No vem ber 7 , 2002 3:09 PM Figure 32 Fixed DHCP Mapping Screen 2 ■ ISP Gateway ■ DNS address(es) Dynamic IP Address (DSL or Cable) Dynamic IP addressing (or DHCP) automatically assigns the Gateway IP information. This method is popular with Cable providers. This method is also used if your modem has a built in DHCP server. 3 If the installation instructions that accompany your modem ask you to install a PPPoE client on your PC, then select this option.
dua08 569-5aaa02.bo o k Pag e 39 Thursday , No vem ber 7 , 2002 3:09 PM Connection to ISP Select the addressing method that your ISP uses to allocate your Gateway’s Internet IP address. Choose from the options in the IP Allocation Mode drop-down box and the screen will refresh with options relevant to that choice. This option, shown in Figure 33, allows you to change the method your Gateway uses to connect to your ISP.
dua08 569-5aaa02.bo o k Pag e 40 Thursday , No vem ber 7 , 2002 3:09 PM Configuring a Static IP Address ■ If your ISP has allocated you one or more static addresses you will have selected Static IP address (to be specified manually) as your IP Allocation Mode. Subnet Mask — The subnet mask supplied by your ISP for this connection. ■ ISP Gateway Address — The Gateway address from your ISP to the Internet. ■ Primary DNS Address — The address of your ISP’s Domain Name Service server.
dua08 569-5aaa02.bo o k Pag e 41 Thursday , No vem ber 7 , 2002 3:09 PM Configuring a Dynamic IP Address ■ If your ISP has allocated you a dynamic address using DHCP you will have selected Dynamic IP address (automatically allocated) as your IP Allocation Mode. Subnet Mask — The subnet for the address is automatically configured but is not displayed. ■ ISP Gateway Address — The gateway address from your ISP to the Internet is automatically configured but is not displayed.
dua08 569-5aaa02.bo o k Pag e 42 Thursday , No vem ber 7 , 2002 3:09 PM Configuring a PPPoE connection If your ISP has allocated you a dynamic address using PPPoE you will have selected PPPoE (PPP over Ethernet) as your IP Allocation Mode. Figure 36 PPPoE Setup Screen ■ PPPoE User Name — The user name you use to access your ISP. ■ PPPoE Password — The password you use to access your ISP. ■ PPPoE Service Name — Your ISP may require you to specify a service name for your connection.
dua08 569-5aaa02.bo o k Pag e 43 Thursday , No vem ber 7 , 2002 3:09 PM Configuring a PPTP connection ■ PPTP User Name - The user name you use to access your ISP. If your ISP has allocated you a dynamic address using PPTP you will have selected PPTP (used by some European providers) as your IP Allocation Mode. ■ PPTP Password - The password you use to access your ISP. ■ Primary DNS Address - The address of your ISP’s Domain Name Service server is automatically configured and is not editable.
dua08 569-5aaa02.bo o k Pag e 44 Thursday , No vem ber 7 , 2002 3:09 PM Figure 38 One-to-Many and One-to-One NAT Figure 39 Network Address Translation Screen One-to-Many NAT 172.16.57.52 192.168.1.100 192.168.1.101 192.168.1.102 One-to-One NAT 172.16.57.52 Setting up One-to-Many NAT 172.16.57.53 This is very easy to set up and the Gateway’s default mode. It works with any IP Allocation Mode and will map all the addresses on your LAN to the Internet address of your Gateway.
dua08 569-5aaa02.bo o k Pag e 45 Thursday , No vem ber 7 , 2002 3:09 PM Setting up One-to-One NAT To set up One-to-One NAT: The following criteria must be met to be able to use One-to-One NAT: ■ You must have a static Internet IP address for every computer on your network plus one for the Gateway itself.
dua08 569-5aaa02.bo o k Pag e 46 Thursday , No vem ber 7 , 2002 3:09 PM Figure 41 To configure one of your computers as a DMZ host, select Redirect Request to Virtual DMZ Host and enter the IP address of the computer in the IP Address of DMZ Host text box, and then click SAVE. Virtual Servers Screen Creating a Virtual Server Activating and configuring a virtual server allows one or more of the computers on your network to function as an Internet service host.
dua08 569-5aaa02.bo o k Pag e 47 Thursday , No vem ber 7 , 2002 3:09 PM Figure 42 PC Privileges Virtual Servers Settings Screen Select PC Privileges to display the PC Privileges setup screen. This is shown in Figure 44 below. The Gateway’s DHCP server has been enhanced to support PC Privileges. If you want to use DHCP and control access to the Internet on a user by user basis then you must either use the Gateway’s DHCP server or static addressing.
dua08 569-5aaa02.bo o k Pag e 48 Thursday , No vem ber 7 , 2002 3:09 PM PC Privileges allows you to assign different access rights for different computers on your network, restricting this access and controlling your users’ access to outside resources. ■ Enter multiple ports as either a comma separated list e.g. 101, 105, 107, or as a range, e.g. 101-107. To use access control for all computers: 1 Click the Control PC Access to the Internet radio button.
dua08 569-5aaa02.bo o k Pag e 49 Thursday , No vem ber 7 , 2002 3:09 PM 5 VPN connections to other networks are unaffected by settings in PC Privileges. To allow or deny VPN connections to other networks see “Configuring VPNs” on page 53. Either: ■ Enter the additional services that you wish to allow in the except (specify ports) box and set the drop down box to Allow. ■ Enter the services that you wish to deny in the except (specify ports) box and set the drop down box to Deny.
dua08 569-5aaa02.bo o k Pag e 50 Thursday , No vem ber 7 , 2002 3:09 PM Adding and Editing Special Applications So that these special applications can work properly and are not blocked, the firewall needs to be told about them. In each instance there will be an outgoing trigger which tells the Gateway’s firewall that the application has started and to allow the incoming connections.
dua08 569-5aaa02.bo o k Pag e 51 Thursday , No vem ber 7 , 2002 3:09 PM Figure 49 CAUTION: Selecting Multiple Hosts Allowed weakens the security that your Gateway’s firewall is able to provide and should only be used if the special application requires it. Custom Special Applications Setup Screen ■ Timeout — Enter the number of seconds the Gateway should wait for the first reply from the special application server before it abandons the connection. The default Timeout is three seconds.
dua08 569-5aaa02.bo o k Pag e 52 Thursday , No vem ber 7 , 2002 3:09 PM Advanced The options on this screen enable you to allow PING from the internet and to disable the firewall as shown below: Select Advanced to display the Advanced Settings screen. See Figure 50 below. Figure 50 ■ Advanced Settings Screen Allow PING from the Internet — PING is a utility, which is used to determine whether a device is active at the specified IP address.
dua08 569-5aaa02.bo o k Pag e 53 Thursday , No vem ber 7 , 2002 3:09 PM ■ Configuring VPNs A Virtual Private Network (VPN) is a secure tunnel between networks or between a network and a user. The Gateway supports both network to network connections and network to remote client connections. Enabling IPSec VPN will disable pass-through to IPSec and L2TP/IPSec Virtual Servers on the LAN. Enabling L2TP over IPSec will disable pass-through to IPSec and L2TP/IPSec Virtual Servers on the LAN.
dua08 569-5aaa02.bo o k Pag e 54 Thursday , No vem ber 7 , 2002 3:09 PM Figure 51 VPN Mode Screen ■ The IPSec Shared Key. This is the key for the connection and is a combination of letters, numbers and punctuation and can be up to 64 characters in length. 3Com recommends that the key and password are not the same. The user will need to know the IPSec Shared Key to enable connection. ■ In the Encryption Level field, choose either Allow DES tunnels or Allow 3DES tunnels.
dua08 569-5aaa02.bo o k Pag e 55 Thursday , No vem ber 7 , 2002 3:09 PM Viewing VPN Connections PPTP Configuration To set up the Gateway for PPTP you must allocate IP addresses from the Gateway’s LAN for use with PPTP. The connections made by PPTP will appear to come from these addresses. The addresses must be in a continuous range. The VPN Connections Screen shows information about the IPSec, L2TP over IPSec, and PPTP connections made by the Gateway.
dua08 569-5aaa02.bo o k Pag e 56 Thursday , No vem ber 7 , 2002 3:09 PM ■ Name — Identifies the tunnel. Clicking the name of a connection displays the Edit VPN Connection screen. See “Adding and Editing VPN Connections” below. ■ Description — A text description that enables you to identify a connection. This field in the table additionally displays whether the connection is currently active. ■ Type — Indicates the type of connection.
dua08 569-5aaa02.bo o k Pag e 57 Thursday , No vem ber 7 , 2002 3:09 PM Depending on which Tunnel Type you have selected, choose from the following to edit or add the remaining fields: ■ “IPSec Connections using Remote User Access” on page 57 ■ “IPSec Connections using Gateway to Gateway” on page 57 ■ “L2TP over IPSec Connections” on page 59 ■ “PPTP Connections” on page 60 ■ 3DES is not shipped with the Gateway as standard due to international restrictions on encryption.
dua08 569-5aaa02.bo o k Pag e 58 Thursday , No vem ber 7 , 2002 3:09 PM Figure 54 IPSec Connection - Gateway to Gateway ■ Encryption type — choose the encryption type from DES or 3DES. 3DES is more secure but may take longer to encrypt and decrypt. 3DES is not shipped with the Gateway as standard due to international restrictions on encryption. If your country permits its use it can be downloaded from the 3Com web site at http://www.3com.
dua08 569-5aaa02.bo o k Pag e 59 Thursday , No vem ber 7 , 2002 3:09 PM Gateway Two is located at the sales office and is configured with the following settings: 9 10 Enter a password in the Tunnel Shared Key field in both Gateways. The example uses TYP0249//23b as the shared key. LAN IP address: 192.168.2.1 11 Choose DES as the Encryption Type. Remote Subnet Mask: 255.255.255.0 12 Choose SHA-1 as the Hash Algorithm.
dua08 569-5aaa02.bo o k Pag e 60 Thursday , No vem ber 7 , 2002 3:09 PM Editing IPSec Routes Click Apply to save your changes or Close to return without saving. When you have created a user account the user will need to know in order to enable connection. This screen allows you to add and replace networks in the existing IPSec Route. See Figure 57 PPTP Connections To do this: If you have selected PPTP as a Tunnel Type, enter the following: 1 Select edit to display the Edit Route screen. (Figure 58).
dua08 569-5aaa02.bo o k Pag e 61 Thursday , No vem ber 7 , 2002 3:09 PM Figure 57 IPSec Routes Accessing the System Tools The System Tools menu includes four administration items: Restart, Time Zone, Configuration, and Upgrade. See Figure 59. Restart Pressing the Restart the Gateway button has the same effect as power cycling the unit. No configuration information will be lost but the log files will be erased.
dua08 569-5aaa02.bo o k Pag e 62 Thursday , No vem ber 7 , 2002 3:09 PM Any network users who are currently accessing the Internet will have their access interrupted whilst the restart takes place, and they may need to reboot their computers when the restart has completed and the Gateway is operational again. The Gateway reads the correct time from NTP servers on the Internet and sets its system clock accordingly.
dua08 569-5aaa02.bo o k Pag e 63 Thursday , No vem ber 7 , 2002 3:09 PM ■ If you want to reinstate the configuration settings previously saved to a file, click Browse to locate the backup file on your computer, and then RESTORE to copy the configuration back to the Gateway. Figure 62 Upgrade Screen For security purposes restoring the configuration does not change the password. ■ If you want to reset the settings on your Gateway to those that were loaded at the factory, click RESET.
dua08 569-5aaa02.bo o k Pag e 64 Thursday , No vem ber 7 , 2002 3:09 PM The upgrade procedure can take a few minutes, and is complete when the Alert LED has stopped flashing and is permanently off. Make sure that you do not interrupt power to the Gateway during the upgrade procedure; if you do, the software may be corrupted and the Gateway may not start up properly afterwards. If the Alert LED comes on continuously or flashing slowly after a failed upgrade, refer to “Troubleshooting” on page 67.
dua08 569-5aaa02.bo o k Pag e 65 Thursday , No vem ber 7 , 2002 3:09 PM Figure 64 Log Settings Screen Obtaining Support and Feedback for your Gateway Selecting Support/Feedback on the main menu generates both: ■ The support links screen, which contains a list of Internet links that provide information and support concerning the Gateway.
dua08 569-5aaa02.bo o k Pag e 66 Thursday , No vem ber 7 , 2002 3:09 PM ■ The feedback links screen, which contains an Internet link to the 3Com website so that you can provide feedback on the product.
dua08 569-5aaa02.bo o k Pag e 67 Thursday , No vem ber 7 , 2002 3:09 PM TROUBLESHOOTING ■ Ensure that you have configured your computer as described in “Setting Up Your Computers” on page 19. Restart your computer while it is connected to the Gateway to ensure that your computer receives an IP address. ■ When entering the address of the Gateway into your web browser, ensure that you include the full URL including the http:// prefix. (e.g. http://192.168.1.
dua08 569-5aaa02.bo o k Pag e 68 Thursday , No vem ber 7 , 2002 3:09 PM Connecting to the Internet Forgotten Password If you can browse to the Gateway configuration screens but cannot access sites on the Internet, check the following: ■ Confirm that the physical connection between the Gateway and the Cable/DSL modem is OK, and that the link status LEDs on both Gateway and modem are illuminated. ■ Confirm that the connection between the modem and the Cable/DSL interface is OK.
dua08 569-5aaa02.bo o k Pag e 69 Thursday , No vem ber 7 , 2002 3:09 PM 6 are happening frequently in which case you may wish to discuss this with your ISP. The Gateway logs such attacks, and this information is available through the configuration screens. Re-apply power to the Gateway, and when the start-up sequence has completed, browse to: http://192.168.1.1 and run the configuration wizard. You may need to restart your computer before you attempt this.
dua08 569-5aaa02.bo o k Pag e 7 0 Thursday , No vem ber 7 , 2002 3:09 PM 5 Follow the on-screen instructions. Enter the path and filename of the software image file. Does the Gateway support virtual private networks (VPNs)? 6 When the upload has completed, the Gateway will restart, run the self-test and, if successful, resume normal operation. The Alert LED will go out.
dua08 569-5aaa02.bo o k Pag e 7 1 Thursday , No vem ber 7 , 2002 3:09 PM USING DISCOVERY 2 Running the Discovery Application 3Com provides a user-friendly Discovery application for detecting the OfficeConnect Cable/DSL Secure Gateway on the network. When the Welcome screen is displayed click on Next and wait until the application discovers the Gateways connected to your LAN.
dua08 569-5aaa02.bo o k Pag e 7 2 Thursday , No vem ber 7 , 2002 3:09 PM 3 Figure 68 shows an example Discovered Devices screen. Highlight the Cable/DSL Secure Gateway by clicking on it, and press Next. Figure 69 4 Discovery Finish Screen Click on Finish to launch a web browser and display the login page for the Gateway.
dua08 569-5aaa02.bo o k Pag e 7 3 Thursday , No vem ber 7 , 2002 3:09 PM IP ADDRESSING The only value that will be different is the specific host device number. This value must always be unique. The Internet Protocol Suite The Internet protocol suite consists of a well-defined set of communications protocols and several standard application protocols.
dua08 569-5aaa02.bo o k Pag e 7 4 Thursday , No vem ber 7 , 2002 3:09 PM Type Two How does a Device Obtain an IP Address and Subnet Mask? In larger networks, where there are more devices, the IP address of ‘192.168.100.8’ is, again, split into two parts but is structured differently: ■ Part one (‘192.168’) identifies the network on which the device resides. ■ Part two (‘.100.8’) identifies the device within the network. There are three different ways to obtain an IP address and the subnet mask.
dua08 569-5aaa02.bo o k Pag e 7 5 Thursday , No vem ber 7 , 2002 3:09 PM Auto-IP Addressing Network devices use automatic IP addressing if they are configured to acquire an address using DHCP but are unable to contact a DHCP server. Automatic IP addressing is a scheme where devices allocate themselves an IP address at random from the industry standard subnet of 169.254.x.x (with a subnet mask of 255.255.0.0).
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 7 7 Thursday , No vem ber 7 , 2002 3:09 PM TECHNICAL SPECIFICATIONS This section lists the technical specifications for the OfficeConnect Cable/DSL Secure Gateway. Standards Interfaces Functional:ISO 8802/3 IEEE 802.3 Cable or DSL modem connection - one 10/100 Mbps Ethernet port (10BASE-T/100BASE-TX) with auto-MDIX. Safety:UL 60950, EN 60950 CSA 22.2 #60950 IEC 60950 LAN connection - four 10/100 Mbps Ethernet ports (10BASE-T/100BASE-TX) with auto-MDIX.
dua08 569-5aaa02.bo o k Pag e 7 8 Thursday , No vem ber 7 , 2002 3:09 PM System Requirements Operating Systems The Cable/DSL Secure Gateway will support the following Operating Systems: ■ Windows 95, 98, Me ■ Windows NT 4.0 ■ Windows 2000 ■ Windows XP ■ Mac OS 8.5 or higher ■ Unix Ethernet Performance The Cable/DSL Secure Gateway complies to the IEEE 802.3i, u and x specifications.
dua08 569-5aaa02.bo o k Pag e 7 9 Thursday , No vem ber 7 , 2002 3:09 PM SAFETY INFORMATION problem solving actions in this guide, contact your supplier. Important Safety Information WARNING: Warnings contain directions that you must follow for your personal safety. Follow all directions carefully. You must read the following safety information carefully before you install or remove the unit: WARNING: Disconnect the power adapter before moving the unit. WARNING: RJ-45 ports.
dua08 569-5aaa02.bo o k Pag e 8 0 Thursday , No vem ber 7 , 2002 3:09 PM VORSICHT: Die Netzsteckdose muß in der Nähe des Geräts und leicht zugänglich sein. Die Stromversorgung des Geräts kann nur durch Herausziehen des Gerätenetzkabels aus der Netzsteckdose unterbrochen werden. Consignes importantes de sécurité AVERTISSEMENT: Les avertissements présentent des consignes que vous devez respecter pour garantir votre sécurité personnelle. Vous devez respecter attentivement toutes les consignes.
dua08 569-5aaa02.bo o k Pag e 8 1 Thursday , No vem ber 7 , 2002 3:09 PM si l'équipement auquel il est raccordé fonctionne dans les mêmes conditions. AVERTISSEMENT: Il n’y a pas de parties remplaceables par les utilisateurs ou entretenues par les utilisateurs à l’intérieur du moyeu. Si vous avez un problème physique avec le moyeu qui ne peut pas être résolu avec les actions de la résolution des problèmes dans ce guide, contacter votre fournisseur.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 8 3 Thursday , No vem ber 7 , 2002 3:09 PM END USER SOFTWARE LICENCE AGREEMENT Software and Documentation to the party or you must destroy any copies not transferred. Except as set forth above, you may not assign or transfer your rights under this Agreement. 3Com Corporation END USER SOFTWARE LICENSE AGREEMENT Modification, reverse engineering, reverse compiling, or disassembly of the Software is expressly prohibited.
dua08 569-5aaa02.bo o k Pag e 8 4 Thursday , No vem ber 7 , 2002 3:09 PM such termination you agree to destroy the Software and Documentation, together with all copies and merged portions in any form. LIMITED WARRANTIES AND LIMITATION OF LIABILITY: All warranties and limitations of liability applicable to the Software are as stated on the Limited Warranty Card or in the product manual, whether in paper or electronic form, accompanying the Software.
dua08 569-5aaa02.bo o k Pag e 8 5 Thursday , No vem ber 7 , 2002 3:09 PM ISP INFORMATION Information Regarding Popular ISPs Internet Connection Types Characteristics Popular ISPs Internet Connection Types Characteristics Popular ISPs Dynamic IP (Clone MAC) Cable modem ISP, non-hostname based. Need to clone MAC in the DHCP page of router. MediaOne, RoadRunner, Optimum Online, Time Warner, Charter and Adelphia, Metrocast, RCN PPTP Cable or DSL, always on.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 8 7 Thursday , No vem ber 7 , 2002 3:09 PM GLOSSARY 10BASE-T Category 3 Cables The IEEE specification for 10 Mbps Ethernet over Category 3, 4 or 5 twisted pair cable. One of five grades of Twisted Pair (TP) cabling defined by the EIA/TIA-586 standard. Category 3 is voice grade cable and can only be used in Ethernet networks (10BASE-T) to transmit data at speeds of up to 10 Mbps.
dua08 569-5aaa02.bo o k Pag e 8 8 Thursday , No vem ber 7 , 2002 3:09 PM Firewall software that runs on Windows NT Server, and Windows 95 and Windows 98 will call the server to obtain the address. Windows 98 will allocate itself an address if no DHCP server can be found. Electronic protection that prevents anyone outside of your network from seeing your files or damaging your computers. DNS Full Duplex Domain Name System. DNS allows Internet host computers to have a domain name (such as 3com.
dua08 569-5aaa02.bo o k Pag e 8 9 Thursday , No vem ber 7 , 2002 3:09 PM IETF LAN Internet Engineering Task Force. An organization responsible for providing engineering solutions for TCP/IP networks. In the network management area, this group is responsible for the development of the SNMP protocol. Local Area Network.
dua08 569-5aaa02.bo o k Pag e 90 Thursday , No vem ber 7 , 2002 3:09 PM Network Server A Network is a collection of computers and other computer equipment that are connected for the purpose of exchanging information or sharing resources. Networks vary in size, some are within a single room, others span continents. A computer in a network that is shared by multiple end stations. Servers provide end stations with access to shared network services such as computer files and printer queues.
dua08 569-5aaa02.bo o k Pag e 91 Thursday , No vem ber 7 , 2002 3:09 PM TCP/IP is now supported on almost all platforms, and is the protocol of the Internet. TCP relates to the content of the data travelling through a network — ensuring that the information sent arrives in one piece when it reaches its destination. IP relates to the address of the end station to which data is being sent, as well as the address of the destination network. Traffic The movement of data packets on a network.
dua08 569-5aaa02.
dua08 569-5aaa02.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 95 Thursday , No vem ber 7 , 2002 3:09 PM Internet settings blocking access 48 configuring 38 DHCP 41 PPPoE 42 static address 40 wizard 26 inventory 11 IP address 73 IP defined 89 IPSec defined 89 IPSec Routes editing 60 ISP defined 89 ISP Information 85 logs viewing 64 M MAC address 89 Macintosh OS 8.5/9.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 97 Thursday , No vem ber 7 , 2002 3:09 PM adding 50 custom 50 static address recording settings 16 static Internet settings 40 status viewing 64 status LED cable/DSL 13 LAN 12 subnet mask 36, 90 support 65 switch 90 system password 23 system requirements 78 system tools 61 V VCCI statement 99 viewing status and logs 64 virtual DMZ 46 virtual private network 91 virtual servers 45 creating 46 VPN configuring 53 defined 91 example 58 VPN mode 53 W WAN.
dua08 569-5aaa02.
dua08 569-5aaa02.bo o k Pag e 99 Thursday , No vem ber 7 , 2002 3:09 PM REGULATORY NOTICES FCC Statement CE Statement (Europe) This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules, and the Canadian Department of Communications Equipment Standards entitled, “Digital Apparatus,” ICES-003. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
dua08 569-5aaa02.
dua08 569-5aaa02.
dua08 569-5aaa02.
