Multi-WAN VPN Link Balancer User’s Guide
TABLE OF CONTENTS 1: INTRODUCTION ..............................................................................................................................1 Internet Features ..........................................................................................................................1 Other Features ..............................................................................................................................3 Package Contents ................................................
DNS Record.................................................................................................................................69 9: MANAGEMENT ASSISTANT ........................................................................................................71 Overview......................................................................................................................................71 Admin. Setup .................................................................................
1: Introduction Congratulations on the purchase of your new Multi-WAN VPN Link Balancer. The Multi-WAN VPN Link Balancer not only provides a selection of 2~8 WAN ports – it also provides Shared Broadband Internet Access for all LAN users. Figure 1-1: Multi-WAN VPN Link Balancer Internet Features • Flexible use of WAN ports There are up to 8 WAN ports available for use on the Multi-WAN VPN Link Balancer. The user can decide how many WAN ports to use by changing settings in the web page setup area.
• Support for all common Connection Methods All popular DSL, Cable Modems and connection methods are supported. These include - Fixed IP, Dynamic IP, PPPoE and PPTP. • Inbound/Outbound Traffic Load Balancing and Failover There are a variety of load balancing methods that allow administrators to manage the traffic from LAN or WAN in order to maximize bandwidth - as well as smart health check methods to protect against connection failure for failover.
• VPN (Virtual Private Network) Support is provided for up to 50 VPN tunnels with a failover and back-up mechanism. • VPN Mesh Group. The Multi-WAN VPN Link Balancer also supports VPN Load Balance with mesh group configuration. Other Features • 16-Port Switching Hub The Multi-WAN VPN Link Balancer incorporates a 16-port 10 /100BaseT switching hub, making it easy to create or extend your LAN as needed.
• UPnP When UPnP (Universal Plug & Play), is set to “Enable” - the Multi-WAN VPN Link Balancer becomes a network device. This feature is useful for detecting and controlling network devices such as Internet gateways.
Package Contents The following items are included in the Multi-WAN VPN Link Balancer package: • Multi-WAN VPN Link Balancer Unit • Power Cord • Quick Installation Guide • CD-ROM containing the on-line manual. If any of the above items are damaged or missing, please contact your dealer immediately. Physical Details Front Panel Figure 1-2: Front Panel Front Panel LED indication is as follows: OFF – No Power Power ON – Normal Operation Status System Blinking – Normal Operation.
Ethernet Ports and Reset Button WAN ports: 2 to 8 WAN ports (default is 2), using Port 1 to Port 8 for connecting Ethernet Ports to Modem(s). LAN ports: The remaining ports which are connected to PCs or a Hub. Note: Any port will automatically operate as an “Uplink” port if required. You can use a normal LAN cable to connect to a normal port on another hub. Reset Button When pressed and released, the Multi-WAN VPN Link Balancer will reboot (restart) within 1 second.
Rear Panel Figure 1-3: Rear Panel AC 100V ~ 240V Connects to AC100~240V / 50~60Hz with supplied AC power cord. Default Settings When the Multi-WAN VPN Link Balancer has finished booting, all configuration settings will be set to the factory defaults, including: • IP Address set to its default value of 192.168.1.1, with a Network Mask of 255.255.255.
Note: The supplied Windows TFTP utility also allows you to perform three (3) additional operations: • Save the current configuration settings to your PC (use the "Save Configuration" button). • Restore a previously saved configuration file to the Multi-WAN VPN Link Balancer (use the "Upgrade Firmware" button). • Set the Multi-WAN VPN Link Balancer to its default values (use the "Set to Default" button).
2: Basic Setup Overview Basic Setup of your Multi-WAN VPN Link Balancer involves the following steps: 1. Attach the Multi-WAN VPN Link Balancer to a PC using any LAN port (3 to16) and configure it for your LAN. 2. Install your Multi-WAN VPN Link Balancer in your LAN and connect the Broadband Modem(s). 3. Configure your Multi-WAN VPN Link Balancer for Internet Access. 4. Configure PCs on your LAN to use the Multi-WAN VPN Link Balancer.
7. Enter admin for the "User Name" and leave the "Password" field blank. • The "User Name" is always set as admin • For security, it is highly recommended that you set a password. You may do this using the Admin Setup screen. 8. After logging in, you will see the Administrator Password setup in the Admin Setup screen, as shown below. Assign a password by entering it in the "Password" and "Verify Password” Fields. Figure 2-2: Home Screen (Admin.
9. Select LAN & DHCP from the menu. You will see a screen like in the example below. Figure 2-3: LAN & DHCP Setup 10. If your LAN already has a DHCP Server and you wish to continue using it, the following configuration is required: • The DHCP Server function in the Multi-WAN VPN Link Balancer must be disabled. You will find this setting in the LAN & DHCP screen. • Your DHCP Server must be configured to provide the Multi-WAN VPN Link Balancer's LAN IP Address as the "Default Gateway".
Settings – LAN & DHCP LAN IP Configuration Optional Configuration DHCP Configuration View DHCP List • IP Address – IP address for the Multi-WAN VPN Link Balancer, as seen from the Local LAN. Use the default value unless the address is already in use or your LAN is using a different IP Address range. • Subnet Mask –The default value 255.255.255.0 is standard for small (class "C") networks. For other networks, use the Subnet Mask for the LAN segment to which the Multi-WAN VPN Link Balancer is attached.
2. Installing the Multi-WAN VPN Link Balancer in your LAN Figure 2-4: Installation Diagram 1. Ensure that the Multi-WAN VPN Link Balancer and any DSL/Cable modem(s) are powered-OFF. Leave the modem or modems connected to their data lines. 2. Connect the Broadband modem(s) to the Multi-WAN VPN Link Balancer. • If using only one (1) Broadband modem, connect it to port 1. • Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable. 3.
• For each PC connected to the LAN ports, the corresponding LAN LED (either 10/Yellow or 100/Green) should be ON. 3. Configuring the Multi-WAN VPN Link Balancer for Internet Access To configure access to the Internet, first decide how many WAN ports you are going to use. The pull down menu on the MAX WAN web page (Figure 2-5) will let you setup the WAN port numbers. You can choose from two (2), up to eight (8) WAN ports. Once you have selected how many ports you are going to use, click on Submit.
Figure 2-6: Primary Setup Settings – Primary Setup Connection Mode Connection Type • Interface – A pull down menu for each WAN port that you are going to connect to the Internet. • Connect Mode – Enable – Select this if you have connected a broadband modem to this port. Disable – Select this if there is no broadband modem connected to this port. Check the data supplied by your ISP and select the appropriate option. • Static IP – Select this if your ISP has provided a Fixed or Static IP address.
Address Information This is for Static IP users only. Enter the address information (IP Address, Subnet Mask, Gateway) provided by your ISP. If your ISP provides multiple IP address, you can use the Multi-DMZ screen to assign any additional IP addresses. PPPoE / PPTP Dialup This is for PPPoE or PPTP users only. • Enter the Username and Password provided by your ISP. • If using PPTP, enable the PPTP Connection checkbox and enter the IP address of the PPTP server.
4: Configure PCs on your LAN Overview For each PC, the following settings may need to be configured: • TCP/IP network settings • Internet Access configuration TCP/IP Settings If using the default Multi-WAN VPN Link Balancer settings and the default Windows 95/98/ME/2000/XP TCP/IP settings, no changes need to be made. Just start (or restart) your PC.
6. Check "Connect using a broadband connection that is always on" and click Next. 7. Click Finish to close the New Connection Wizard. Setup is now completed. Accessing AOL To access AOL (America On Line) through the Multi-WAN VPN Link Balancer, the AOL for Windows software must be configured to use TCP/IP network access rather than a dial-up connection. The configuration process is as follows: • Start the AOL for Windows communication software. Ensure that it is Version 2.5, 3.0 or later.
Fixed IP Address By default, most Unix installations use a fixed IP Address. If you wish to continue using a fixed IP Address, make the following changes to your configuration. • Set your Default Gateway to the IP Address of the Multi-WAN VPN Link Balancer. • Ensure your DNS (Name server) settings are correct. To act as a DHCP Client (recommended) The procedure below may vary depending on your version of Linux and X -windows shell. 1. Start your X Windows client. 2. Select Control Panel - Network 3.
3: Advanced Port Overview • Port Options contains some options which can be set on any WAN port. For most situations, the default values are satisfactory. • Load Balance is only functional if you are using multiple WAN ports. It allows you to determine the proportion of WAN traffic sent through each port. • Advanced PPPoE setup is required if you wish to use multiple sessions on each WAN port. It can also be used to manually connect or disconnect a PPPoE session. Otherwise, this screen can be ignored.
Settings – Port Options Interface Connection Health Check Transparent Bridge • WAN Port – Select a particular WAN port from the pull-down menu to setup WAN port configuration. • MTU – The Maximum Transmission Unit for the Ethernet data. This is used to determine the packet size to be used on the WAN interface. Normally, this does not need to be changed but if your ISP advises you to use a particular MTU, enter it here. The default MTU value is 1500 Bytes.
Load Balance This screen is only operational if using Internet connections on multiple WAN ports Figure 3-2: Load Balance Only functional when using two (2) or more WAN ports - these settings determine the proportion of traffic sent over each port.
Settings – Load Balance Load Balance Configuration • Enable – This enables your Load Balance setting options and must be checked for other settings on this screen to be effective. • Balance Type – You can select the Balance types based on: • • Bytes Tx + Rx – Traffic is measured by Bytes. (Least load) • Packets Tx + Rx – Traffic is measured by Packets. (Least load) • Sessions established – Traffic is measured by Sessions. (Least load) • IP Address – Traffic is measured by IP address.
Advanced PPPoE The Advanced PPPoE screen is required in order to use multiple PPPoE sessions on the same WAN port. It can also be used to manually connect or disconnect a PPPoE session. Figure 3-3: Advanced PPPoE Settings – Advanced PPPoE Select WAN Port & Session WAN Port – Selected WAN port only using PPPoE connection PPPoE Session – ISPs can usually provide multiple floating real IPs for PPPoE.
Options PPPoE Auto Dialup Connection Status • Specified Fix IP Address – If you have a fixed IP address, enter if here. Otherwise, this field should be left at 0.0.0.0. • Assigned Host Name –This field is used by a Host to uniquely associate an access concentrator with a particular Host request. • Auto Dialup (connect-on-demand) – If set to Enable, a connection will be established whenever outgoing WAN traffic is detected. If not enabled, you must establish a connection manually.
Settings – Advanced PPTP WAN Port Select the desired WAN port (click desired WAN on Connection Status). The data of the selected port will then be displayed in the WAN IP Account section. PPTP MTU – Maximum transfer unit for PPTP. The default value is 1460 WAN IP Account PPTP Auto Dialup Connection Status • User Name – The PPTP user name (login name) assigned by your ISP. • Password – The PPTP password associated with the User Name above.
4: Advanced Setup Overview The following features are provided in Advanced Setup: • Host IP • Routing • Virtual Server • Special Application • Dynamic DNS • Multi DMZ • UPnP Setup • NAT Setup • Advanced Feature This chapter contains details on the configuration and use of each of these features. Host IP This feature is used in the following situations: • You have Multi-Session PPPoE and wish to bind each session to a particular PC on your LAN.
Figure 4-1: Host IP Settings – Host IP Host Network Identity This section identifies each Host (PC) • Host name – Enter a suitable name. Generally, you should use the "Hostname" (computer name) as defined on the Host itself. • MAC Address – Also called Physical Address or Network Adapter Address. Enter the MAC address of this Host. • Select Group – Select the group you wish this Host to be included in.
Host Network Binding • Binding WAN Port / Session – Select Enable if you wish to associate this PC with a particular PPPoE session. All traffic for that PC will then use the selected PPPoE port and session. • Binding Method – Suppose your PC is bound to WAN1 port and you select “Strict Binding.” If WAN1 port is disconnected, your packets cannot go through another WAN port, if it is still alive.
Figure 4-2: Routing Note: If there is an entry or entries in the Routing table with an Index of zero (0), these are System entries. You cannot modify or delete these entries. Settings – Routing Dynamic Routing • RIP v2 – This acts as a “master” switch. If enabled, the selected WAN or LAN will run RIPv1/v2, otherwise RIP function will not be available. • Interface – If LAN or other WAN are enabled, the specified WAN or LAN can execute RIP function.
Static Routing • Network Address – The network address of the remote LAN segment. For standard class "C" LANs, the network address is the first 3 fields of the Destination IP Address. The 4th (last) field can be left at 0. • Netmask –The Network Mask for the remote LAN segment. For class "C" networks, the default mask is 255.255.255.0 • Gateway – The IP Address of the Gateway or Router that the Multi-WAN VPN Link Balancer must use to communicate with the destination IP address entered above.
For the Multi-WAN VPN Link Balancer Gateway's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments - the Multi-WAN VPN Link Balancer requires 2 entries as follows: Entry 1 (Segment 1) Destination IP Address 192.168.2.0 Network Mask 255.255.255.0 Gateway IP Address 192.168.1.100 Interface LAN Metric 2 Entry 2 (Segment 2) Destination IP Address 192.168.3.0 Network Mask 255.255.255.0 (Standard Class C) Gateway IP Address 192.168.1.
Virtual Server This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: • Your Server's IP address is only valid on your LAN, not on the Internet. • Attempts to connect to devices on your LAN are blocked by the firewall in the Multi-WAN VPN Link Balancer. The "Virtual Server" feature solves these problems and allows Internet users to connect to your servers, as illustrated below. Web Server (192.
http://my_domain_name.dyndns.org ftp://my_domain_name.dyndns.org This screen allows you to define your own Server types. Figure 4-5: Virtual Server Settings – Virtual Server Virtual Server Configuration • Enable – The enable checkbox is to Enable or Disable each Virtual server as required. • Server Name – Enter a suitable name for this server.
or even bind to all WAN ports together. Buttons Virtual Server List • LAN Port Range – Enter the range of port number used for outgoing traffic from this Server. If only a single port is required, enter it in both fields. • WAN Port Range -– Enter the range of port numbers used for incoming traffic to this Server. If only a single port is required, enter it in both fields • Allowed Remote IP – It allows only a range of remote side IP addresses to access the virtual servers. The default entry 0.0.0.
Special Application If you use Internet applications which have non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the firewall in the Multi-WAN VPN Link Balancer. In this case, you can define the application as a "Special Application" in order to make it work.
Settings – Special Application Special Application • Enable – Use this to Enable or Disable the Special Application as required • Name – Enter a descriptive name to identify the Special Application. • Outgoing Protocol –Select the protocol used by the application when sending data to the remote server or PC. • Outgoing Port Range – Enter the beginning and end of the range of port numbers used by the application server for data you send.
Dynamic DNS Dynamic DNS is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change each time you connect to your ISP, making it difficult to connect to you. You must register for the Dynamic DNS service.
Settings – Dynamic DNS Dynamic DNS Service Additional Settings WAN Port Binding This pull-down menu can Enable/Disable the Dynamic DNS feature and select the required service provider. • Disable – Dynamic DNS is not used. • TZO – Select this to use the TZO service (www.tzo.com). You must configure the TZO section of this screen. • DynDNS – Select this to use the standard service (from www.dyndns.org or other provider). You must configure the Standard Client section of this screen.
Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC, allowing unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers. Note: The "DMZ PC" is effectively outside the Firewall, making it more vulnerable to hacker attacks or other intrusions.
Settings – Multi DMZ Multi DMZ Edit Multi DMZ List • Enable – Use this to enable or disable the DMZ setting, as required. • WAN – Select the desired WAN port binding with a particular LAN host. (There are a maximum 8 WAN ports which can be available.) Its connection type may change based on your WAN connection type (Static/DHCP/PPPoE/PPTP). • Name – Enter a name to assist you to remember this setting. This name can be anything you choose and will have no effect on the operation.
UPnP Setup With the UPnP (Universal Plug & Play) function, you can easily setup and configure an entire network as well as enable detection and control of networked devices and services. Figure 4-9: UPnP Setup Settings – UPnP Setup UPnP Option If set to Enable UPnP, this device will register on the local network. You will find that there is an icon showing on the My Network Places in Window XP. Each time you add a new service with port mapping, the new service will appear on the mapping list.
NAT Setup NAT (Network Address Translation) is the technology which allows one (1) WAN (Internet) IP address to be used by multiple LAN users. Figure 4-10: NAT Setup Settings – NAT Setup NAT Configuration • NAT Routing – You can enable or disable NAT through the check box. If you disable the NAT checkbox, it will act as a bridge or Static Router. Most features will be unavailable. • TCP Timeout – Enter the desired value to use on each WAN port.
Non-Translation Port Range If some packets whose port number cannot be translated for special applications, you must set state to “Enable” and input value in port range. Alternatively, if its port cannot be translated in the specified time period, you must set Enable and enter a seconds value in Timeout. NAT Alias For each alias entry, the WAN IP acts as an alias of the host with Local LAN IP accessing the Internet via the specified WAN port for the specified protocol packets, i.e. 1-1 NAT.
Advanced Feature • External Filters Configuration – These settings determine whether the Multi-WAN VPN Link Balancer should respond to ICMP (ping) requests received from the WAN port or not. • Interface Binding – Use these settings to ensure that certain traffic is sent by a particular WAN port and thereby a particular ISP account. These settings are only useful on some WAN ports. • Protocol & Port Binding – This allows you to bind any WAN port by selecting the protocol type you want.
Settings – Advanced Feature External Filters Configuration DNS Loopback Interface Binding • IDENT Port – Port 113 is associated with the Internet's (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. This means that hackers can probe port 113 as a rich source of your personal information.
Protocol & Port Binding List This list shows the details of all protocol and port configuration data which are currently defined. You can modify them by clicking on a selected row.
5: Security Management Overview • Block URL – Ability to block a specific website by configuring IP address, URL or Keywords. • Access Filter – Ability to block all Internet access, a known port or user defined ports by group access. • Session Limit – Ability to limit users Internet access when the device detects new sessions that exceed the maximum value in the sampling time, for example, virus, syn flood, etc.
Figure 5-1: Block URL Settings – Block URL Access Group Access Item This allows you to have different blocking rules for different Groups of PCs. • All PCs (users) are in the Default Group unless moved to another specified group on the Host IP screen. • If you want the same restrictions to apply to everyone, select Default for the Group. In this case, there is no need to enter any Hosts in the Host IP screen.
Access Filter The network Administrator can use the Access Filter to gain fine control over the Internet access and applications available to LAN users. • Five (5) user groups are available and each group can have different access rights assigned to them. • All PCs (users) are in the Default group, unless assigned to another group on the Host IP screen.
Settings – Access Filter Access Group Filter Setting This allows you have different access rights for different Groups of PCs. • If you want the same restrictions to apply to everyone, select Default for the Group. In this case, there is no need to enter any Hosts on the Host IP screen. • If you wish to apply different restrictions to different Groups, select the desired Group. The screen will update data for the selected Group.
Figure 5-3: Session Limit Settings – Session Limit Sampling Time The time interval specified by you for new sessions. Only the new sessions that have recently occurred are counted according to the sampling time entered. (Default is 400 mil-sec) Maximum of Total New session The maximum total number of new sessions in the system which is acceptable in the sampling time. Any new incoming sessions will be dropped after the number of new sessions has been exceeded.
SysFilter Exception System Filter Exception - This will reject every packet with an unrecognized port to block port scan programs from hackers. This, however, also incurs problems in some situations where servers (e.g. SMTP server port 113) or WAN clients need to send a response packet to verify the activity of their communication peers.
6: VPN Configuration Overview Virtual Private Network (VPN) uses encryption to create the connection between two end points (computers or networks). It allows private data to be sent securely over a public network or the Internet without the risk of outside intruders gaining unauthorized access. VPN establishes a private network that can send data securely between two networks. We call this by creating a “tunnel”.
Settings – IKE Global Setup Global List (Phase 1) The list will only show the approximate information of all Global Settings on each WAN port. You can modify it by clicking on a selected row. Global Parameters • Enable Setting – If set to Enable, it enables the VPN function to work. • ISAkmp Port – Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify and delete security associations and their attributes.
Planning the VPN When planning your VPN, you must make the following choices first: 1. If the remote site is a LAN network, the two end-point networks must have different LAN IP address ranges. If the remote end-point is a single PC running a VPN client, its destination address must be a single IP address with subnet mask of 255.255.255.255 2. Will you be using the Internet Key Exchange (IKE) setup, or Manual Keying? Whichever method is used, you must specify each phase of the connection. 3.
Settings – IPSec Policy Setup IPSec Traffic Binding Traffic Selector Security Level • Tunnel Name – In order to distinguish the tunnel, you have to give “Tunnel” a name. • Tunnel – If set to Enable, this will allow the tunnel to connect. • WAN port – You can choose any WAN port to make the VPN connection. • PPPoE Session – If you are using a multi-session PPPoE connection, you can select which PPPoE session will create a VPN tunnel between two sites.
Key Management Key Type – Two key types are available for the key exchange management - Manual Key and Auto Key: • • Manual Key – If manual key is selected, no key negotiation is needed. The following fields to be set are: 1. Encryption Key –This field specifies a key to encrypt and decrypt IP traffic. 2. Authentication Key – This field specifies a key to use to authenticate IP traffic. 3. Inbound/out bound SPI (Security Parameter Index) – This information is carried on the ESP header.
Figure 6-3: IPSec Policy Options Settings – IPSec Policy Options Dead Peer Detection Feature • Dead Peer Detection (DPD) – If set to Enable, a device will periodically send HELLO/ACK messages to check if the tunnel is alive when both peers of a VPN tunnel provide DPD mechanism. Once a dead peer is detected, a device will end the connection so it can be re-established. This is the primary method of VPN failover or backup.
passes - a Detection packet is sent to the peer. Options • Retry Times – The number of times a device will attempt to send the Detection packet before the Check After Idle time expires. • Action – This will execute one of the following actions after the Detection is determined: Failover - ignores the dead tunnel. Remove Tunnel - disconnects the dead tunnel. Keep Tunnel Alive - attempts to keep the tunnel alive. • Logging – If set to Enable, all DPD activity of will show up in the VPN log.
Mesh Group Setup (Optional) The Multi-WAN VPN Link Balancer not only provides VPN failover and backup but is also capable of offering VPN load balance. If you have setup IPSec policy on the “IPSec Policy Setup” web page, then you don’t have to enter IPSec policy setup again here. You can press the “Scan Policies” button to copy the IPSec Policy into the Mesh Group Setup web page. You also can configure your IPSec Policy on the Mesh Group web page by pressing the “Create” button.
Once you have added your VPN Policy to the Mesh Group, you can set up your Mesh Group through the VPN Mesh Group Configuration. Figure 6-5: Mesh Group Configuration Settings –Mesh Group Configuration Aggregation Group This will display all the VPN connections that are using for VPN load balancing. You should enable the check box before you make a VPN load balance connection. • Delete Button – This button can delete one or all IPSec Policies.
VPN Logs You can monitor the VPN status through the VPN Logs web page. The log level (priority) can be chosen from the VPN IKE Global Settings web page. Figure 6-6: VPN Logs Data – VPN Logs Message Status Undefined Messages • Time – Indicates when the message was created according to system time. • Priority – Indicates the priority level of a message for analysis. • Module – Denotes the module responsible for the message sent in the IPSec architecture.
7: QoS Configuration Overview The Multi-WAN VPN Link Balancer incorporates a QoS (Quality of Service) utility to provide high quality network support service. Because it classifies outgoing packets based on policies defined by users, real-time applications should respond or perform better. QoS Setup The following web page instructs you on setting up and enabling QoS.
Settings – QoS Setup. Enable QoS – If set to Enable, it activates the QoS function. QoS Feature IP TOS (Type of Service) Features • Queuing Method – Management method selection for packets queue. Incorporates” Priority Queuing” - the first queuing variation to be widely implemented. • Process TOS Field – An 8 bit field in the IP packet header designed to contain values indicating how each packet should be handled in the network.
Settings – QoS Policy Policy Priority Policy List This section identifies each policy: • Policy Name – Enter a suitable name. Generally, you should use the "Policy Name" for network traffic. • Source Address – Define the source address of packets here. It has two types, such as, IP address or MAC address. If you select IP address, you can define the IP address range; otherwise you can define up to four MAC addresses. • Destination Address – Define the destination address of packets here.
8: DNS Configuration (Optional) Overview The DNS configuration web pages are setup steps provided for users requiring Inbound Load Balance. Domain SOA In order to make inbound load balance work, the Multi-WAN VPN Link Balancer incorporates a DNS server module. Users must first construct a server behind the LAN side of the Multi-WAN VPN Link Balancer. It is also necessary for users to register a domain name with at least two WAN IP addresses in the “Domain Name Organization” for Static DNS.
Settings – Domain SOA Domain List The Domain List catalogs all DNS configuration data that you have entered. You can modify any of the Domain SOA records by clicking on a selected row. Domain Data • Enable – If set to Enable, it will initialize your DNS configuration setup. • Mnemonic Name – The identifying name that you registered in DNS. • Default TTL – Time to live (TTL). The maximum time of any record that is cached in this zone.
DNS Record Apart from setting up the DNS SOA configuration, to complete the whole DNS setup - it is also necessary to configure the DNS record.
Settings – DNS Record SOA Record Lists all SOA records stored in the Domain SOA shown above. • Host Name – The second level Domain name (host). The host name is given by a system administrator; the NIC does not manage it. However, a TLD (Top-Level Domain – xyz.com) is managed by the NIC and a system administrator must set up a host name such as “www” or “ftp” (www.xyz.com. or ftp.xyz.com.). • IN – This has the following format in resource records: 1. A – Host address which is the IP address of host.
9: Management Assistant Overview The following advanced features are provided: • Admin. Setup • Email Alert • SNMP • Syslog • Upgrade Firmware This chapter contains details of the configuration and use of each of these features. Admin. Setup Remote Access Configuration – This feature allows you to manage the Multi-WAN VPN Link Balancer via the Internet. You can restrict access to a specified IP address or address range.
Settings – Admin. Setup Remote Access Configuration • Remote Upgrade – If enabled, you can use the supplied Windows utility to remotely upgrade the firmware. If not enabled, the upgrade must be performed by a PC on the LAN. • Remote Setup – If enabled, access to the web-based interface is available via the Internet (See below for details). If not enabled, access is only available by a PC on the LAN. • Access port – The port number used when connecting remotely. The default port number is 8080.
Email Alert This feature will send a warning Email to the system administrator when any WAN port is disconnected, has received excessive ping flooding, exceeded session limitation, etc. Figure 9-2: Email Alert Settings – Email Alert Global Setting: • Link Down – If set to Enable, it will send a warning email to alert the administrator when any WAN port is disconnected. • Excessive Ping – This feature is useful to prevent ICMP attacks from WAN or LAN.
Email Alert Configuration Email Alert Configuration List • Email (SMTP) Server Address – An email sever to which a warning email will be sent, if email alert has been enabled. For example: mail.domain.com • User Name – An email account name for the sender. • Password – A password for the sender. • Sender Address – An email address that sends a warning email to a recipient. • Recipient Address – An email address that a warning email will be sent to.
SNMP This section is only useful if you have SNMP (Simple Network Management Protocol) software on your PC. If you have SNMP software, you can use a standard MIB II file with the Multi-WAN VPN Link Balancer. Figure 9-3: SNMP Settings – SNMP System Information Community Trap Targets • Contact Person – The name of the person responsible for this device. • Device name – The name of this device. • Physical Location – The location of the device.
Syslog This feature can send the real time system information to a web page or to specified PCs. Syslog Configuration – Syslog Configuration allows you to select whether to send the system information to another machine or not. Up to three machines can be chosen to send the system log to. Message Status – Messages are only sent and kept when “Keep Sent Message” is enabled. Currently 100 messages are retained in RAM and will be cleared when the system is rebooted or powered off.
Settings – Syslog Syslog Delivery • Sending Out – Set to “Enable”, if you want to send system log messages to other machines (PCs). • Keep Sent Message – If set to Enable, it means you want to keep sent messages; otherwise the sent messages will be deleted. • Syslog Server – Up to 3 syslog servers can be used. • IP Address: The IP address(es) of the syslog server(s) that you want to send to. • Port: If your syslog server does not use the default port, you can change it.
Using Remote Web-based Setup To connect to the Multi-WAN VPN Link Balancer from a remote PC via the Internet: 1. Ensure that both your PC and the Multi-WAN VPN Link Balancer are connected to the Internet. 2. Open your Web Browser. 3. In the "Address" bar, enter "HTTP://" followed by the Internet IP Address of the Multi-WAN VPN Link Balancer. If the port number is not 80, then the port number is also required. (After the IP Address, enter ":" followed by the port number.) e.g. HTTP://123.123.123.
Upgrade Firmware The Upgrade Firmware Screen allows you to upgrade the firmware or backup the system configuration. Figure 9-6: Upgrade Firmware You can backup your system configuration by pressing the Save System Configuration “Save” button. This will save the system configuration for future use. You also can upgrade the firmware by inputting the correct password, browsing to the firmware upgrade file and then pressing the “Upgrade” button.
10: Network Info Operation Once the Multi-WAN VPN Link Balancer and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required. Refer to Chapter 4 - Advanced Setup for further details. System Status Use the System Status link on the main menu to view this screen.
Data – System Status WAN Interface LAN Interface Device Information • Connection Type – The type of connection used – DHCP, Fixed IP, PPPoE or PPTP. • Connection Status – Either "Connected" or "Disconnected”. • "Force Renew" button– Only available if using a dynamic IP address (DHCP). Clicking this button will perform a DHCP "Renew" transaction with the ISP's DHCP server. This will extend the period for which the current WAN IP address is allocated to you.
Device Statistics Buttons • System UpTime – The time since the device system was last reinitialized. • CPU Usage – The current CPU percentage usage. • Memory Heap – The current Memory percentage usage (Heap & Queue). • Packet Queue – The current Packet Queue percentage usage. • Refresh – Updates the on-screen data. • Restart – Restarts (reboots) the Multi-WAN VPN Link Balancer. • Restore Factory Defaults – This will delete all existing settings and restore the factory default settings.
WAN Status Use the WAN Status link on the main menu to view this screen. Figure 11-3: WAN Status Data – WAN Status NAT Statistics This section displays data for each WAN port. • Status – This will display either Connected or Disconnected. • Default Loading Share - The default traffic loading on each WAN port. • Current Loading Share – The current traffic loading on each WAN port. • Current Loading – The number of current traffic Sessions, Bytes and Packets being processed on each WAN port.
Interface Statistics This section displays cumulative statistics. Use the "Restart Counter" button to restart these counters when required.
Appendix A Specifications Model Multi-WAN VPN Link Balancer Dimensions 423mm (W) x 155mm (D) x 43mm (H) Operating Temperature 0° C to 40° C Storage Temperature -10° C to 70° C Network Protocol: TCP/IP Network Interface: 16 *10/100 BaseT (RJ45) Auto-switching Hub ports for WAN / LAN devices. LEDs 1 power LED. 2 status LEDs. 16 LEDs for WAN/LAN Power Supply Internal AC 100V ~ 240V / 50 ~ 60 Hz FCC Statement This device complies with Part 15 of the FCC Rules.
Appendix B Windows TCP/IP Setup Overview TCP/IP Settings If using the default Multi-WAN VPN Link Balancer settings and the default Windows 95/98/ME/2000 TCP/IP settings, no changes need to be made. • By default, the Multi-WAN VPN Link Balancer will act as a DHCP Server, automatically providing a suitable IP Address (and related information) to each PC when the PC boots. • For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client.
Figure B-2: IP Address (Win 95) Ensure your TCP/IP settings are correct as follows: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Restart your PC to ensure it obtains an IP Address from the Multi-WAN VPN Link Balancer.
• On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the field beside the Add button, then click Add. Figure B-4: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure B-5: Network Configuration (Win 2000) 3.
Figure B-6: TCP/IP Properties (Win 2000) 5. Ensure your TCP/IP settings are correct: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Restart your PC to ensure it obtains an IP Address from the Multi-WAN VPN Link Balancer.
Checking TCP/IP Settings - Windows XP: 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure B-7: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button.
Figure B-8: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Restart your PC to ensure it obtains an IP Address from the Multi-WAN VPN Link Balancer. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.
Appendix C Troubleshooting Overview This chapter covers some common problems that may be encountered while using the Multi-WAN VPN Link Balancer and some possible solutions to them. If you follow the suggested steps and the Multi-WAN VPN Link Balancer still does not function properly, contact your dealer for further advice. General Problems Problem 1: Can't connect to the Multi-WAN VPN Link Balancer to configure it.
Problem 2: Some applications do not run properly when using the Multi-WAN VPN Link Balancer. Solution 2: The Multi-WAN VPN Link Balancer processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applications which are not functioning correctly. If this does solve the problem, you can use the DMZ function. This should work with most applications, however: • It is a security risk, since the firewall is disabled for the DMZ PC.
