Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 -1-
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Copyright Copyright (C) 2020 PLANET Technology Corp. All rights reserved. The products and programs described in this User’s Manual are licensed products of PLANET Technology, This User’s Manual contains proprietary information protected by copyright, and this User’s Manual and all accompanying hardware, software, and documentation are copyrighted.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 – Increase the separation between the equipment and receiver. – Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. – Consult the dealer or an experienced radio/TV technician for help. CE mark Warning The is a class A device, In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Table of Contents Chapter 1. Product Introduction............................................................................................. 6 1.1 Package Contents ...................................................................................................... 6 1.2 Overview .................................................................................................................... 6 1.3 Topology ............................
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.5 4.6 4.7 4.8 Network .................................................................................................................... 49 4.5.1 WAN ....................................................................................................... 50 4.5.2 WAN Advanced ...................................................................................... 51 4.5.3 LAN Setup..........................................................
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Chapter 1. Product Introduction 1.1 Package Contents The package should contain the following: VPN Gateway x 1 Quick Installation Guide x 1 Wall-mount Kit x 1 Dust Cap x 5 If any of the above items are missing, please contact your dealer immediately. 1.2 Overview Powerful Industrial VPN Security Solution The innovation of the Internet has created tremendous worldwide opportunities for e-business and information sharing.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Excellent Ability in Threat Defense The IVR-100 built-in SPI (stateful packet inspection) firewall and anti DoS/DDoS attack functions provide high efficiency and extensive protection for your network. Virtual server and DMZ functions can let you set up servers in the Intranet and still provide services to the Internet users.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 user-defined interfaces flexibly fulfill the network requirements, and the dual-WAN interfaces enable the IVR-100 to support outbound load balancing and WAN fail-over features. Cybersecurity Network Solution to Minimize Security Risks The cybersecurity feature included to protect the switch management in a mission-critical network virtually needs no effort and cost to install.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Convenient and Reliable Power System To facilitate transportation and industrial-level applications, the IVR-100 provides an integrated power solution with a wide range of voltages (9~48V DC) for worldwide operability. It also provides dual-redundant, reversible polarity 9~48V DC power supply inputs for high availability applications.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Stable Operating Performance under Difficult Environments Today, the VPN demand expands from commercial applications to many critical networks in the harsh environment. The IVR-100 will be one of the ideal solutions that provide a high level of immunity against electromagnetic interference and heavy electrical surges typical of environments found on plant floors or in curb-side traffic control cabinets.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 1.3 Topology PLANET IVR-100 can work as a VPN security gateway in an industrial application for a company that has a factory and many different divisions. With IPSec/GRE/PPTP/L2TP/SSL VPN solutions, the IVR-100 provides secured data communication for branches, vendors, and mobile workers with a flexible way to connect back to the headquarters. The IVR-100 connects dual WANs with up to two different ISPs.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 1.4 Features Hardware 5 10/100/1000BASE-T RJ45 ports 1 undefined Ethernet port (LAN/WAN) Dual-WAN function 1 USB 3.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Static IP/DHCP client for WAN Protocols: TCP/IP, UDP, ARP, IPv4, IPv6 Port forwarding QoS DMZ VLAN IGMP Proxy SNMP(v1/v2C/v3) DHCP server/NTP client MAC address clone DDNS: PLANET DDNS, PLANET Easy DDNS, DynDNS and No-IP Cybersecurity Others Setup wizard Dashboard for real-time system overview Supported access by HTTP or HTTPS Auto reboot Configuration backup and restoration via
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 1.5 Product Specifications Product VPN security gateway Model IVR-100 Hardware 5 10/100/1000BASE-T RJ45 Ethernet ports including Ethernet USB Port Reset Button Enclosure LED Indicators Installation 3 LAN ports 1WAN port 1 LAN/WAN port 1 USB 3.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 IPv4, IPv6, TCP/IP, UDP, ARP, HTTP, HTTPS, NTP, DNS, PLANET Protocol DDNS, PLANET Easy DDNS, DHCP, SNMP(v1/v2C/v3), PPPoE, SNMP, QoS, VLAN, IGMP Proxy MAC filtering Content Filtering IP filtering Web filtering Log System operation log Event message logging to remote syslog server Outbound load balancing Failover for dual-WAN Port forwarding DMZ Others Cybersecurity Dashboard Setup wizard Auto reboot PLANET Smart Discovery utility/UNI-NMS sup
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Environment Specifications Operating Storage Temperature: -40 ~ 75 degrees C Relative Humidity: 5 ~ 95% (non-condensing) Temperature: -40 ~ 85 degrees C Relative Humidity: 5 ~ 95% (non-condensing) Standard Accessories IVR-100 x 1 Packet Contents Quick Installation Guide x 1 Wall-mount Kit x 1 Dust Cap x 5 - 16 -
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Chapter 2. Hardware Introduction 2.1 Physical Descriptions 2.1.1 Front View LED P1 P2 Green Fault Red Lights up when the power is on. Lights to indicate that power input has failed. “Steady on” to indicate the port is connected to other network device LNK / ACT Green successfully. “Blink” to indicate there is traffic on the port. “Steady on” to indicate that the port is successfully connecting to 1000 Amber the network at 1000Mbps.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2.1.2 Top View The upper panel of the Industrial Gateway consists of one terminal block connector within two DC power inputs. 2.1.3 Wiring the Power Inputs The 6-contact terminal block connector on the top panel of Industrial Gateway is used for two DC redundant power inputs. Please follow the steps below to insert the power wire. 1. Insert positive and negative DC power wires into contacts 1 and 2 for POWER 1, or 5 and 6 for POWER 2.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 To avoid damage, please use the Industrial Gateway under its specification. 2. Tighten the wire-clamp screws for preventing the wires from loosening. 1 2 Power 1 + - 3 4 5 6 Power 2 + - Fault The wire gauge for the terminal block should be in the range from 12 to 24 AWG. 2.1.4 Wiring the Fault Alarm Contact The fault alarm contacts are in the middle of the terminal block connector as the picture shows below.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 1. The wire gauge for the terminal block should be in the range between 12 and 24 AWG. 2. Alarm relay circuit accepts up to 24V, max. 1A currents.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2.1.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2.2 Hardware Installation This section describes how to install the Industrial Gateway. There are three methods to install the Industrial Gateway -- DIN-rail mounting, wall mounting and side wall mounting. Basic knowledge of networking is assumed. Please read the following sections and perform the procedures in the order being presented. (The device shown on this chapter is just a representation of the said device.) 2.2.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Step 3: Connect your device to hub / switch. A. Connect one end of a standard network cable to the LAN port (port 1) of the device. B. Connect the other end of the cable to the hub / switch. The UTP Category 5, 5e or 6 network cabling with RJ45 tips is recommended. Step 4: Connect your device to internet. A. Connect one end of a standard network cable to the WAN port (port 5) of the device. B.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Step 3: Use the hook holes at the corners of the wall mount plate to hang the Industrial Gateway on the wall. Step 4: To remove the wall mount plate, reverse the steps above. Step 5: Proceed with Steps 3, 4 and 5 in Section 2.2.1 DIN-rail Mounting to connect the network cabling and power on the device.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2.2.4 Side Wall Mount Plate Mounting To install the Industrial Gateway on the wall, please follow the instructions below. Step 1: Remove the DIN-rail from the Industrial Gateway. Use the screwdriver to loosen the screws to remove the DIN-rail. Step 2: Place the wall-mount plate on the side panel and use the screwdriver to screw the wall mount plate tightly on the Industrial Gateway.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Chapter 3. Preparation Before getting into the device’s web UI, user has to check the network setting and configure PC’s IP address. 3.1 Requirements User is able to confirm the following items before configuration: 1. Please confirm the network is working properly; it is strongly suggested to test your network connection by connecting your computer directly to ISP. 2. Suggested operating systems: Windows 7 / 8 / 10. 3.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2. Click "Change adapter settings". 3. Right-click on the Local Area Connection and select Properties.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties or directly double-click on Internet Protocol Version 4 (TCP/IPv4).
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 5. Select "Use the following IP address" and "Obtain DNS server address automatically", and then click the “OK” button.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 3.2.2 Windows 10 If you are using Windows 10, please refer to the following: 1. In the search box on the taskbar, type “View network connections”, and then select View network connections at the top of the list.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2. Right-click on the Local Area Connection and select Properties. 3. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties or directly double-click on Internet Protocol Version 4 (TCP/IPv4).
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4. Select "Use the following IP address" and "Obtain DNS server address automatically", and then click the “OK” button.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 3.3 Planet Smart Discovery Utility For easily listing the Gateway in your Ethernet environment, the search tool -- Planet Smart Discovery Utility -- is an ideal solution. The following installation instructions are to guide you to running the Planet Smart Discovery Utility. 1. Download the Planet Smart Discovery Utility in administrator PC. 2. Run this utility as the following screen appears.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 1. This utility shows all necessary information from the devices, such as MAC address, device name, firmware version, and device IP subnet address. It can also assign new password, IP subnet address and description to the devices. 2. After setup is completed, press the “Update Device”, “Update Multi” or “Update All” button to take effect.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Chapter 4. Web-based Management This chapter provides setup details of the device’s Web-based Interface. 4.1 Introduction The device can be configured with your Web browser. Before configuring, please make sure your PC is under the same IP segment with the device. 4.2 Logging in to the VPN Gateway Refer to the steps below to configure the VPN Gateway: Step 1.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.3 Main Web Page After a successful login, the main web page appears. The web main page displays the web panel, main menu, function menu, and the main information in the center. Figure 4-1: Main Web Page ■ Web Panel The web panel displays an image of the device’s ports as shown in Figure 4-2. Figure 4-2: Web Panel Object Icon Function To indicate the port without the RJ45 plug-in.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 ■ Main Menu The main menu displays the product name, function menu, and main information in the center. Via the Web management, the administrator can set up the device by selecting the functions those listed in the function menu and button as shown in Figures 4-3 and 4-4. Figure 4-3: Function Menu Object Description System Provides System information of the Gateway. Network Provides WAN, LAN and network configuration of the Gateway.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.4 System Use the System menu items to display and configure basic administrative details of the Gateway. The System menu shown in Figure 4-5 provides the following features to configure and monitor system. Figure 4-5: System Menu Object Wizard Description The Wizard will guide the user to configuring the Gateway easily and quickly. Dashboard The overview of system information includes connection, port, and system status.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.4.1 Setup Wizard The Wizard will guide the user to configuring the Gateway easily and quickly. There are different procedures in different operation modes. According to the operation mode you switch to, please follow the instructions below to configure the Gateway via Setup Wizard as shown in Figure 4-6. Figure 4-6: Setup Wizard Step 1: LAN Interface Set up the IP Address and Subnet Mask for the LAN interface as shown in Figure 4-7.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Start IP Address By default, the start IP address is 192.168.1.100. Please do not set it to the same IP address of the Gateway. By default, the maximum DHCP users are 101, which mean the Maximum DHCP Users Gateway will provide DHCP client with IP address from 192.168.1.100 to 192.168.1.200 when the start IP address is 192.168.1.100. Next Cancel Press this button to the next step.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Figure 4-9: Setup Wizard – WAN 2 Configurations Mode 1 -- Static IP Select Static IP Address if all the Internet port’s IP information is provided to you by your ISP. You will need to enter the IP Address, Netmask, Default Gateway and DNS Server provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form, which are four octets separated by a dot (x.x.x.x).
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Next Press this button for the next step. Previous Press this button for the previous step. Press this button to undo any changes made locally and revert Cancel to previously saved values. Mode 2 -- DHCP Client Select DHCP Client to obtain IP Address information automatically from your ISP. The setup is shown in Figure 4-11.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description The SPI Firewall prevents attack and improper access to network SPI Firewall resources. The default configuration is enabled. SYN Flood is a popular attack way. DoS and DDoS are TCP Block SYN Flood protocols. Hackers like using this method to make a fake connection that involves the CPU, memory, and so on. The default configuration is enabled.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Figure 4-13: Setup Wizard –Setup Completed Object Description Finish Press this button to save and apply changes. Previous Press this button for the previous step.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.4.2 Dashboard The dashboard provides an overview of system information including connection, port, and system status as shown in Figure 4-14. Figure 4-14: Dashboard WAN/LAN Connection Status Object Description The status means WAN is connected to Internet and LAN is connected. The status means WAN is disconnected to Internet and LAN is connected. The status means WAN is connected to Internet and LAN is disconnected.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description Ethernet port is in use. Ethernet port is not in use. USB port is in use. USB port is not in use. System Information Object Description CPU Display the CPU loading Memory Display the memory usage 4.4.3 Status This page displays system information as shown in Figure 4-15.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.4.4 Statistics This page displays the number of packets that pass through the Gateway on the WAN and LAN. The statistics are shown in Figure 4-16. Figure 4-16: Statistics 4.4.5 Connection Status The page will show the DHCP Table and ARP Table. .
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.4.6 SNMP This page provides SNMP setting of the Gateway as shown in Figure 4-18. Figure 4-18: SNMP Object Enable SNMP Description Disable or enable the SNMP function. The default configuration is enabled. Read/Write Community Allows entering characters for SNMP Read/Write Community of the Gateway. System Name Allows entering characters for system name of the Gateway.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.5 Network The Network function provides WAN, LAN and network configuration of the Gateway as shown in Figure 4-19. Figure 4-19: Network Menu Object Description WAN Setup Allows setting WAN interface. WAN Advanced Allows setting WAN Advanced settings. LAN Setup Allows setting LAN interface. Routing Allows setting Route. IPv6 Allows setting IPv6 WAN interface. DHCP Allows setting DHCP Server.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.5.1 WAN This page is used to configure the parameters for Internet network which connects to the WAN port of the Gateway as shown in Figure 4-20. Here you may select the access method by clicking the item value of WAN access type. Figure 4-20: WAN Object Description Please select the corresponding WAN Access Type for the Internet, and fill out the correct parameters from your local ISP in the fields which appear below.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description Netmask Enter the Subnet Mask assigned by your ISP. Gateway Enter the Gateway assigned by your ISP. DNS Server The DNS server information will be supplied by your ISP. DHCP Select DHCP Client to obtain IP Address information automatically from your ISP. WAN IP, whether obtained automatically or specified manually, should NOT be on the same IP net segment as the LAN IP; otherwise, the Gateway will not work properly.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Load Balance Weight External Connection Detection Detect Interval Description Load Balance Weight allows you to set a relative weight (from 1 - 10) for each WAN port. Enable to detect the status of WAN connection. Set the detect interval as you need. The recommended value is 5 (default). Detect Link Up Set the times for detecting link up. Threshold The recommended value is 8 (default).
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.5.4 Routing Please refer to the following sections for the details as shown in Figures 4-23 and 24. Figure 4-23: Routing table Figure 4-24: Routing setup Routing tables contain a list of IP addresses. Each IP address identifies a remote router (or other network gateway) that the local router is configured to recognize.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description The gateway is the router or host’s IP address to which packet was sent. It must be the same network segment with the WAN or LAN Gateway port. Select the interface that the IP packet must use to transmit out of the Interface router when this route is used. Enter any words for recognition. Comment 4.5.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.5.6 DHCP The DHCP service allows you to control the IP address configuration of all your network devices. When a client (host or other device such as networked printer, etc.) joins your network it will automatically get a valid IP address from a range of addresses and other settings from the DHCP service. The client must be configured to use DHCP; this is something called "automatic network configuration" and is often the default setting.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description Set the time for using one assigned IP. After the lease time, the Lease Time DHCP client will need to get new IP addresses from the Gateway. Default is 1440 minutes. Domain Name Input a domain name for the Gateway. Default is Planet.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.5.7 DDNS The Gateway offers the DDNS (Dynamic Domain Name System) feature, which allows the hosting of a website, FTP server, or e-mail server with a fixed domain name (named by yourself) and a dynamic IP address, and then your friends can connect to your server by entering your domain name no matter what your IP address is. Before using this feature, you need to sign up for DDNS service providers such as PLANET DDNS (http://www.planetddns.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object DDNS Service Interface Description By default, the DDNS service is disabled. If user needs to enable the function, please set it as enable. User is able to select the interface for DDNS service. By default, the interface is WAN 1. There are three options: DDNS Type 1. PLANET DDNS: Activate PLANET DDNS service. 2. DynDNS: Activate DynDNS service. 3. NOIP: Activate NOIP service.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.5.8 MAC Address Clone Clone or change the MAC address of the WAN interface. The setup is shown in Figure 4-28. Figure 4-28: MAC Address Clone Object Description Clone WAN MAC Set the function as enable or disable. MAC Address Input a MAC Address, such as A8:F7:E0:00:06:62.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.6 Security The Security menu provides Firewall, Access Filtering and other functions as shown in Figure 4-29. Please refer to the following sections for the details. Figure 4-29: Security menu Object Description Firewall Allows setting DoS (Denial of Service) protection as enable. MAC Filtering Allows setting MAC Filtering. IP Filtering Allows setting IP Filtering. Web Filtering Allows setting Web Filtering.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.6.1 Firewall A "Denial-of-Service" (DoS) attack is characterized by an explicit attempt by hackers to prevent legitimate users of a service from using that service. The Gateway can prevent specific DoS attacks as shown in Figure 4-30. Figure 4-30: Firewall Object Description The SPI Firewall prevents attack and improper access to network SPI Firewall resources. The default configuration is enabled. SYN Flood is a popular attack way.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 If the function is enabled, when the number of the current Block UDP Flood UPD-FLOOD packets is beyond the set value, the Gateway will start the blocking function immediately. The default configuration is disabled. ICMP is kind of a pack of TCP/IP; its important function is to transfer Block ICMP Flood simple signal on the Internet. There are two normal attack ways which hackers like to use, Ping of Death and Smurf attack.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.6.2 MAC Filtering Entries in this table are used to restrict certain types of data packets from your local network or Internet through the Gateway. Use of such filters can be helpful in securing or restricting your local network as shown in Figure 4-31. Figure 4-31: MAC Filtering Object Description Set the function as enable or disable.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.6.3 IP Filtering IP Filtering is used to deny LAN users from accessing the public IP address on internet as shown in Figure 4-32. To begin blocking access to an IP address, enable IP Filtering and enter the IP address of the web site you wish to block. Figure 4-32: IP Filtering Object Description IP Filtering Set the function as enable or disable. Add IP Filtering Rule Go to the Add Filtering Rule page to add a new rule.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description Anywhere (of destination Check the box if you want to control all web sites, meaning the LAN IP Address) user can’t visit any web site. Destination Port Input the port of destination IP Address which you want to block. Leave it as blank if you want to block all ports of the web site. Select the protocol type (TCP, UDP or all). Protocol If you are unsure, please leave it to the default all protocol. 4.6.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.6.5 Port Forwarding Entries in this table allow you to automatically redirect common network services to a specific machine behind the NAT firewall as shown in Figure 4-36. These settings are only necessary if you wish to host some sort of server like a web server or mail server on the private local network behind your Gateway's NAT firewall.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Virtual Server IP Address Description Enter the local IP address. Enter local ports you want to control. For TCP and UDP Services, Internal Service Port enter the beginning of the range of port numbers used by the service. If the service uses a single port number, enter it in both the start and finish fields. 4.6.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.7 VPN To obtain a private and secure network link, the Gateway is capable of establishing VPN connections. When used in combination with remote client authentication, it links the business’ remote sites and users, conveniently providing the enterprise with an encrypted network communication method.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.7.1 IPSec IPSec (IP Security) is a generic standardized VPN solution. IPSec must be implemented in the IP stack which is part of the kernel. Since IPSec is a standardized protocol it is compatible to most vendors that implement IPSec. It allows users to have an encrypted network session by standard IKE (Internet Key Exchange). We strongly encourage you to use IPSec only if you need to because of interoperability purposes.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Figure 4-41: IPSec Tunnel Object Description IPSec Tunnel Enable Check the box to enable the function. Tunnel Name Enter any words for recognition. This is only available for host-to-host connections and specifies to Interface which interface the host is connecting. 1. WAN 1. 2. WAN 2. Local Network The local subnet in CIDR notation. For instance, "192.168.1.0”. Local Netmask The netmask of this Gateway.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Remote IP Address Input the IP address of the remote host. For instance, "210.66.1.10”. Remote Network The remote subnet in CIDR notation. For instance, "210.66.1.0”. Remote Netmask The netmask of the remote host. Set up the detection time of DPD (Dead Peer Detection). By default, the DPD detection’s gap is 30 seconds, over 150 seconds to think that is the broken line.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 by using it three times. It can achieve an algorithm up to 168 bits. 3. SHA1: The SHA1 is a revision of SHA. It has improved the shortcomings of SHA. By producing summary hash values, it can achieve an algorithm up to 160 bits. 4. SHA2: Either 256, 384 or 512 can be chosen. 5. MD5 Algorithm: MD5 processes a variably long message into a fixed-length output of 128 bits. You can specify how long ESP packets are valid.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4. Set the Active as enable. 5. Input the Tunnel Name and select Interface. 6. Input the Local Network and Netmask as the Gateway’s LAN IP address. 7. Input the Remote Host/IP Address as another Gateway’s public WAN IP address. 8. Input the Remote Network and Netmask as another Gateway’s LAN IP address. 9. Input the Preshare Key as the same as the one set on both Gateways. 10. Set the IKE Setting.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.7.2 GRE This section assists you in setting the GRE Tunnel as shown in Figure 4-42. Figure 4-42: GRE Object Description GRE Tunnel Set the function as enable or disable. Add GRE Tunnel Go to the Add GRE Tunnel page to add a new tunnel.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Figure 4-43: GRE Tunnel Object Description Active Check the box to enable the function. Tunnel Name Enter any words for recognition. This is only available for host-to-host connections and specifies to which interface the host is connecting. Through 1. LAN. 2. WAN 1. 3. WAN 2. Peer WAN IP Address Input the IP address of the remote host. For instance, "210.66.1.10”. Peer Netmask The remote subnet in CIDR notation. For instance, "210.66.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.7.3 PPTP Server Use the IP address and the scope option needs to match the far end of the PPTP server; its goal is to use the PPTP channel technology, and establish Site-to-Site VPN where the channel can have equally good results from different methods with IPSec. The PPTP server is shown in Figure 4-44. Figure 4-44: PPTP server Object Description PPTP Server Set the function as enable or disable.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 MSCHAP v2 Set the authentication as enable or disable. When the PPTP client connects to the PPTP server, it will assign the DNS DNS server IP address to client. When the PPTP client connects to the PPTP server, it will assign the WINS WINS server IP address to client. Server IP Address Input the IP address of the PPTP Server. For instance, "192.168.10.1”.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2. Set the PPTP Server as enable. 3. Input the Server IP Address as the Gateway’s another subnet address. 4. Input Clients IP Address Start and Clients IP Address End. 5. Create an account. Enter Username and Password. 6. Click Apply Settings button to save changes. Follow the following steps for setting up PPTP VPN client: 1. Go to the Network -> WAN page.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 2. Select Connection Type as PPTP. 3. Input the Server as the VPN Server Gateway’s public WAN IP address. 4. Input the same Username and Password as the one set on the VPN Server Gateway. 5. Go to the System -> Status page to check the Connection Type and IP Address. Make sure the VPN client Gateway gets the VPN Server’s subnet IP address.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.7.4 L2TP Server This section assists you in setting the L2TP Server as shown in Figure 4-45. Figure 4-45: L2TP Server Object Description L2TP Server Set the function as enable or disable. Server IP Address Input the IP address of the L2TP Server. For instance, "192.168.50.1”. When the VPN connection is established, the VPN client will get IP Clients IP Address address from the VPN Server. Please set the range of IP Address.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description Preshare Key Enter a pass phrase. User and Password Create the username and password for the VPN client. Connection Type 1. Main. 2. Aggressive. It provides the way to create the SA between two PCs. The SA can access the encoding between two PCs, and the IT administrator can assign to which key size or Preshare Key and algorithm to use. The SA comes in many connection ways. 1.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Please refer the steps to configure the VPN settings of the VPN Gateway: 1. Connect the VPN Gateway to internet by the Wizard. 2. Go to the System -> Status page to check the WAN IP address. Make sure the VPN Gateway gets public IP address successfully. 3. Go to the VPN -> L2TP page. Set the L2TP Server as enable, input the Server IP Address as the VPN Gateway’s public WAN IP address and other necessary information.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 The VPN settings of VPN Gateway are done. 4. Please configure the VPN settings of your mobile phone. Here we use iPhone as the example: please go to the Settings -> VPN page, click the “Add VPN Configuration…”. Note that the VPN settings might be different from each OS of mobile phone, if you do not know how to configure it, please contact with the dealer of mobile phone. 5. Input the necessary information.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 The all information should be the same as VPN Gateway. For example, the Type should be L2TP, the Server should be the WAN IP of VPN Gateway, the account should be the L2TP User of VPN Gateway, the Password should be the L2TP Password of VPN Gateway, and the Secret should be the L2TP Preshare Key of VPN Gateway. 6. Slide the Status slider to “Connecting”, it will start to connect to the VPN server.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.7.5 SSL VPN This section assists you in setting the SSL Server as shown in Figure 4-46. Figure 4-46: SSL Server Object SSL VPN Server Description Set the function as enable or disable.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Port Set a port for the SSL Service. Default port is 1194. Tunnel Protocol Set the protocol as TCP or UDP. Virtual Network Device Set the Virtual Network Device as TUN or TAP. Interface User is able to select the interface for SSL service using. VPN Network The VPN subnet in CIDR notation. For instance, "192.168.20.0”. Network Mask The netmask of the VPN.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 4.8 Maintenance The Maintenance menu provides the following features for managing the system as Figure 4-48 is shown below: Figure 4-48: Maintenance Menu Object Description Administrator Allows changing the login username and password. Date & Time Allows setting Date & Time function. Save/Restore Export the Gateway’s configuration to local or USB sticker. Configuration Restore the Gateway’s configuration from local or USB sticker.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Figure 4-48: Administrator Object Description Username Input a new username. Password Input a new password. Confirm Password Input password again. 4.8.2 Date and Time This section assists you in setting the system time of the Gateway. You are able to either select to set the time and date manually or automatically obtain the GMT time from Internet as shown in Figure 4-49.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 NTP Client Update NTP Server Once this function is enabled, Gateway will automatically update current time from NTP server. User may use the default NTP sever or input NTP server manually. 4.8.3 Saving/Restoring Configuration This page shows the status of the configuration.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description Backup Settings to Press the USB Storage button to save setting file to USB storage. Load Settings from Press the USB Storage button to upload setting file from USB storage. Before removing the USB storage from the Gateway, please press the Unmount button first. 4.8.4 Upgrading Firmware This page provides the firmware upgrade of the Gateway as shown in Figure 4-51.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Figure 4-52: Reboot/Reset Object Description Reboot Press the button to reboot system. Reset Press the button to restore all settings to factory default settings. I'd like to keep the network profiles. Check the box and then press the button to keep the current network profiles and reset all other configurations to factory defaults. 4.8.6 Diagnostics The page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Object Description Interface Select an interface of the Gateway. Target Host The destination IP Address or domain. Number of Packets Set the number of packets that will be transmitted; the maximum is 100. Ping The time of ping. Be sure the target IP address is within the same network subnet of the Gateway, or you have to set up the correct gateway IP address.
Industrial 5-Port 10/100/1000T VPN Security Gateway IVR-100 Appendix A: DDNS Application Configuring PLANET DDNS steps: Step 1: Visit DDNS provider’s web site and register an account if you do not have one yet. For example, register an account at http://planetddns.com Step 2: Enable DDNS option through accessing web page of the device. Step 3: Input all DDNS settings.
