Billion BiPAC 7404VNPX Instrukcja Użytkownika

BiPAC 7404V(G)OXBiPAC 7404V(G)PX 3G/VoIP/(802.11g) ADSL2+ (VPN)Firewall Router User Manual Last Revised Date 23-10-2008Version release 5.53.s5.rc3

Chapter 2: Installing the RouterImportant note for using this routerPackage Contents3G/VoIP/(802.11g) ADSL2+ (VPN) Firewall Router CD-ROM containing t

IPSec (IP Security Protocol)Active: This function activates or deactivates the IPSec connection. Check Active checkbox if you want the protocol of tun

IPSec VPN ConnectionName: A given name for the connection (e.g. “connection to ofce”).Local Network: Set the IP address, subnet or address range of t

Remote ID:Identier: Input remote ID’s information, like domain name www.ipsectest.comHash Function: It is a Message Digest algorithm which coverts an

unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modula

Example: Conguring an IPSec LAN to LAN VPN ConnectionTable 3: Network Conguration and Security PlanBranch Ofce Head OfceLocal Network ID 192.168.0

Conguring IPSec VPN in the Head OfceFunction DescriptionName IPSec_HeadOfce Give a name of IPSec ConnectionLocal Network Subnet Select Subnet from

Conguring IPSec VPN in the Branch OfceFunction DescriptionName IPSec_BranchOfce Give a name of IPSec ConnectionLocal Network Subnet Select Subnet

Example: Conguring an IPSec Host to LAN VPN Connection102

Conguring IPSec VPN in the OfceFunction DescriptionName IPSec Give a name of IPSec ConnectionLocal Network Subnet Select Subnet from Local Network

L2TP (Layer Two Tunneling Protocol)Two types of L2TP VPN are supported Remote Access and LAN-to-LAN (please refer below for more information.). Fill i

The Front LEDs. LED Meaning1 Power Lit when power is ON. Lit red means system failure. Restart the device or contact Billion for support.2Ethernet Por

Connection Type: Remote Access or LAN to LANName: A given name for the connection (e.g. “connection to ofce”).Connection Type: Remote Access or LAN t

SHA1: A one-way hashing algorithm that produces a 160−bit hash.Encryption: Select the encryption method from the pull-down menu. There are four option

Example: Conguring a L2TP VPN - Remote Access Dial-in ConnectionA remote worker establishes a L2TP VPN connection with the head ofce using Microsoft

Conguring L2TP VPN in the OfceThe input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the

Example: Conguring a Remote Access L2TP VPN Dial-out ConnectionA company’s ofce establishes a L2TP VPN connection with a le server located at a sep

Conguring L2TP VPN in the OfceThe input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the

L2TP Connection - LAN to LANL2TP VPN ConnectionName: A given name for the connection Connection Type: Remote Access or LAN to LAN.Type: Check Dial Out

Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet; therefore, acti

Example: Conguring L2TP LAN-to-LAN VPN ConnectionThe branch ofce establishes a L2TP VPN tunnel with head ofce to connect two private networks over

Conguring L2TP VPN in the Head OfceThe IP address 192.168.1.200 will be assigned to the router located in the branch ofce. Please make sure this IP

The Rear Ports Port Meaning1Antenna(Wireless Router only)Connect the detachable antenna to this port.2 DSLConnect this port to the ADSL/telephone netw

Conguring L2TP VPN in the Branch OfceThe IP address 69.1.121.30 is the Public IP address of the router located in head ofce. If you registered the

116VoIP - Voice over Internet ProtocolVoIP enables telephone calls through existing Internet connection instead of going through the PSTN (Public Swit

117SIP Device Parameters This section provides easy setup for your VoIP service. Phone port 1 and 2 can be registered to different SIP Service Provide

118Advanced – ParametersVoIP through IP Interface: IP Interface decides where to send/receive the voip trafc; it includes: ipwan and iplan. Easy way

119To take your phone OFFHOOK, lift the receiver then press Hook/Flash until you hear your normal PSTN dialtone, not your VoIP dialtone. Wait several

120SIP Accounts This section reects and contains basic settings for the VoIP module from selected provider in the Wizard section. Fail to provide cor

121Phone Port This section displays status and allows you to edit the account information of your Phones. Click Edit to update your phone information.

122without waiting. Note: Refer to Special Dial Code section in this Manual for more details. Codec PreferenceCodec is known as Coder-Decoder used

123PSTN Dial Plan (Router with LINE port only)This section enables you to congure “VoIP with PSTN switching” on your system. You can dene a range of

124

CablingOne of the most common causes of problem is bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On

125PSTN Dial Plan Examples: Dial with Prex1. If you dial 01223 707070, number 01223707070 will be dialed out via FXO to make a regular phone call. Di

126Even though 7070 (only 4 digits) does not match with number of digits 6 dened in the led, 7070 is still a valid phone number since it has not exc

127VoIP Dial Plan This section helps you to make a telephony number dialed as making a regular call via VoIP. You no longer need to memorize a long di

128Main Digit Sequence: The call(s) can be called out via SIP or PSTN or ENUM. x: Any numeric number between 0 and 9. . ( period ): Repeat numeric num

129**xx*x.Starting with ‘** sign’ + any two digit numbers between 0 + any number (0-9) in variable length. Maximum length is 16.#xx.Starting with ‘# s

130Call Feature VoIP has all the basic features of a traditional phone. Besides the provided basic features, VoIP also comes with several enhanced fea

131Ring & ToneThis section allows advanced user to change the existing or newly dened parameters for the various ring tones (dial tone, busy tone

132Tone ParametersYou may need to check with your local telephone service provider for such information. Also, it is recommended that this option be c

133QoS - Quality of ServiceQoS function helps you to control your network trafc for each application from LAN (Ethernet and/or Wireless) to WAN (Inte

134Destination IP address Range: The destination IP address or range of packets to be monitored.Destination Port: The destination port of packets to b

Chapter 3: Basic Installation The router can be congured through your web browser. A web browser is included as a standard application in the followi

135information.Protocol: The name of supported protocol.Rate Limit: To limit the speed of outbound trafcSource IP Address Range: The source IP addres

136Inbound IP Throttling (WAN to LAN)IP Throttling allows you to limit the speed of IP trafc. The value entered will limit the speed of the applicati

137Example: QoS for your NetworkConnection Diagram Restricted PC Normal PCs VoIP

138Information and SettingsUpstream: 928 kbpsDownstream: 8 MbpsVoIP User : 192.168.1.1Normal Users : 192.168.1.2~192.168.1.5Restricted User: 19

139Mission-critical applicationMostly the VPN connection is mission-critical application for doing data exchange between head and branch ofce. The mi

140With above settings that help to limit utilization of upstream of FTP. Time schedule also help you to only limit utilization at daytime. Advanced s

141 Sometime your customers or friends may upload their les to your FTP server and that will saturate your downstream bandwidth. The settings below

142Virtual Server (known as Port Forwarding)In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a

143Add Virtual ServerBecause NAT can act as a “natural” Internet rewall, your router protects your network from being accessed by outside users when

144enable port number 80 (Web/HTTP) and map to Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the R

Connecting Your RouterConnect this router to a 1. LAN (Local Area Network) and the ADSL/telephone (ADSL) net work.Power on the device.2. Make sur

145Edit DMZ HostThe DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming

146Edit One-to-One NAT (Network Address Translation)One-to-One NAT maps a specic private/local IP address to a global/public IP address. If you have

147Application: Users-dened description to identify this entry or click drop-down menu to select existing predened rules. : 20 predened rules ar

148Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the ass

149Time ScheduleThe Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time prole, you may sched

150Conguration of Time ScheduleEdit a Time SlotChoose any Time Slot (ID 1 to ID 16) to edit, click Edit radio button.1. Note: Watch it carefully, th

151Delete a Time SlotSelect the Delete radio button of the selected Time Slot under the Time Slot section, and click the Edit/Delete button to conrm

152AdvancedConguration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. User

153Dynamic DNSThe Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a

154Check EmailThis function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when

Network CongurationConguring PC in Windows VistaGo to Start. Click on Network.1. Then click on Network and Sharing 2. Center at the top bar.When th

155Device Management The Device Management advanced conguration settings allow you to control your router’s security options and device monitoring fe

156For Example: User A changes HTTP port number to 100, species their own IP address of 192.168.1.55, and sets the logout time to be 100 seconds. Th

157for “security”, but is widely accepted as the SNMPv2 standard.SNMPv3 is a strong authentication mechanism, authorization with ne granularity for r

158IGMPIGMP, known as Internet Group Management Protocol, is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast pack

159LogoutTo exit the router web interface, choose Logout. Please save your conguration setting before logging out of the system.Be aware that the ro

160Chapter 5: TroubleshootingIf your router is not functioning properly, please refer to the suggested solutions provided in this chapter. If your pro

161Problem with LAN interfaceProblem Suggested ActionCannot PING any PC on LAN Check the Ethernet LEDs on the front panel. The LED should be on for th

162Appendix: Product Support & ContactFollowing the suggestions listed in the Troubleshooting section of the user manual can help you solve most o

163

Select Internet Protocol Version 4 5. (TCP/IPv4) then click Properties.In the TCP/IPv4 properties window, 6. select the Obtain an IP address au-to

Conguring PC in Windows XPGo to Start > Control Panel (in Classic 1. View). In the Control Panel, double-click on Network ConnectionsDouble-click

Conguring PC in Windows 2000Go to Start > Settings > Control Panel. 1. In the Control Panel, double-click on Network and Dial-up Connectio

Table of ContentsChapter 1: Introduction ...1Introduction to your Router ...

Conguring PC in Windows 95/98/MeGo to Start > Settings > Control Panel. 1. In the Control Panel, double-click on Network and choose the

Conguring PC in Windows NT4.0Go to Start > Settings > Control Panel. 1. In the Control Panel, double-click on Network and choose the Proto

Factory Default SettingsBefore conguring your router, you need to know the following default settings.Web Interface (Username and Password) Username

Information from your ISP Before conguring this device, you have to check with your ISP (Internet Service Provider) to nd out what kind of service

Conguring with your Web BrowserOpen your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”

Chapter 4: Conguration At the conguration homepage, the left navigation column provides you the link to each conguration page. The category of each

StatusADSL StatusThis section displays the ADSL overall status, which shows a number of helpful information such as DSP rmware version.3G StatusThis

Card Name: The name of the 3G card.Card Firmware: The current rmware for the 3G card.Current TX Bytes / Packets: The statistics of transmission, coun

Leased Table IP Address: The IP address that assigned to client.MAC Address: The MAC address of client.Client Host Name: The Host Name (Computer Name)

Routing Table Routing TableValid: It indicates a successful routing status.Destination: The IP address of the destination network.Netmask: The desti

Error Log ...30Diagnostic ...

NAT SessionsThis section lists all current NAT sessions between interface of types external (WAN) and internal (LAN).UPnP PortmapThe section lists all

PPTP Status This shows details of your congured PPTP VPN Connections. Name: The name you assigned to the particular PPTP connection in your VPN cong

IPSec StatusThis shows details of your congured IPSec VPN Connections. Name: The name you assigned to the particular VPN entry.Active: Whether the VP

Email StatusDetails and status for the Email Account you have congured the router to check. Please see the Advanced section of this manual for detail

Event LogThis page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s ADSL connection is disco

Error LogAny errors encountered by the router (e.g. invalid names given to entries) are logged to this window. DiagnosticIt tests the c

Quick StartClick Quick Start. Select the connect mode you want. There are 2 options to choose from: ADSL 1. or 3G. Select ADSL mode from the drop down

Please enter “Username” and “Password” as supplied by your ISP(Internet Service Provider) 5. and click Apply to continue.Pro le Port: Select the conn

Congure the Wireless LAN setting.6. WLAN Service: Default setting is set to Enable. If you want to use wireless, both 802.11g and 802.11b device in y

SIP: To use VoIP SIP as VoIP call signaling protocol. Default is set to Disable.Region: This selection is a drop-down box, which allows user to select

Firewall Log ...85VPN - Virtual Private Networks (Only available for

CongurationWhen you click this item, the column will expand to display the sub-items that will allow you to further congure your ADSL router.LAN, WA

LAN - Local Area NetworkHere are the items within the LAN section: Bridge Interface, Ethernet, IP Alias, Ethernet Client Filter, Wireless, Wireless Se

EthernetPrimary IP AddressIP Address: The default IP on this router.Subnet Mask: The default subnet mask on this router. RIP: RIP v1, RIP v2, and RIP

Ethernet Client FilterThe Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept t

MAC Address which connecting to the router. You can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert t

WirelessParametersWLAN Service: Default setting is set to Enable. If you do not have any wireless, both 802.11g and 802.11b, device in your network,

Note: Wireless performance may degrade if select ID channel is already being occupied by other AP(s). TX PowerLevel: It is a function that enhances t

Wireless SecurityYou can disable or enable with WPA or WEP for protecting wireless network.The default mode of wireless security is disabled.42

WPA-PSK / WPA2-PSK Security Mode: You can disable or enable with WPA or WEP for protecting wireless network. The default mode of wireless security is

Passphrase: This is used to generate WEP keys automatically based upon the input string and a pre-dened algorithm in WEP64 or WEP128. Default Used WE

Appendix: Product Support & Contact ... 162

Wireless Client / MAC Address FilterThe MAC Address supports up to 16 wireless network machines and helps you manage your network control to accept

connects to the router. You can easily by checking the box next to the MAC address to be blocked or allowed. Then, Add to insert to the Wireless Clie

Port Setting This section allows you to congure the settings for the router’s Ethernet ports to solve some of the compatibility problems that may be

DHCP Server You can disable or enable the DHCP (Dynamic Host Conguration Protocol) server or enable the router’s DHCP relay functions. The DHCP prot

WAN - Wide Area NetworkWAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here are the items

Rule 1. ADSL DownRule 2. Ping FailNo Ping: It will not send any ping packet to determine the connection. It means to disable the ping fail detection.P

WAN ProlePPPoE ConnectionPPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP.Prole Port: Se

Auth. Protocol: Default is Auto. Your ISP should advise you on whether to use Chap or Pap.Connection: Always on: If you want the router to establish a

PPPoA ConnectionProle Port: Select the prole port as ADSL.Protocol: The ATM protocol will be used in the device..Description: A given name for the c

Detail: You can dene the destination port and packet type (TCP/UDP) without checking by timer. It allows you to set which outgoing trafc will not tr

Chapter 1: IntroductionIntroduction to your RouterWelcome to the 3G/VoIP/ (802.11g) ADSL2+(VPN) Firewall Router. The router is an “all-in-o

MPoA Connection Prole Port: Select the prole port as ADSL.Protocol: The ATM protocol will be used in the device.Description: A given name for the co

MAC Spoong: Some service providers require the conguring of this option. You must ll in the MAC address that specify by service provider when it is

IPoA Routed Connection Prole Port: Select the prole port as ADSL.Protocol: The ATM protocol will be used in the device.Description: A given name for

Pure Bridge Prole Port: Select the prole port as ADSL. Protocol: The ATM protocol will be used in the device.Description: A given name for this conn

3GTEL No.: The dial string to make a GPRS / 3G user internetworking call. It may provide by your mobile service provider.APN: An APN is similar to a U

Connection:Always On: The router will make UMTS/GPRS call when starting up. Enabling Always On, will give you an option of Keep Alive.Keep Alive: Set

ADSL Mode Connect Mode: This mode will automatically detect your ADSL line code, ADSL2+, ADSL2, AnnexM2 and AnnexM2+, ADSL, All. Please keep the fac

SystemHere are the items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management.Time Zone

Remote AccessTo temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remot

Backup / Restore These functions allow you to save and backup your router’s current settings to a le on your PC, or to restore a previously saved bac

Multi-Protocol to Establish a ConnectionIt supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation overATM (bridged or rou

Restart RouterClick Restart with option Current Settings to reboot your router (and restore your last saved conguration).If you wish

User ManagementIn order to prevent unauthorized access to your router’s conguration interface, it requires all users to login with a password. You ca

When you create a user account, check Valid box and ll in the respective information for User, Comment, Password and Conrm Password in the blanks pr

Firewall and Access ControlYour router includes a full SPI (Stateful Packet Inspection) rewall for controlling Internet access from your LAN, as well

Listed are the items under the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking and Firewall Log.Ge

disable. Mostly it is for preventing any scan tools from WAN site by hacker.Packet FilterThis function is only available when the Firewall is enabled

Example: Predened Port Filters Rules The predened port lter rules for High, Medium and Low security levels are listed. See Table 1.Note: Firewall

Inbound: Internet to LAN Outbound: LAN to InternetYES: Allowed NO: Blocked N/A: Not Applicable Packet Filter – Add TCP/UDP Filter Rule Name Helper:

Packet Filter – Add Raw IP Filter Go to “Type” drop-down menu, select “Use Protocol Number”.Rule Name Helper: Users-dene description to identify this

As you can see from the diagram below, when the rewall is enabled with one of the three presets (Low/Medium/High), inbound HTTP access is not a

Quality of Service (QoS)QoS gives you full control over which types of outgoing data trafc should be given priority by the router, ensuring important

Conguring Packet Filter:Click Packet Filters. You will then be presented with the predened port lter rules screen (in 1. this case for the low secu

Example: Application: Cindy_HTTP Time Schedule: Always OnSource / Destination IP Address(es): 0.0.0.0 (I do not wish to active the address-lter, inst

77

Intrusion DetectionThe router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS

cannot protect against such attacks.Table 2: Hacker attack types recognized by the IDSIntrusion Name Detect Parameter BlacklistType of Block DurationD

ICMP FloodMax ICMP Count (Default 100 c/sec)YesICMP EchoMax PING Count(Default 15 c/sec)YesSrc IP: Source IP Src Port: Source PortDst Port: Des

URL FilterURL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) lter rules allow you to prev

Domains Filtering: This function checks the whole URL not the IP address, in URLs accessed against your list of domains to block or allow

Example: Andy wishes to disable all WEB trafc except for ones listed in the trusted domain, which would prevent Bobby from accessing other web sites

IM / P2P BlockingIM, short for Instant Message, is required to use client program software that allows users to communicate, in excha

Firmware UpgradeableDevice can be upgraded to the latest rmware through the WEB based GUI. Rich Management Interfaces It supports exible management

Firewall LogFirewall Log display log information of any unexpected action with your rewall settings. Check the Enable box to activate the logs. Log

VPN - Virtual Private Networks (Only available for BiPAC 7404V(G)OX)Virtual Private Networks is ways to establish secured communication tunnels to an

Username: If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial-In user (server), enter your own username.P

Example: Conguring a Remote Access PPTP VPN Dial-out ConnectionA company’s ofce establishes a PPTP VPN connection with a le server located at a sep

Conguring the PPTP VPN in the OfceClick Conguration/VPN/PPTP. Choose Remote Access from Connect Type drop-down menu. You can either input the IP ad

PPTP Connection - LAN to LANClick Conguration/VPN/PPTP. Choose LAN to LAN from Connect Type drop-down menu.Name: A given name for the connection (e.g

than 40 bit keys.Mode: You may select Stateful or Stateless mode. The key will be changed every 256 packets when you select Stateful mode. If you sele

Example: Conguring a Remote Access PPTP VPN Dial-out ConnectionThe branch ofce establishes a PPTP VPN tunnel with head ofce to connect two private

Conguring the PPTP VPN in the Head OfceThe IP address 192.168.1.201 will be assigned to the router located in the branch ofce. Please make sure thi

Conguring the PPTP VPN in the Head OfceThe IP address 69.1.121.30 is the Public IP address of the router located in head ofce. If you registered th