FriendlyNET ® VR2004 Series VPN Security Routers User ’ s Manual.
FriendlyNET V PN Security Router 2 Before Y ou Start Thank you for purchasin g the Asant é FriendlyNET VR2004 Series VPN Security R outer. Your rou ter has been des igned to prov ide a lifetime of tr ouble-free op eration.
User’s Manual 3 Quick Start Guide This se ction will g uide you thr ough sett ing up the Asanté FriendlyN ET router with y our Cable/DSL modem. Setting up your router requ ires three ba sic steps: 1. Determine t he TCP/IP settin gs for your com puter and record them in t he table provid ed.
FriendlyNET V PN Security Router 4 4. Once the in formation has been recorded , choose Using DH CP Server from the Conf igure: pul l-down menu. C lose the dia log box and sav e your cha nges. Repeat ste ps 1, 2, and 4 to configur e addition al Macs you w ish to add to the rout er.
User’s Manual 5 4. Once the in formation has been recorded , select Configure: Using DHCP . You w ill receive an IP a ddress aut omatically from your DHCP serve r. The T CP/IP configuration o f your computer is now com plete. Re- peat steps 1 , 2 and 4 to configure ad ditional M acs that y ou wish to add to the rout er.
FriendlyNET V PN Security Router 6 3. Expand th is dialog box by click ing on the Mor e Info >> button. 4. Complete t he informat ion in thi s table: Tip : Next to the DNS Ser vers field, clic k the button to show th e Secondary D NS (if availa ble).
User’s Manual 7 Windows XP 1. From the Start butt on, select Settings/Co ntrol Panel . 2. Click on N etwork and Interne t Connections . 3. Click the Network Connections ic on. 4. Double-cl ick on the network. 5. Under the Sup port tab, clic k on the D etails… button.
FriendlyNET V PN Security Router 8 The T CP/IP configuration o f your computer is now com plete. Re- peat steps 1 – 4 and 7 – 10 to conf igure additi onal PCs on your net- wor k. Red Hat Linux In order to gath er the inform ation necessary to comp lete the table, you w ill need to run th e /sbin/ipconfig co mmand.
User’s Manual 9 3. Configure Your Router From your co mputer , use your browser to conf igure the rout er for your netw ork. 1. Start your w eb browser . T ype http://192.16 8.123.254 i nto your browser’s address or locat ion field and press Enter .
User’s Manual 11 T able of Contents Before You Star t 2 Quick Start G uide 3 Chapter 1. Introducti on 13 Chapter 2. Con figuration 17 Chapter 3. Advan ced Setting s 27 Chapter 4. VPN Con figuration 41 Appendix A. Warranty Statement a nd Friendly Care Sup port 51 Appendix B.
User’s Manual 13 Chapter 1. Introduction Thank you for purchasin g the Friend lyNET VR 2004 Series VPN Se- curity Rou ter. The router prov ides an e asy, afforda ble way to com- municate ov er the Intern et, while ens uring a secure connecti on to another VR2004 (or other compatib le VPN solutio n).
FriendlyNET V PN Security Router 14 • Hacker A ttack Logging : Supports gen eral hacker attack pattern mo nitoring an d logging • High Performance 32-bit RIS C CPU Engine : W ith the most advan ce.
User’s Manual 15 • DMZ (Demilitarized Zo ne) : Allows y ou to place one s erver or workstat ion outsid e the firew all, to allow outs ide parties unrestricted access to the server 1.2 Package Contents Please comp are the item s included in your pa ckage to the list be- low.
FriendlyNET V PN Security Router 16 From left to ri ght, the rear p anel of the r outer contain s the following: Power (5 VDC) plug; Internet (WAN) port; COM port; Reset b utton; and LAN ports 4, 3, 2 and 1. LED Color Descri ption Link/ Activ ity LAN por ts 1 to 4 Green Blinking Off A vali d link h as been es tablis hed on the por t.
User’s Manual 17 Chapter 2. Configuration Power up the r outer first, before pow ering up the a t- tached d evices. Laun ch your w eb browser and type the default IP a ddress ( 54) in the browser’s addr ess box. Press Ent er . The login w indow will appear.
FriendlyNET V PN Security Router 18 • Time Zone Sett ings • Device IP Settin gs • ISP Settings • Additional ISP Set tings • Modem Settin gs • VPN Settings Important ! You must save an d restart the ro uter in the Save & Re- start scr een for your configurat ions to take effect.
User’s Manual 19 Quick St art Guide), and click Next to enter the data. If you use a dynamic IP Ad dress, che ck the Dynami c IP radio but ton and cl ick Next to continu e to Additio nal ISP Settings . 2.1.4 A dditional I SP Settings In this page, you can e nable the ty pe of W AN conne ction you are using.
FriendlyNET V PN Security Router 20 ISPs use the i nformation f or authenticatio n purposes, so y ou must select the check box and enter the requeste d informatio n for your WA N ty p e . Some provider s require the Ethernet addr ess (the M AC address) of the computer that is co nnecting the C able/DSL m odem to au thenti- cate the con nection.
User’s Manual 21 Click N ext to enter the n ew data and to proceed to th e Wir el ess Settings page (VR2004AC model o nly) or to th e Modem Setti ngs page. 2.1.5 Wirel ess Sett ings ( VR2004 A C only) The VR2004AC i s designe d to function as a wireless access point using the de fault setti ngs show n.
FriendlyNET V PN Security Router 22 Encry ption Most interna l LAN traffic do es not require additiona l security meas- ures. If you are transferrin g sensit ive files or ot her material over the wireless LAN, you may ena ble the W EP Secur ity Settings.
User’s Manual 23 2.1.7 VPN Setting s The router can be used a s an ordinary unen crypted co nnection to the Internet, or as a secur e connectio n to another VPN ro uter. To set up a V irtual Private Netw ork (VPN), you must enable the VPN feature, w hich allow s a secure con nection to the I nternet.
FriendlyNET V PN Security Router 24 2.2 Device Information This page di splays t he current settings of the r outer: • Device Name : The host name of th e router • IP Address : T he IP address of .
User’s Manual 25 • VPN Status : View the IPSec Connectio n Status for VPN tunnels • DHCP Status : Click to refresh the DHCP log 2.4 System Tools From th e Main Menu , select the Sy stem T ools bu tton t o displa y the st atus of th e ro uter.
FriendlyNET V PN Security Router 26 • Upgrade Firmware : Allows you to upgrade the rout er to the latest version of firm ware • Reset Device : Restarts the router.
User’s Manual 27 Chapter 3. A dvanced Settings From the main menu, cl ick on the corre sponding b utton to a ccess the Advanced Sett ings screen. Fr om here, you can access the follow ing pages for .
FriendlyNET V PN Security Router 28 IP Address Pool Rang e This pool c ontains the range of IP addres ses that w ill automatica lly be assigne d to the cli ents on y our network. T he default set ting is to 192.168. 123.100. Incre ase the ran ge if you hav e more than 98 comput ers on your network.
User’s Manual 29 Enter the IP addre sses of the network server s and the Serv ice Port Range to al low remote a ccess to th e desired ports. T he Server Port is a TCP or UD P port numb er.
FriendlyNET V PN Security Router 30 3.3 Wireless A ccess Control Settings * This feature sh ould only be used by users with an extensive knowledge of TCP/IP.
User’s Manual 31 To delete a M AC addres s, select the correspondin g checkbo x and click t he Del button. The maximum number of e ntries allow ed in the table is 32. Note : At least on e client must have full acce ss in order to perform administrat ive tasks.
FriendlyNET V PN Security Router 32 To specify that gateway you need t o define a stati c route. • Destinati on IP Address: T he netw ork address of the re- mote network • Subnet Mask: The subnet mask of t he remote n etwork • Gateway IP Address: The IP a ddress to be us ed as a gate- way to the remote netw ork 3.
User’s Manual 33 3.5 Filter Settings Filter Setti ngs give you additio nal control over w hat user s on your local netw ork can see o n the Interne t, or what user s on the I nternet can connec t to on your local netw ork. LAN filters control w hat re- sources on t he Intern et your local users can connect to.
FriendlyNET V PN Security Router 34 Your sele ctions sh ould look like this: • LAN Side Filt er Enabled: Ena bled • Default LAN Sid e Filter: Pass • Filter Entry: Bloc k • Protocol: TCP • IP Address Ra nge: 192.
User’s Manual 35 3.6 A dministrative Settings In this scre en, you ca n set several a dministrativ e options for the router simply by enteri ng a passw ord or checking v arious op tions that are l isted.
FriendlyNET V PN Security Router 36 3.6.2 Remote System Administration You may conf igure your ro uter to allow a user on the Internet to ad- minister it.
User’s Manual 37 ISP sets the limit on packet siz e for PPPoE conne ction, in which case, you w ill have to change the M TU setting. See your ISP for details on packet siz e limits.
FriendlyNET V PN Security Router 38 may enable the Use wi ldcards feature. 3.8 URL Filter Settings This feat ure allows y ou to block ac cess to c ertain websi tes on the Internet. Y ou can specify w ords or letters th at, if they appear in the website na me (the URL) or new sgroup name, w ill cause the site to be blocked by the router .
User’s Manual 39 To enable thi s feature, a ccess the E-m ail Alert screen from the Ad- vanced Setti ngs page an d check t he box Enable E-mail Notifica- tion . Nex t, enter the IP addr ess of the outg oing mail server and the destinat ion e-mail addr ess in t he given fie lds and sele ct the fr e- quency for re ceiving E- mail alerts.
User’s Manual 41 Chapter 4. VPN Configuration If you require more than a n ordinary, u nencrypted connection to t he Internet, the ro uter support s IPSec to al low secure c ommunication s from a netw ork to another network, or from a client t o a network.
FriendlyNET V PN Security Router 42 You w ill require three pi eces of infor mation about e ach LAN that i s taking part i n a VPN connec tion: 1. The remot e Network IP addre ss of the LAN. This w ill usually be the same as the address of the LAN port of t he router, w ith the last segme nt of the addr ess ch anged to ‘0’.
User’s Manual 43 VR2004 ‘A’ (West end) • Connection Name : West-East • Local IPSec Id entifier : W est (A llows you to identify mult i- ple tunne ls and does n ot have to match the name used at the other end o f the tunnel . May be left blank.
FriendlyNET V PN Security Router 44 • Remote IP Net w ork : 192.16 8.123.0 • Remote IP Netmas k : 255.255.255. 0 • Remote Gateway IP : • Network Interf ace : W AN ETHERNET 4.
User’s Manual 45 • Remote IP Net w ork : 192.16 8.123.0 • Remote Netmask : • Remote Gateway IP : • Network Interf ace : The interf ace on the ro uter used to communic ate with the re mote netw ork.
FriendlyNET V PN Security Router 46 The preferred w ay to do this is with auto matic keying using the Internet Key Ex change Protoc ol (IKE). This require s that your ISP or firewall allows traffic for T CP port 500. Chec k with your IS P or network ad ministrator if you are not sure if traffic fo r TCP port 500 is allowed.
User’s Manual 47 4.3.3 Pre-Sha red Key IKE can establ ish a key for the tw o ends of the tun nel to use t o en- crypt the traff ic bound for the other n etwork, but it cannot gua rantee that the router on the other e nd of the tu nnel can be tru sted.
FriendlyNET V PN Security Router 48 The follow ing sectio ns describ e the paramet ers that will need to be entered for a m anually key ed tunnel. 4.4.1 Incoming and Outgoing SPI (Secur ity Parameter Index) The SPI is a 32- bit field th at the router w ill use to id entify the Secure Associatio n.
User’s Manual 49 4.4.5 Authenticatio n Key This string is used a s key authenti cation. Use a n alpha-nu meric value of 16 characters (M D5) or 20 char acters (SHA-1) . Note : The value entered mu st match that u sed by the r emote de- vic e. After configuri ng all the VPN v alues that ar e required, c lick on the Save button.
User’s Manual 51 Appendix A . W arrant y Statement and Friendl yCare Support Subject to th e limitations and exclusions below, Asanté warrants to the origi- nal end user purchaser that the covered products will be free fro m defect s in titl e, materials and manufacturing w orkm anship for a period of two years from the date of purchase.
User’s Manual 53 Appendix B. FCC Statement This equ ipment has be en test ed and found t o comply w ith the limit s for a Class B di gital dev ice, pursuan t to part 15 of the FCC Rules. These limit s are desi gned to p rovide reaso nable prote ction again st harmful interf erence in a residentia l installa tion.
User’s Manual 55 Appendix C. T r oubleshooting Before beginni ng the troubl eshootin g process, please chec k the System Re quirements found in Chapt er 1 have been met. If not, resolve the Sy stem Requ irement defi ciencies before attemp ting to troubleshoot furth er.
FriendlyNET V PN Security Router 56 C.2 Problems Accessing Router If you have problems acc essing the router , please c heck the follow- ing: 1. Can you ping 192.168.123. 254? If so, disable th e proxy in your browser 's setting. 2. If http://192.
User’s Manual 57 C.3 Cabling Problems Network cab les conne ct devices i n an Ethernet n etwork, suc h as computers, p rinters, hubs, rout ers and Cable/DSL modems. The network co nnections prov ided by Ethernet cabli ng allow the devices to share infor mation, and allow a LAN to acce ss the Intern et.
FriendlyNET V PN Security Router 58 2. If the port f unctions corre ctly, make s ure the router is attached to an Uplink Port on the hub o r switch. I f there is an Upl ink button on the hub or sw itch, make sure it is in th e Uplink po si- tion.
User’s Manual 59 A pp endix D. Renew ing Client IP A d dres ses Perform the f ollowing to r enew the IP addr esses of client co mputers after configur ing your VR 2004 Series R outer: D.1 Windows 98/Me Perform the f ollowing st eps to Relea se and Renew the IP Address on each client attache d to the router: 1.
User’s Manual 61 Appendix E. Service Ports The table bel ow list s some of the m ore common T CP and UDP ser- vice ports. Port Servi ce 20 FTP-D ATA 21 FTP 23 Te lnet, I nte rnet BBS 25 SMTP, Se nd .
User’s Manual 63 App endix F . Hardware and Soft ware Comp atibility Protocols Supported TCP/IP, NAT, DHCP, PPP, PPPoE, VPN Network and Cli ent Platforms comp atibility Windows 9 5/98/NT/2000/ W or .
User’s Manual 65 Appendix G. Specifications Connectors: LAN: 4 Fast Ethe rnet (100Bas eTX, 10BaseT ): RJ-45 WAN: 1 Fast Ethernet (10 0BaseTX, 10BaseT): RJ -45 COM: Serial (analog modem or IS DN TA): DB9 WLAN: 11 Mbps (802.
FriendlyNET V PN Security Router 66 Advanced S ettings DHCP: Dynamic hos t configuration p rotocol automatic ally assi gns IP address to spec ified cli ents. Choose addres s pool ran ge. Reserve LA N IP addresses for selec ted devic es (by MAC addresses).
User’s Manual 67 Intrusion: Detects 11 typ es of denial of service (DOS) attacks including: ping of death (il legal ping p acket), SYN fl ood (detects if SYN is from the sa me source), LA ND atta ck.
FriendlyNET V PN Security Router 68 Performanc e Processor: 32-bi t RISC CPU Memory: Upgradeable FLAS H firmware from web bro wser LAN: 10/100 Mbps WAN: 10/100 Mbps WLAN: Up to 11 Mbps Physical Charac teristics Dimensions : 7.9 x 5.9 x 1. 7 inches (2 01 x 151 x 44 mm) Weight: VR2004C: 1.
User’s Manual 69 Appendix H. Configuri ng a Sy stem Log Server Because the router ’s memory cann ot hold as many message s as a computer with a hard drive, you can have the r outer send its System Log message s to a server on the network. The ability to receive system log m essages is most com mon on Unix-ty pe sys- tems.
FriendlyNET V PN Security Router 70 # /etc/init.d/ syslog restart 4. A default inst all of a rec ent version of R ed Hat Linux has proba- bly also c onfigured a f irewall that m ay be blocki ng access to the syslog port. Usually ipchai ns is used by def ault.
User’s Manual 71 ConsoleM essage "Start ing system lo g" if [ -f /et c/syslog.conf ]; then if ! pid= $(GetPID syslog); then rm -f /d ev/log sys logd fi else echo " Warning: sy slogd w as not started" fi } -- 2. Add a p arameter -u to the end of the line that starts the daemon: syslogd - u 3.
FriendlyNET V PN Security Router 72 8. Selec t Other under Port Name . Enter 514 and sy sl og in the Port Number and Desc ri pti on fields, and click OK .
User’s Manual 73 Appendix I. Y our 802.1 1b Wireless Net w ork Thank you for choos ing As anté for your wir eless net work ing solu- tions. In or der to m ake wire less net working as safe an d eas y as possible, p lease c onsider t he follo wing inf orm ation when sett ing up and usi ng your wireless network .
FriendlyNET V PN Security Router 74 • The type of w alls, window s, doorw ays or other buildi ng structures w ill affect the range of the wireless s ignal.
User’s Manual 75 M A C A ddress Control Every netw ork device ha s a unique hardware addre ss known as a media acc ess control (M AC) address. En abling M AC address con- trol allow s you to contro l LAN and W AN access for ea ch clie nt in your netw ork.
Asanté T echnologie s, Inc. 821 Fox Lane San Jose, C A 95131 FriendlyNE T VR2004 Series V PN Security Router User’s M anual SALES 800-662-9686 H ome/Office Solutions 800-303-9121 En terprise Solu tions 408-435-8388 TECHNICAL SUPPORT 801-566-8991 Worldw ide 801-566-3787 FAX www .
