Corega COR-BAR-AWLA-54 User manual
Warranty
Corega International warrants product for two years from date of purchase
against defects in materials and workmanship. This warranty does not cover
any defects caused by accident, misuse, fair wear and tear, neglect, or an
attempt at repair. This warranty is offered as an additional benefit to the
consumer’s statutory rights and does not affect these rights in any way.
Corega International shall not be held responsible for any special, incidental,
or consequential damages resulting from any breach of warranty, or under any
other legal theory, including but not limited to lost profit, downtime, damage to
data stored in or used with Corega International products.
Trademarks
CoregaTM is a trademark of Corega Holdings KK., Japan.
Other trademarks, brand and product names are acknowledged as trademarks
of their respective holders. Information is subject to change without notice.
All rights reserved.
(GB) Warnings
ELECTRIC SHOCK HAZARD:
Install product in accordance with local and National Electrical Codes.
To de-energise equipment, disconnect the power cord.
(D) Warnhinweise
STROMSCHLAGGEFAHR:
Dieses Produkt muss entsprechend den örtlichen und nationalen
Elektrizitätsvorschriften installiert werden. Zum Abschalten der Ausrüstung
Stromkabel abziehen.
(I) Attenzione
RISCHIO DI SHOCK ELETTRICO:
Installare l'apparecchio in base alle normative elettriche locali e nazionali. Per
togliere l'alimentazione al dispositivo, scollegare il cavo relativo.
(E) Advertencias
PELIGRO DE ELECTROCUCIÓN:
Instale el producto de acuerdo con las recomendaciones de la
normativa sobre instalaciones eléctricas de su país. Para desactivar el equipo,
desconecte el cable de alimentación.
(F) Avertissements
RISQUE D'ÉLECTROCUTION:
Installez le produit conformément aux réglementations électriques nationales et
locales. Pour mettre l'équipement hors tension, débranchez le cordon
d'alimentation.
(FIN) Varoitukset
SÄHKÖISKUN VAARA:
Asenna tuote noudattaen paikallisia ja kansallisia säädöksia. Laitteen saa jännit-
teettömäksi vain irroittamalla sähköjohdon.
(RUS) Предупреждения
ОПАСНОСТ ПОРАЖЕНИЯ ЛЕКТРИЧЕСКИМ ТОКОМ:
Устанавливайте изделие в соответствии с местн!ми и
национал#н!ми правилами по установке
(лектрооборудования. Для отключения питания
отключите шнур питания.
Предупреждение – (то изделие класса A. В домашних
условиях (то изделие может создават# радиопомехи. В
(том случае пол#зователю, возможно, понадобится
принят# соответствующие мер!.
617-10091/01
ADSL WIRELESS
802.11g 54MBPS
ROUTER
HUBS • SWITCHES • ADAPTERS • WIRELESS LAN • USB • KVMs • MEDIA CONVERTERS • ROUTERS • ADSL
COR-BAR-AWLA-54 & COR-BAR-AWLB-54
ALL-IN-ONE-ROUTER
1
ENGLISH
Table of Contents
FCC STATEMENT 2
CE DECLARATION OF CONFORMITY 2
MANUFACTURER’S DISCLAIMER STATE 2
CHAPTER 1.0: GETTING TO KNOW YOUR ADSL WIRELESS ROUTER 2
1-1 FEATURES OF THE ADSL WIRELESS ROUTER 2
1-2 CONTENTS OF THE ADSL WIRELESS ROUTER PACKAGE 2
CHAPTER 2.0: HARDWARE INSTALLATION & SETUP 3
2-1 CONNECTORS AND INDICATORS 3
2-2 INSTALLATION 4
CHAPTER 3.0: BASIC INSTALLATION & SETUP 4
3-1 GATEWAY USING PPPoE 7
3-2 GATEWAY USING PPPoA 7
3-3 MODEM USING LLC ENCAPS. 7
3-4 GATEWAY USING LLC ENCAPS. (DYNAMIC IP) 7
3-5 GATEWAY USING LLC ENCAPS. (STATIC IP) 8
3-6 GATEWAY USING CLASSICAL IP 8
3-7 ROUTER USING CLASSICAL IP 8
3-8 MODEM USING LLC ENCAPS. 9
CHAPTER 4.0: ADVANCED CONFIGURATION 9
4-1 FIREWALL 9
4-2 VPN SETTINGS 10
4-3 DHCP CONFIGURATION 14
4-4 WEB CONTROL 15
4-5 TIME OF DAY (ToD) CONTROL 15
4-6 ACCESS CONTROL 16
4-7 VIRTUAL SERVER SETTINGS 17
4-8 SPECIAL APPLICATIONS 19
4-9 DMZ HOST 19
4-10 DYNAMIC ROUTING 20
4-11 STATIC ROUTING 21
4-12 WIRELESS 22
4-13 DDNS 23
CHAPTER 5.0: MANAGEMENT 24
5-1 DEVICE ADMINISTRATION SETTINGS 24
5-2 STATUS MONITOR 25
5-3 LOG 26
5-4 BACKUP & RESTORE 27
5-5 UPGRADE FIRMWARE 27
5-6 DIAGNOSTIC-PING/TRACERT 27
CHAPTER 6.0: MACINTOSH SETUP 28
6-1 HARDWARE CONNECTIONS 28
6-2 COMPUTER NETWORK CONFIGURATION 28
6-3 ADSL WIRELESS ROUTER CONFIGURATION 29
6-4 ADDING ADSL WIRELESS ROUTER TO EXISTING NETWORK 29
CHAPTER 7.0: TROUBLESHOOTING 30
HARDWARE 30
CLIENT SIDE (COMPUTERS) 30
APPENDIX A: FREQUENTLY ASKED QUESTIONS 31
APPENDIX B: TECHNICAL SPECIFICATIONS 32
APPENDIX C: CONFIGURING IPSEC BETWEEN A MICROSOFT WINDOWS 2000 OR XP PC AND BROADBAND VPN ROUTER 32
C-1 ENVIRONMENT 32
C-2 STEPS IN WINDOWS 2000/XP 32
APPENDIX D: GLOSSARY 34
ENGLISH
2
FCC Statement
This device complies with Part 15 of FCC rule. Operation is subject to the following two conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause undesired operation.
This ADSL Wireless Router has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used according to the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in
a particular installation. If this equipment does cause harmful interference to radio or television reception, which is found by turning the equipment off and on, the user is
encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment or device.
Connect the equipment to an outlet other than the receiver’s.
Consult a dealer or an experienced radio/TV technician for assistance.
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum
distance 20cm between the radiator and your body.
CE Declaration of Conformity:
This equipment complies with the specifications relating to electromagnetic compatibility, EN 55022/A1 Class B, and EN 50082-1. This meets the reasonable protection
requirements set out in the European Council Directive on the approximation of the laws of the member states relating to Electromagnetic Compatibility Directive
(89/336/EEC).
Manufacturer’s Disclaimer State
The information in this document is subject to changes without notice and does not represent a commitment on the part of vendor. No warranty or representation, either
expressed or implied, is made with respect to the quality, accuracy or fitness for any particular prupose of this document. The manufacturer reserves the right to make
changes to the content of this document and/or the products associated with it at any time without obligation to notify any person or organization. In no event will the
manufacturer be liable for direct, indirect, special, incidental or consequential damages arising out of the use or inability to use this product or documentation, even if
advised of the possibility of such damages. This document contains materials protected by copyright. All rights are reserved. No part of this manual may be reproduced
or transmitted in any form, by any means or for any purpose without the expressed written consent of its authors. Product names appearing in this document are
mentioned for identification purchases only. All trademarks, product names or brand names appearing in this document are registered property of their respective owners.
1.0 Getting to know your ADSL Wireless Router
1-1 Features of the ADSL Wireless Router
Congratulations on your purchase of this ADSL Wireless Router.
The router provides the following benefits:
•High Speed internet Access over ADSL (Up to internet downstream speed and 832Kbps upstream speed).
•Allows multiple computers to share a single ISP internet account.
•Wireless LAN connection via integrated Wireless Access Point.
•Provides 64bits/128bits key WEP (Wired Equivalent Privacy) wireless data encryption to secure wireless communication.
•4port 10/100Mbps switch for wired connections to computers and printers.
•DHCP Server providing local IP addresses to local computers.
•Complete data security protecting the network from hackers.
•In-built filters allow denial of access to objectionable websites.
•Virtual Private Network support (VPN) and IPSec support.
1-2 Package Contents
After carefully unpacking the shipping carton, check the contents listed below.
1 x ADSL Wireless Router
1 x Power Adapter
1 x User’s Manual
1 x Telephone Cable
1 x Ethernet Cable
1 x CD
Figure 1. Pack Contents
3
2.0 Hardware Installation and Setup
2-1 Connectors and Indicators
The rear panel of the router is shown in Figure 2.
Figure 2. Rear Panel
•Antenna Provides data transmission and reception for wireless devices. Please ensure that the Antenna is facing upwards.
•Reset Pressing this button for 3 seconds will reset the unit back to factory defaults.
•ADSL This is the WAN connection port to the telephone socket.
•LAN 1–4 Four LAN ports for local computers/printers.
•Power Inlet socket for external power adapter.
The front panel of the router is shown in Figure 3.
Figure 3. Front Panel
•Power 0ff - No power applied
Green - Power to the router
•Diag/Transaction Red - Glows when the router performs a self test on power on
Green - On when a link to the ISP is established
•WLAN Enable/Activity Off - Wireless not enabled
Green - Wireless enabled
Flashing - Data activity on the wireless port
•LAN Link/Activity Off - Port not active
Green - Port has valid connection
Flashing - Data activity on the port
•ADSL Link/Activity Off - ADSL line not connected
Green - ADSL connection is established and ready
Flashing - ADSL connection is being established
2-2 Installation
Connect the router as shown.
Figure 4. Hardware Installation
ENGLISH
Power on the devices in the following sequence:
•ADSL Router
•Computer(s)
Note! The computer needs to be configured with the following:
•Ethernet Card supporting either;
-10Base-T
-100Base-TX
-802.11b Wireless
•TCP/IP Protocol
•Web browser such as Microsoft Internet Explorer 4.0 or later.
Note! If you are connecting via a wireless connection – the Access Point in the router is programmed with the following default parameters:
SSID - Corega
WEP - disabled
3.0 Basic Installation & Setup
This chapter describes the procedures necessary to configure the basic functions of the router to allow internet access.
The following information should be supplied by your ISP:
Provided by some ISPs Host Name:
Domain Name:
IP address given by ISP • Dynamic
• Static
IP address
Subnet Mask
Default Gateway
DNS Server (Primary)
DNS Server (Secondary)
WAN VPI and VCI Values VPI
VCI
Operating Mode • LLC Encapulation with Dynamic IP
• LLC Encapulation with Static IP
• Gateway Classical IP
• PPPoE
• PPPoA
• Router using Classical IP
PPP Authentication Login Name
Password
Depending on your ISP, some or all of these parameters need to be programmed into the router.
Before attempting to configure the router, Corega suggest that you visit the support site of www.corega-international.com, and download a configuration file which may
help you with your particular installation. This should setup most of the parameters such that you only have to enter your username and password.
To access the router, point your web brower at:
http://192.168.1.1
Note! For most users, a compatible IP address will be automatically allocated to each computer by the router’s internal DHCP server. If you cannot access the
router – check that the computer has been set to receive a dynamic IP address or manually configure a compatible IP address.
From Windows:
Start/Settings/Network & Dial Up Connections/Local Area Connection/Properties/TCP/IP
ENGLISH
4
5
The following screen should appear:
Figure 5. Login Screen
The factory default values are:
Username Leave blank
Password admin
Click OK.
The following screen should appear:
Figure 6. One Page Setup
By setting the parameters on this page, users should then be able to access the internet using the router.
•Host Name: This entry is required by certain ISPs. (If not necessary – leave blank).
•Domain Name: This entry is required by certain ISPs. (If not necessary – leave blank).
•Time Zone: Select the relevant time zone from the drop down list. (Setting this is optional)
•Private IP Address: This is the LAN IP address of the router. This is the address that is used to configure the router. The default values are:
192.168.1.1 for IP Address and
255.255.255.0 for Subnet Mask.
(Changing this factory default setting is optional, and is not necessary for most small networks).
•Wireless: Check “Disable” or “Enable” to make the wireless LAN function active. If you select “Disable”, then all of the following wireless parameters can be
ignored.
•SSID: (Service Set Identifier). SSID is the unique name shared among all clients and the router in a wireless network. The SSID must be identical for all wireless devices
and must not exceed 32 characters. The default value for the SSID is ‘corega’.
•SSID Broadcast: The router will broadcast the SSID to let wireless clients easily search and connect to this router. Default value is “allow”.
ENGLISH
•Channel: Select the appropriate channel number from the drop-down menu. The permissible channels are different in each country due to local government
regulations. Make sure that all nodes in the same wireless LAN network use the same channel.
•WEP: (Wired Equivalent Privacy), WEP is an encryption mechanism used to protect your wireless data by providing a secure communications method. WEP uses a
combination of either 64 or 128-bit keys to encrypt data that is transmitted between all points in a wireless network to ensure data security. To code/decode the data
transmission, all points must use the identical key. To make the WEP encryption active or inactive, select “Mandatory” or “Disable”.
•WEP Key Setting: If WEP is set to mandatory, click the button of “WEP Key Setting” to go to the next setting screen. Select either “64Bit” or “128Bit”
encryption algorithm from the drop-down list. There are two ways to generate WEP key:
Passphrase: Enter an alphanumeric text string in this column then click the “Generate” button. Four 64-bit encryption keys or one 128-bit encryption key will be
created automatically.
You can enter the WEP key manually.
You may need to enter the WEP key manually to join the existing wireless network. If you are not sure which way to use, check with your network administrator.
Figure 7. Wireless Encryption
Default TX Key If using WEP64, then select one of the four encryption keys you are going to use in the wireless network. Ensure that all the points in a same
wireless network have the same encryption key.
Click “Apply” after making any changes.
•VC Setting: Enter the VPI and VCI values provided by your ISP.
•WAN Connection Type: WAN Connection type is the way the router works with DSLAM equipped in your ISP side. This ADSL Wireless router supports seven
connection types listed as below. Different countries, and different operators use different types of connection type. It is important to select the correct type for your
network provider. If you are unsure about which WAN Connection Type, please consult your provider.
-Gateway using PPPoE
-Gateway using PPPoA
-Gateway using LLC Encaps. (Dynamic IP)
-Gateway using LLC Encaps. (Static IP)
-Gateway using Classical IP
-Router using Classical IP
ENGLISH
6
7
3-1 Gateway using PPPoE
Figure 8. Gateway using PPPoE
•User Name: Enter your ISP Username.
•Password: Enter your ISP Password.
•Connect-on-demand: Only enable this option if your ISP charges by the megabyte or by minutes (seconds) of line useage. Enabling this option will cause the
router to connect to the ADSL line when there is a packet waiting to be transmitted. Set the Max Idle Time with the length of time the router will remain in an
idle state before reconnecting to collect incoming data.
•Keep Alive: This function keeps your PPPoE connection always active even when there is no data to transmit. However, in some situations, the PPPoE session
cannot be built immediately after disconnection because the system on the ISP site may need a little time to restore. You may need to check with your ISP to find
out how much time is required before the router can start to re-build the PPPoE session and then fill this in the “Redial Period”.
3-2 Gateway using PPPoA
Figure 9. Gateway using PPPoA
•User Name: Enter your ISP Username.
•Password: Enter your ISP Password.
•Connect-on-demand: Only enable this option if your ISP charges by the megabyte or by minutes (seconds) of line useage. Enabling this option will cause the
router to connect to the ADSL line when there is a packet waiting to be transmitted. Set the Max Idle Time with the length of time the router will remain in an
idle state before reconnecting to collect incoming data.
•Keep Alive: This function keeps your PPPoA connection always on even if it sits idle. However, in some situations, the PPPoA session cannot be built immediately
after disconnection because the system on the ISP site may need a little time to restore. You may need to check with your ISP to find out how much time is
required before the router can start to re-build the PPPoE session and then fill this in the “Redial Period”.
3-3 Modem using LLC Encaps
Gateway, Router and Modem are the different working modes of the router. It is highly recommended that you use the Gateway mode, which is NAT enabled. It not only
allows LAN users to share a single IP Address, but also protects your LAN network from outside intruders. If the router is set to the Router mode or the Modem mode, all
the PCs in the LAN will have to be assigned fixed IP Addresses. The Router mode allows users to specify which routing path data packets should take. If setting to the
Modem mode, the Public IP Address setting is not necessary.
LLC Encaps, Classical IP, PPPoE, and PPPoA are different connection modes that are different protocols for making the initial session between your router and the ISP’s
equipment. Your ISP may provide the information regarding the connection mode you should set. If you don’t know which one to choose, you should contact your ISP to
get this information.
3-4 Gateway using LLC Encaps. (Dynamic IP)
This connection type is the default setting of this router. Leave this setting on the column according to the following conditions:
1. You want to employ NAT. NAT allows you to use single IP address as the external one to share internet access from all of your PCs, as well as protect them from
outside intruders.
2. Your ISP uses LLC Encapsulation and uses DHCP to assign an IP address when you connect to your ISP LLC encapsulation allows multiplexing of multiple protocols over a
single ATM virtual connection (VC). You can find more information on RFC 2684.
ENGLISH
3-5 Gateway using LLC Encaps. (Static IP)
Figure 10. Gateway using LLC Encaps. (Static IP)
Choose this setting according to the following conditions:
1. You want to employ NAT. NAT allows you to use single IP address as the external one to share internet access for all of your PCs, as well as protect them from outside
intruders.
2. Your ISP uses LLC Encapsulation and provides you with one or more IP addresses when you apply for the service. You can find more information on RFC 2684.
Specify WAN IP Address: Enter one IP address provided by your ISP.
Subnet Mask: Enter the subnet mask values provided by your ISP.
Default Gateway IP Address: Your ISP will provide you with the Default Gateway IP Address.
Domain Name Server (DNS): Your ISP will provide you with at least one DNS IP Address. Multiple DNS IP settings are common. The first available DNS entry is
used in most cases.
3-6 Gateway using Classical IP
Figure 11. Gateway using Classical IP
Choose this setting according to the following conditions:
1. You want to employ NAT. NAT allows you to use a single IP address as the external one to share internet access for all of your PCs, as well as protect them from outside
intruders.
2. Your ISP uses Classical IP connection type (use LLC encapsulation and routing protocol) and provides you with one or more IP addresses when you apply for the
service. You can find more information on RFC 2684.
Specify WAN IP Address: Enter the IP address provided by your ISP.
Subnet Mask: Enter the subnet mask values provided by your ISP.
Default Gateway IP Address: Your ISP will provide you with the Default Gateway IP Address.
Domain Name Server (DNS): Your ISP will provide you with at least one DNS IP Address. Multiple DNS IP settings are common. The first available DNS entry is
used in most cases.
3-7 Router using Classical IP
Figure 12. Router using Classical IP
Choose this setting according to the following conditions:
1. You want this device acting as a router without NAT function.
2. Your ISP uses Classical IP connection type (use LLC encapsulation and routing protocol) and provides you with one or more IP addresses when you apply for the
service. You can find more information on RFC 2684.
ENGLISH
8
9
Specify WAN IP Address: Enter the IP address provided by your ISP.
Subnet Mask: Enter the subnet mask values provided by your ISP.
Default Gateway IP Address: Your ISP will provide you with the Default Gateway IP Address.
Domain Name Server (DNS): Your ISP will provide you with at least one DNS IP Address. Multiple DNS IP settings are common. The first available DNS entry is used in
most cases.
Note! You have to set a public IP address for each of your LAN PCs if you select this connection type
3-8 Modem using LLC encaps
Figure 13. Modem using LLC Encaps
Choose this setting according to the following conditions:
1. You want this device acting as an ADSL modem.
2. Your ISP used LLC encapsulation.
Your ISP may use DHCP to provide an IP address or to provide you with one or more IP addresses, as well as asking you to use PPPoA or PPPoE connection modes when
you apply for the service. However, as you have chosen to make this device act as an modem, you have to know how to configure your PCs.
When you have properly configured the Setup page, click “Apply”. You can now test to see if the settings are all correct by successfully connecting to the Internet.
4.0 Advanced Configuration
Most users will not need to change any advanced configuration on this router. This section is intended for users who are familiar with both wireless and routers.
4-1 Firewall
This allows users to configure the Stateful Packet Inspection Firewall to protect the user from external hackers.
From the One Page Setup screen select Firewall Settings from the left hand side.
Figure 14. Firewall
•Advanced Firewall Protection: Enable/Disable: This enables/disables the firewall, and gives protection from ‘Denial of Service’ attackes whilst also enabling
the Stateful Packet Inspection Firewalll.
•Web Filter: Enabling or Disabling the following allows users to perform filtering on various incoming packet types.
Press “Apply” after making any changes.
ENGLISH
4-2 Virtual Private Network (VPN) Settings
A Virtual Private Network (VPN) allows users to use the internet to make the equivalent of a direct connection (private network) between two offices. Private networks
should be extremely secure, therefore when using the internet to make a VPN, data encryption must be used to ensure a high level of data security.
Figure 15. VPN Settings
•Select Tunnel Entry: The router allows the user to set up multiple VPN configurations. Each configuration is called a Tunnel. Select any Tunnel from the drop-down
box.
•Check “Enable” to activate the tunnel.
•Tunnel Name: Once the Tunnel is enabled, enter a name of the Tunnel in the “Tunnel Name” field. This allows you to differentiate a new Tunnel from any others you
have created and gives a meaningful name to the Tunnel Entry Number.
Note! The Tunnel name set here does not always have to match the name used at the other end of the Tunnel. However, certain VPN applications require a Tunnel to
have the same name at both ends of the Tunnel. If the other end point with which you want to establish the Tunnel does not use this router, it is important
that you give the other side precise set up instructions and ensure that these are followed.
•Local Secure Group and Remote Secure Group You can choose one of five options:
-Subnet
-IP Address
-IP Range
-Host
-Any
1. Subnet: Select this item to allow all the PCs on the LAN side access to the Tunnel.
Figure 16. Subnet Settings
Refer to the above figure as an example. All Local Secure Group computers with IP Addresses 192.168.1.xxx will be able to access the Tunnel. All Remote Secure
Group computers with IP Addresses 192.168.2.xxx will be able to access the Tunnel. When the Subnet setting is selected, the default values of 0should remain in the
IP and Mask fields.
ENGLISH
10
11
2. IP Address: Selecting this item allows only the specific PC with the IP address you enter in the IP field to the Tunnel.
Figure 17. Restricting IP Access
Refer to the above figure as an example. Only the PC with IP Address 192.168.1.101 will have the access from the local side of Tunnel. Similarly, only the PC with IP
Address 192.168.2.51 can access the Tunnel from the other end.
3. IP Range: Selecting this item allows a specific group of PCs access to theTunnel.
Figure 18. Multiple IP Access
Refer to the above figure as an example. Only the PCs with the IP addresses between 192.168.1.2 and 192.168.1.200 can access the local side of the Tunnel.
Similarly, PCs with IP Address between 192.168.2.2 and 192.168.2.100 can access the Tunnel from the other end.
4. Host: If you select “Host”, the value set here should be the same as the Remote Security Gateway setting.
5. Any: When this option is selected, the router accepts remote requests from any IP address, such as mobile users or telecommunications device using dynamic IP
address. Note that the router cannot initial VPN connection when “Any” is selected as Remote Security Group,
•Remote Security Gateway: Defines the end point of VPN Tunnel at the other side of the internet. The remote VPN Tunnel end point can be either a:
-VPN Router,
-VPN Server,
-Host with VPN software.
For example, if the VPN device at the other end of the Tunnel is a VPN router, enter the WAN IP Address of that VPN router in this section. For more detail, refer to the
description of “Example - establish the VPN connection” on the next few pages.
IP Address: Use IP Address to identify the remote VPN Tunnel end point.
FQDN: Use domain name to identify the remote VPN Tunnel end point.
Any: Accepts remote requests from any IP address. Note that the router cannot initial VPN connection when “Any” is selected.
•Encryption: This gives the VPN connection added security. There are two different types of encryption: “DES” or “3DES”. Both ends of the Tunnel must use the
same encryption type. You may also choose to disable encryption by selecting “Disable”.
•Authentication: This item adds another level of security. There are two types of authentication: “MD5” and “SHA”. Both ends of the Tunnel must use the same
authentication type. You may also choose to disable authentication by selecting “Disable”.
•Key Management: For encryption to work, both ends of the Tunnel need to know the encryption key. By using the Key Management drop down list, you can
choose two of two methods to set the Encryption Key: “key”: Auto (IKE) or Manual. Both ends of the Tunnel must use the key management.
Figure 19. Key Management
With Auto (IKE), users must enter a series of characters in the “Pre-shared Key” field. In the example shown in the figure above, the word Test has been used.
The program will automatically generate the correct codes to be used in the encryption and authentication based on the word you entered. You may use any
combination of up to 23 alphanumeric characters in this field. No special characters or spaces are allowed.
ENGLISH
By entering the number of seconds in the Key Lifetime field, you may optionally select to have the key expire at the end of the time you specify.
Leave this field blank for the key to last indefinitely.
Figure 20. Key Timing
Manual Keying: This allows you to manually enter the keys to be used for encryption and authentication. Enter the Keys (code) you wish to use for encryption and
authentication separately in the “Encryption KEY” and “Authentication KEY” fields. Up to 23 alphanumeric characters are allowed in each field. Be aware that
both ends of the VPN Tunnel should use the same key management method in addition to same encryption and authentication keys.
The “Inbound SPI” value set here must match the Outbound SPI value at the other end of the VPN Tunnel. Conversely, the “Outbound SPI” must match the Inbound
SPI value at the other end. Only numeric characters can be used in both these fields.
•Status: After finalizing the settings at both ends of the VPN Tunnel, click the “Connect” button to initiate the VPN Tunnel. Once a connection is established, the word
“Connected” should appear under “Status” if the connection is successful. Should the word “Disconnected” appear, it is an indication that a problem exists, preventing
the successful creation of the Tunnel. In this case, you should firstly ensure that your wiring is securely connected. Next, double-check that correct values have been
entered in the VPN configuration screen. Lastly, ensure that the settings at the other end of the Tunnel are correct.
•Advanced Setting: To establish a VPN Tunnel with another provider’s VPN solution, configuration of the advanced setting is sometimes necessary. Click the
“Advanced Setting” button and the screen shown below will appear.
Figure 21. Advanced Settings for Selected IPSec Tunnel
Operation mode: There are two options in this mode: Main and Aggressive. Main mode is the default and is the more secure method. Aggressive mode is used when
the devices at the remote end of the VPN Tunnel can only use Aggressive mode. Mostly, it is used with dynamic IP addresses. Whenever the Main or Aggressive modes
are selected, the router will accept both modes initialled by the remote VPN devices.
Encryption: Select either DES or 3DES from the drop down list. 3DES is default as it is the more secure option.
Authentication: Select either MD5 or SHA is from the drop down list. SHA default as it is the more secure option.
Group: Two Diffie-Hellman Groups can be selected from the drop down list: 768-bit and 1024-bit. Diffie-Hellman is a technique that uses public and private key for
encryption and decryption.
ENGLISH
12
13
Key Lifetime: You may optionally select to have the key expire after a period of time that you specify. Enter the number of seconds you’d like the key to be available
or leave the field blank for the key to last indefinitely.
NetBIOS Broadcast: Check the box to allow NetBIOS traffic pass through the VPN Tunnel.
Anti-replay: Check the box to enable this function. This item will keep track of sequence numbers as data packets arrive and ensure security at the IP packet level.
Keep-Alive: Check the box to re-establish the VPN Tunnel connection whenever it is dropped. After the Tunnel has been created, this function will keep the connection
alive for a period of time.
Unauthorized IP Blocking: Checking the box allows you to block unauthorized IP addresses for a specified period of time after a specific number of IKE failures.
Enter the time period and failure level in the fields indicated.
Example - Establish the VPN connection
Figure 22. Creating a Tunnel between two VPN routers
Figure 23. Creating a Tunnel between a VPN router and a VPN client with a fixed IP Address
ENGLISH
Figure 24. Creating a Tunnel between a VPN router and a VPN client with a dynamic IP address
Once you are satisfied that your settings are correct, click the “Apply” button. Click the “Cancel” button to exit the screen without saving any changes.
4-3 DHCP Configuration
A DHCP (Dynamic Host Configuration Protocol) Server can automatically assign IP Addresses to each computer in your network. Unless you already have one in your LAN,
it is highly recommended that you set your router to act as a DHCP server.
Figure 25. DHCP Settings
•Dynamic IP Address: Select “Enable” to use the DHCP server internal to the router. If you already have a DHCP server in your network, set the router's DHCP
option to “Disable”.
•Starting IP Address: Enter a numerical value, from 2 to 254, for the DHCP server to start at when assigning IP Addresses.
•Number of Users: Enter the maximum number of PCs that you want the DHCP server to assign IP Addresses to, with the absolute maximum being 253.
•Client Lease Time: Enter the amount of time that DHCP clients (the PCs on LAN side) can use the IP Addresses assigned by the router’s DHCP server. Before the
time is up, DHCP clients have to request to renew the DHCP information.
•DNS: The IP Address of the Domain Name Server, which is currently used. Multiple DNS IP settings are common. The first DNS entry will be used in most cases.
•DHCP Clients Table: Click the DHCP Clients Table button to show current DHCP client information.
Click the “Apply” button after making any changes, or click the “Cancel” button to exit the screen without saving any changes.
ENGLISH
14
15
4-4 Web Control
This feature allows you to restrict LAN users access to specific web sites. To block a site, you can enter either a complete URL (internet address) or keywords included in
the URL.
Figure 26. Web Control
•Control Web Access: Check “Enable” or “Disable” to make this function active or inactive.
•Control Type: Check “Allow” to allow users on the network to access specific websites listed on the location only. In contrast, to restrict users on the network to
access the websites listed on the location, check “Block”in this item.
•Website or Key Words: Enter either a complete URL (internet address) or keywords included in the URL.
•Exception IP Address: Enter the IP Address of any LAN PCs that will not be restricted by this rule.
Click the “Apply” button after making any changes, or click the “Cancel” button to exit the screen without saving any changes.
4-5 Time of Day (ToD) Control
This feature allows you to limit connection availability according to a nominated time of day schedule.
Figure 27. Time of Day (ToD) Control
•Control Type: Select the control type from the drop down list and make this function active.
-“Block Outbound” to restrict the connection from your LAN.
-“Block Inbound” to restrict any external connections from the internet to your LAN.
-“Block Both” to restrict both incoming and outgoing connections.
-“Disable” to turn off this function.
•Define Schedule: Set a period of time with beginning and end from the drop down list.
Click the “Apply” button after making any changes, or click the “Cancel” button to exit the screen without saving any changes.
ENGLISH
4-6 Access Control
The Access Control feature allows administrators to set up to 10 access policies to block or allow certain users from accessing the Internet or specific applications. Before
using this function, the network PCs which you want to control the access limitation should be assigned fixed IP Addresses.
Figure 28. Access Control
•Packet Filter: Select the number of policy rules you want to configure. Up to 10 policies can be set. Note that these rules are performed in sequence, Rule 1 has
higher priority than Rule 2 etc.
•Status: Select “Allow” to limit users/computers access to specific applications you set on this rule. Select “Deny” to restrict the users/computers access to
specific applications you set on this rule.
•Name: For each rule, you can enter up to 15 characters to identify it.
•Direction: Choose the initial network data traffic direction you wish to block.
-“LAN” to block/allow LAN side users/PCs set in the following “MAC” and “Source IP” fields to access certain applications on the internet.
-“WAN” to block/allow WAN side users/PCs set in the following “MAC” and “Source IP” fields to access certain PCs on the LAN side.
•MAC: Define the MAC addresses of PCs that are defined in this policy.
•IP Address: Define the IP address or range of IP addresses of the PCs that are defined in this policy.
Note! That if you set both the “MAC” and the “Source IP” in one rule, the PCs which have the MAC addresses matching in “MAC” field and their IP addresses
matching in the “Source IP” field will be allowed/blocked for certain applications.
•Protocol: Select the protocol type as “TCP” or “UDP” from the drop down list. If you are not sure which one to choose, select “Both”.
•Port Number: Enter the range of port numbers that are used by the applications you wish to be blocked. For example, port 80 is usually used as the destination
port number when you access a web page. Note that if you don’t enter any value in the “MAC” and “Source IP” column but enter the port number, for example
“80”, in “Destination Port”, it means all the users/PCs will be allowed/denied access to certain applications related to this port, for example “web browsing”.
•Summary: Click this button to display a summary page showing all the current rules you have set.
Here is a sample of Access Control Setting. There is a PC you wish to block in your LAN side with a MAC address like 00-01-36-02-B1-4F, and an IP Address
192.168.1.101. Enter the PC’s MAC address in the “MAC” field or the IP address included in the “Source IP” range that covers this PC’s IP address.
Enter the range of 20~80 in the “Destination Port” column, then click the “Apply” button. As a result, this PC with MAC address 00-01-36-02-B1-4F and IP
Address 192.168.1.101 will not be able to use the applications which use port numbers from 20 to 80, such as FTP, Telnet and web browsing.
Click the “Apply” button after making any changes, or click the “Cancel” button to exit the screen without saving any changes.
ENGLISH
16
17
4-7 Virtual Server Settings
The Virtual Server Settings application allows up to a maximum of ten public services that can be accessed by external users over the internet. Service can be applications
such as a Web, Email, FTP etc.. Each service is provided by a dedicated network computer (server) configured with a fixed IP Address. Although the internal service address-
es are not directly accessible to the external user, the router is capable of identifying the service requested by the service port number. With this information the router redi-
rects the request to the appropriate internal IP Address. To use this application, it is recommended you use a fixed Public IP Address from your ISP. Note that the router sup-
ports only one server of any particular type.
This router also supports UPnP Forwarding. You can use either Virtual Server Settings or UPnP Forwarding by clicking the button to change setting page. Do not set the
same function server to different IP Address in different setting pages.
Figure 29. Virtual Server Settings
•Set up individual network computers on the LAN to act as servers and configure each with a fixed IP Address.
•Ensure that the “Private IP Address” of the router is set to the default value of 192.168.1.1.
•Ports: Enter the desired service port numbers in the “Ports” fields. You can specify the protocol type as “TCP” or “UDP” from the drop-down list. If you are not
sure which one to select, choose “Both”. A selection of well-known service port numbers is provided on this screen.
•Redirect IP Address: Enter the appropriate IP Addresses of the service computers in the “Redirect IP Address” locations.
•Passive FTP Virtual Server: When there is firewall filtering in your network, the internet user may not be able to access the FTP server you set in the LAN
side. Setting FTP server at passive mode will be necessary.
-Enable/Disable Click to enable/disable passive FTP function.
-FTP Port Enter the port number (> 1024) that the FTP server will use as data connection port number. The client side should select passive mode and use the
same port number entered here.
-Redirect IP Address. Enter the appropriate IP Addresses of the service computers.
Example: If the service port number 80~80 (representing an HTTP web address) is entered in “Ports” and 192.168.1.100 is entered in “Redirect IP
Address”, then all HTTP requests from external Internet users will be directed to the PC/server with the 192.168.1.100 fixed IP Address. Here is a list of the protocol
and port ranges that are used by some common applications.
Figure 30. Protocol and Port Ranges
ENGLISH
UPnP Forwarding
UPnP (Universal Plug and Play) is a standard introduced from Microsoft and UPnP Forum for interoperability. Currently, this function supported by this device allows you to
set virtual server from a Windows OS that supports UPnP, such as Windows XP.
Figure 31. UPnP
•UPnP Function: Check “Enable” will allow LAN side PCs that support UPnP to set virtual server.
•Before enabling the UPnP Forwarding, ensure that the server computers have been configured with fixed IP Addresses.
•Ensure that the “Private IP Address” of the router is set to the default value of 192.168.1.1.
•Application Name: UPnP has ten pre-set forwarding rules, which are for well-known applications. In addition, users can add their own rules.
•Ext. Port: Most applications usually use their individual port number for incoming and outgoing data packets. However, some applications may use
different port numbers for incoming and outgoing data packets. In this case, you have to enter the port number used by the incoming data packets.
•Protocol: Specify the protocol type as “TCP” or “UDP” which is used by specific service.
•Int. Ports: Most applications usually use their individual port number for incoming and outgoing data packets. However, some applications may use
different port numbers for incoming and outgoing data packets. In this case, you have to enter the port number used by the outgoing data packets.
•Enable: Check to make this forwarding setting active.
•IP Address: Enter the appropriate IP Addresses of the service computers in the “Redirect IP Address” locations.
Example: If the service port number 80~80 (representing an HTTP web address) is entered in “Ports” and 192.168.1.100 is entered in “Redirect IP
Address”, then all HTTP requests from external internet users will be directed to the PC/server with the 192.168.1.100 fixed IP Address.
Click the “Apply” button after making any changes, or click the “Cancel” button to exit the screen without saving any changes.
ENGLISH
18
This manual suits for next models
1
Table of contents
Other Corega Wireless Router manuals
