Etic Sig User manual

SIG

TLS or IPSec VPN server

_________________

User manual

Document reference : 9017409-01

_________________

The SIG router & VPN server is manufactured by

ETIC TELECOM

13 Chemin du vieux chêne

38240 MEYLAN

FRANCE

TEL : + (33) (0)4-76-04-20-05

FAX : + (33) (0)4-76-04-20-01

E-mail : [email protected]

web : www.etictelecom.com

CONTENT

SIG Router & VPN server User’s guide ref. 9017409-01 Page 3

PRESENTATION

1TECHNICAL DATA......................................................................................................7

2OVERVIEW..................................................................................................................9

INSTALLATION

1PRODUCT DESCRIPTION........................................................................................10

2INSTALLATION.........................................................................................................11

CONFIGURATION

1CONFIGURING THE SIG ROUTER ..........................................................................13

1.1 Overview.......................................................................................................13

1.2 First configuration .......................................................................................14

1.3 Modifying the configuration........................................................................15

2REBOOTING THE ROUTER AFTER PARAMETERS CHANGES...........................16

3RECOVERING THE IP ADDRESS OF THE ROUTER..............................................16

4RECOVERING THE FACTORY CONFIGURATION.................................................16

5RESTRICTING ACCESS TO THE ADMINISTRATION SERVER.............................17

6ASSIGNING IP ADDRESSES TO THE LAN AND THE WAN INTERFACES ..........18

6.1 Principles of operations..............................................................................18

6.2 LAN interface parameters ...........................................................................19

6.3 WAN interface parameters.........................................................................21

7CREATING VPN CONNECTIONS BETWEEN ROUTERS......................................22

7.1 Principles......................................................................................................22

7.2 IPSec VPN connections...............................................................................24

7.3 TLS VPN connections..................................................................................30

../..

CONTENT

Page 4 User’s guide ref 9017409-01 SIG Router & VPN server

… CONFIGURATION

8ROUTING FUNCTIONS.............................................................................................35

8.1 Basic routing function.................................................................................35

8.2 Static routes .................................................................................................36

8.3 RIP protocol..................................................................................................37

9ADDRESS AND PORT TRANSLATION ...................................................................38

9.1 Port forwarding ............................................................................................38

9.2 Advanced network address and port translation......................................39

10 VRRP REDUNDANCY...............................................................................................44

10.1 Principle........................................................................................................44

10.2 Configuring VRRP on the LAN interface....................................................45

10.3 Configuring VRRP on the WAN interface .................................................46

11 REMOTE USERS CONNECTIONS SERVICE ..........................................................47

12 REMOTE USERS CONNECTIONS...........................................................................48

12.1 Principles......................................................................................................48

12.2 Configuring a TLS connection....................................................................49

12.3 Configuring a PPTP connection.................................................................52

13 USERS LIST...............................................................................................................53

14 FIREWALL.................................................................................................................56

14.1 Overview.......................................................................................................56

14.2 Main filter......................................................................................................58

14.3 Remote users filters.....................................................................................62

../..

CONTENT

SIG Router & VPN server User’s guide ref. 9017409-01 Page 5

… CONFIGURATION

15 ADVANCED FUNCTIONS.........................................................................................67

15.1 Adding a certificate......................................................................................67

15.2 Alarms......................................................................Erreur ! Signet non défini.

15.3 Configuring the web portal.........................................................................68

15.4 Configuring the DNS server........................................................................69

1DIAGNOSTIC.............................................................................................................71

2SAVING THE PARAMETERS TO A FILE.................................................................72

3UPDATING THE FIRMWARE....................................................................................72

1OVERVIEW................................................................................................................77

2FUNCTIONS...............................................................................................................78

3OPERATION..............................................................................................................78

Appendix 1 : Administration html server

Appendix 2 : VPN mechanisms

INSTALLATION

SIG Router & VPN server User’s guide ref. 9017409-01 Page 7

1 Technical data

General characteristics

Dimensions 137 x 48 x 116 mm (h, l, p)

Electrical safety EN 60950- UL 1950

EMC

ESD : EN61000-4-2 : Discharge 6 KV

RF field : EN61000-4-3 : 10V/m < 2 GHz

Fast transient : EN61000-4-4

Surge voltage : EN61000-4-5 : 4KV line / earth

RoHS 2002/95/CE (RoHS)

Supply voltage 110 to 230 VAC - 50/60Hz - 60 W

Operating T° +5°C / + 40°C Humidity 5 - 95 %

Internet connection ( Ethernet 4)

Type Bridge : PPPo Ethernet

IP Router

Ethernet / IP router

Ethernet 10/100 BT

Port Ethernet 1 : LAN conection

Port Ethernet 4 : WAN connection

IP router Remote connections- static routes - RIP V2

Ip address

translation

Source IP @ translation (NAT)

Destination IP @ translation (DNAT)

Port translation (Port forwarding)

DNS

IP address assignment LAN interface : Fixed IP @ or DHCP server

Throughput 30 MB/s

INSTALLATION

Page 8 User’s guide ref 9017409-01 SIG Router & VPN server

VPN and firewall

VPN

• 128 VPN

• IPSec - Client or server - PSK or X509

certificates

• TLS/SSL - Client or server - X509 certificates

• Encryption 3DES

Firewall Stateful packet inspection

Logs Event logs (date and time)

Remote access server (RAS)

User list 25 users

Connection VPN PPTP / L2TP-IPSec / TLS Open VPN

Certificate X509

Alarms 3 inputs : emails

INSTALLATION

2 Overview

The SIG is designed to build safe and reliable remote control system

through the internet or private extended networks.

The SIG comes with two 10/100 BT Ethernet interfaces :

The WAN interface (Interface Ethernet 4)

On that interface, the SIG behaves as a VPN server.

The LAN interface (Ethernet 1).

The SIG is at the same time

a VPN server able to manage up to 128 IPSec or TLS tunnels,

an IP router to route IP packets between its two interfaces.

a remote access server (RAS) to give a secure access to the LAN

or to the remote sites for authenticated remote users.

SIG Router & VPN server User’s guide ref. 9017409-01 Page 9

INSTALLATION

1 Product description

SIG router

Interface Led Function

Ethernet 1 DATA Blinking quickly : Data activity

LINK Lit : Interface connected

Ethernet 4 DATA Blinking quickly : Data activity

LINK Lit : Interface connected

Power led

Page 10 User’s guide ref 9017409-01 SIG Router & VPN server

INSTALLATION

SIG Router & VPN server User’s guide ref. 9017409-01 Page 11

Ethernet RJ45 connector

Ethernet 10/100 BT

Pin Nr Signal Function

1 Tx + TX polarity +

2 Tx - TX polarity -

3 Rx + Reception polarity +

4 N.C -

5 N.C -

6 Rx - Reception polarity -

7 N.C. -

8 N.C. -

2 Installation

The product includes a fan.

Mount the SIG router in a 19 inch rack or place it on a flat surface.

Leave 10 cm of clearance at the sides and in the rear to avoid

overheating.

Attach the brackets.

Secure the SIG router to the rack with the rack-mounting screws.

CONFIGURATION

SIG Router & VPN server User’s guide ref. 9017409-01 Page 13

1 Configuring the SIG router

1.1 Overview

Administration server address

The administration html server is located at the LAN IP address of the router (The default

address is192.168.0.128).

Html browser

We advise to use Internet Explorer version 8.

First set up

For the first configuration, we advise to connect the PC directly to the LAN interface

(Ethernet 1) of the SIG router.

Set up modifications

Modifications can be carried out from the LAN, or remotely from the WAN through a VPN

or setting a remote access connection (RAS connection).

Network IP address

Later in the text, we often speak of “network address”.

We mean the lowest value of the addresses of the network.

For instance, if the netmask of a network is 255.255.255.0, the network address of that

network is X.Y.Z.0.

Copy and paste

Parameters must be entered with the keyboard; they cannot be pasted.

However, it can be useful to paste a string when it is long and to avoid errors.

In that case, paste the string, delete the last character of the pasted string, and enter it

again with the keyboard.

Saving and restoring the parameters file (see the maintenance

chapter)

A parameters file can only be downloaded to a product having the same firmware version.

It is why, we advise to assign a name to a parameters file including the product name and

the software version like for instance “myrouterfile_iplE1220_V241.bin”.

CONFIGURATION

1.2 First configuration

Step 1 : Create or modify the PC’s IP connection.

Assign to the PC an IP @ in accordance with the SIG IP address.

For the first configuration, assign or instance 192.168.0.127 to the PC.

Step 2 : Connect the PC directly to the LAN interface (Ethernet 1) of

the SIG using any Ethernet cable (straight or cross wired).

Step 3 : Launch the navigator

Enter the LAN IP @ of the router 192.168.0.128.

The Home page of the administration server is displayed

Page 14 User’s guide ref 9017409-01 SIG Router & VPN server

CONFIGURATION

SIG Router & VPN server User’s guide ref. 9017409-01 Page 15

1.3 Modifying the configuration

Modifications from the LAN (Interface 1)

Modifications can be carried out from the LAN at the IP address assigned

to the html server.

• Launch the html browser and enter the IP address assigned to the

router.

• Or, launch the ETICFINDER utility to detect the SIG address.

• Enter the login and password which may restricts the access to the

html server.

Modifying the configuration from the WAN

The html administration server can be reached from the WAN either

through a PPTP or TLS or L2TP/ IPSec remote user connection or

through a VPN tunnel.

CONFIGURATION

Page 16 User’s guide ref 9017409-01 SIG Router & VPN server

2 Rebooting the router after parameters changes

• After the parameters of any page have been entered, click the

« Save » button at the bottom of the page.

• After some parameters changes, the SIG must restart.

When the configuration has been completely carried out, click the

« Reboot » red button in the green bar, when displayed.

• Once the product has restarted, check the « Reboot » button has

disappeared from the green bar.

To save the configuration file to a hard disk :

• Select the “maintenance” menu and then the “Save / restore” menu.

• Click the “Save current configuration to disk” button.

3 Recovering the IP address of the router

If you cannot access the SIG by any method, it is possible to recover the

stored IP address by using the ETIC FINDER software provided by ETIC

TELECOM.

4 Recovering the factory configuration

It may be necessary to restore the factory configuration of the router.

To restore the SIG factory configuration,

• Switch OFF the SIG router.

• Connect a key board to the USB port of the SIG router.

• Switch on the SIG router.

• Press ALT + CONTROL SUP at last 30 seconds after switching the

router on.

Remark : The stored configuration will be lost; the factory IP address

192.168.0.128 will be restored.

CONFIGURATION

5 Restricting access to the administration server

The access to the administration server can be protected by a login and

password.

To protect access to the administration server,

• Select the “Set up” menu, the “Security” menu and then the

“Administration menu”.

Remark : For more simplicity, we advise to chose the login and the

password of one of the remote users stored in the user list.

SIG Router & VPN server User’s guide ref. 9017409-01 Page 17

CONFIGURATION

Page 18 User’s guide ref 9017409-01 SIG Router & VPN server

6 Assigning IP addresses to the LAN and the WAN interfaces

6.1 Principles of operations

The SIG features two Ethernet interfaces :

• The LAN interface (Ethernet port 1) :

On that interface, the following IP addresses must be entered :

The router IP address on the LAN interface *.

The IP addresses pool assigned to the remote users when they

connect.

* The administration html server is located at that address.

• The WAN interface :

The WAN interface is the « Ethernet Nr 4 » interface.

The SIG behaves at the same time like a VPN server and like a remote

access server on that interface.

• IP addresses assignment rules :

The SIG router will be able to route packets between the LAN and the

WAN interface only if the IP address assigned to the network connected

to the LAN interface is different from the one assigned to the WAN

interface.

CONFIGURATION

Moreover The LAN IP address must be different from any of the remote LAN IP address.

6.2 LAN interface parameters

6.2.1 IP addresses

• Click the « Configuration» menu and then « LAN interface» and

then “IP protocol”.

“IP address” parameter :

Enter the IP address assigned to the router over the LAN interface.

That IP address will have to be entered to display the administration

server of the router.

”Netmask” parameter :

Enter the IP netmask assigned to the LAN

“Start of users IP address pool” & “end of users IP addresses pool” parameters :

That parameters define the pool of addresses which will be assigned

automatically to remote user’s PC when they will connect to the router.

Enter the start address and the end address.

SIG Router & VPN server User’s guide ref. 9017409-01 Page 19

CONFIGURATION

Page 20 User’s guide ref 9017409-01 SIG Router & VPN server

6.2.2 DHCP server configuration

Over the LAN interface, the SIG router can behave like a DHCP server.

If you select that option, we advise to assign a fixed IP address to the SIG

router itself over the LAN interface.

To configure the DHCP server function,

• select the « Set up» menu and then « LAN interface» and

then « DHCP server ».

•

“IP address pool start” & “IP addresses pool end” parameters :

That parameters define the range of IP addresses which can be assigned by the

SIG to the DHCP client devices.

•

“Primary DNS IP address” & “secondary DNS IP address” parameters :

Enter the IP addresses of the domain name servers.; the DHCP server

will communicate that addresses to the DHCP client devices.

Table of contents

Other ETIC Server manuals

ETIC

ETIC RAS-I1128e User manual

ETIC

ETIC SIG Series User manual

Popular Server manuals by other brands

BITMAIN

BITMAIN AntMiner L3+ installation guide

Ross

Ross Kiva user manual

NEC

NEC iLO 5 user guide

HazSim

HazSim Pro 2.0 user manual

Lenovo

Lenovo HX3510-G Installation and service guide

Smartlink

Smartlink Multimedia Conference Server installation guide

Bosanova

Bosanova XTC-600 Specifications

Autonomic

Autonomic Mirage MMS-1e Setup guide

SEH

SEH mySND-120 Quick installation guide

Lenovo

Lenovo 7D7M Reference

smartvue

smartvue S9N Series user guide

HP ProLiant ML350 Generation 4 Maintenance and service guide

Supermicro

Supermicro SuperServer SYS-E200-12A-4C user manual

Dell

Dell PowerEdge R610 Technical guidebook

Lantech

Lantech IDS-2102A user manual

Cisco

Cisco C880 M4 Configuration guide

National Instruments

National Instruments ENET-Serial Getting started

Fujitsu

Fujitsu Primergy RX4770 M1 Upgrade and maintenance manual

ETIC SIG User manual

Popular Server manuals by other brands