Nexus ISR Nexus Hawk User manual
Nexus Hawk™
User Manual
ANY NETWORK, ANYTIME, ANYWHERE
Revision 1.2.20
Copyright 2008
www.nexusisr.com
Please read the complete User Manual before starting your Nexus Hawk.
Table of Contents
INTRO UCTION 1
WHAT'S NCLUDED W TH THE NEXUS HAWK? 1
GETTING STARTE 1
CONNECT NG TO POWER 1
STAY NG CONNECTED 1
10/100 ETHERNET DATA CONNECT ON ERROR! BOOKMARK NOT DEFINED.
LOGIN 2
ACCESS NG THE MANAGEMENT CONSOLE 2
SETUP|PCMCIA 2
CELLULAR WAN 2
PREFERRED WRELESS CARDS 2
WWAN WATCHDOG 3
SETUP|WIFI 3
AP/CL ENT CONF G 3
CL ENT 4
MAC FLTER NG 4
SETUP|10/100 ETHERNET 5
ETH0 (WAN) PORT 5
ETH1 (LAN) PORT 5
SETUP|SERIAL 6
GPSD 6
GPS AGGREGAT ON 6
DATA CACH NG 7
GPS BEACON 7
SECURITY|VPN CLIENT 7
PSEC 7
PSEC (C SCO XAUTH) 8
OPENVPN 8
SECURITY|VPN SERVER 9
OPENVPN 9
APPLICATIONS|WAN PORTS 10
PORT FORWARD NG 10
DMZ HOST 10
REMOTE ACCESS 10
APPLICATIONS|A VANCE ROUTING 11
STAT C ROUTES 11
DEFAULT ROUTE 11
A MINISTRATION|MANAGEMENT 11
PASSWORD 11
DDNS 12
STAT C DHCP 12
FA LOVER 12
NTP 12
A MINISTRATION| EBUG FILE OWNLOA 13
A MINISTRATION|RESET 13
REBOOT SYSTEM 13
RESTORE DEFAULTS 13
A MINISTRATION|FIRMWARE UP ATE 13
A MINISTRATION|SAVE/RESTORE SETTINGS 13
SAVE CURRENT SETT NGS 14
RESTORE SETT NGS 14
IP LOOPBACK 14
SETTINGS PERSISTENCE 14
STATUS 14
WAN CONNECT V TY 14
PCMC A SLOTS 14
WF 15
10/100 ETHERNET 16
SER AL 16
SECUR TY 16
HELP 16
TECHNICAL SPECIFICATIONS 17
TROUBLESHOOTING 18
IN EX 20
PRODUCT L M TED WARRANTY 23
FEDERAL COMMUN CAT ONS COMM SS ON 25
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
1 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Introduction
Congratulations on your purchase of a Nexus Hawk™! This literature is intended as a primary reference for normal
configuration and operation of the Nexus Hawk. The information presented within should allow most users to easily
configure the device to their preferences. As with any product from Nexus iSR, should you encounter any difficulties,
technical support is standing by to help you.
What's Included with the Nexus Hawk?
• Nexus Hawk
• WiFi Antenna
• Ethernet Crossover Cable
• Power Supply
• QuickStart Guide
Getting Started
Connecting to Power
The Nexus Hawk accepts DC power input ranging from 11-48V. Upon power-up, both the green Power-LED and the red
Status-LED will illuminate. Allow the unit approximately 90 seconds to complete its startup sequence. During
this time, it is performing a Power On Self Test (POST). When the red Status-LED begins pulsing, your Nexus Hawk is
fully powered up and ready!
Staying Connected
The Nexus Hawk has four possible paths to the nternet/WAN: 10/100 WAN (Eth0), WiFi Client (connected to a WAN-
connected WiFi Access Point), Cellphone Card 1 (Slot 1), Cellphone Card 2 (Slot 2). Connectivity is prioritized in this
order. f a higher priority connection is established, the data stream will automatically transfer to it. f a connection is
lost, the Nexus Hawk will attempt to transfer WAN functions to the next lowest priority connection (if one exists).
WiFi Connection
The Nexus Hawk's WiFi port is enabled by factory default with WEP security. This allows users to access the Nexus Hawk
without an Ethernet crossover cable and without creating an "open" access point for others to exploit.
The SS D includes the last 10 characters of the Hawk's serial number. The WEB pre-shared key is the last 10 characters
of the Hawk's Eth0 MAC address. Note: The MAC address (hence, pre-shared key) is calculated by subtracting "1" from
each character of the Hawk's serial number (e.g. - S/N 112233445C, MAC= 001122334B)
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
2 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Login
Accessing the Management Console
Launch a web browser (e.g. - nternet Explorer, Firefox, etc.) and enter the following address: 192.168.1.1 (the factory
default value). The "splash page" will give you the option of either viewing or changing the configuration of your Nexus
Hawk.
You may view configuration without being authenticated.
To change the configuration, authentication is required. Factory defaults for authentication are:
Username: manager
Password: manager
Setup|PCMCIA
Cellular WAN
The Nexus Hawk card slot(s) support only Cellular Data Cards. The Cellular WAN option allows the Nexus Hawk to
provide access to the internet through the services of a major mobile telephone service carrier.
nsert your Nexus Hawk preferred cellular data card into a card slot.
The Nexus Hawk will automatically detect which data carrier your cellular card is on and connect to the network when the
card is inserted, eliminating interaction from you the customer.
Preferred Wireless Cards
• Cingular - Options GT Max (1.8)
• Cingular - Sierra Wireless 875
• Sprint - Novatel Wireless Merlin S720
• Sprint - Pantech PX-500
• Sprint - Sierra Wireless 595
• Verizon - Kyocera KPC-650
• Verizon - PC-5750
• Verizon - V740 (Express Card)
etected: This field will display the manufacturer's model name of the detected card.
Connect: Pressing this button connects the inserted card to the cellular network.
isconnect: You must either power-down, or press this button before removing your cellular data card from the
Nexus Hawk. Failure to do so may cause malfunction.
ialup parameters: The dialup parameters options are used for connecting to
• Auto: Use this option to automatically connect the the cellular network. ( EFAULT)
• Manual: Use this option if your air card needs to specify specific parameters to connect to the cellular
network.
o Username, Password: Check this option if a username and password is required to connect
o Phone Number: Check this option and enter the password required to connect
o APN Identifier: Check this option and enter the APN dentifier required to connect
o Port Speed: Check this option and select the desired port speed when connecting
After pressing the Connect button the Cellular WAN configuration page will briefly refresh and indicate with the available
button selections that a connection has been initiated.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
3 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Your selections may be verified by navigating to the Status page on the top navigation bar. Once a connection has been
established, the carrier, signal strength
of signal upon initial connection
, and connection P address will be displayed on
the status page.
NOTE: Some cellular data cards will report 'No signal strength returned' for the signal strength of the card; this is normal
operation of the card and/or network.
NOTE: For best results power down before removing card.
WWAN Watchdog
Enabled: Enables the WWAN Watchdog functionality
Ping host: Host to ping in determining connectivity status
or
Use PPP connection peer: This option pings the closest available host on the cellular PPP link: the opposite end of the
connection. f checked, the Ping host entry will be disregarded.
Packet size: Enter the size of the packet to ping in bytes. EFAULT: 56 bytes
Interval: Enter the number of milliseconds between pings. EFAULT: 1000 milliseconds
Sample size: Enter the number of pings to send before evaluating results. EFAULT: 10 packets
Packet loss exceeds: Enter the packet loss percentage at which the watchdog will trip.
and/or when selecting both pachet loss and latency, determines if both or only one criteria will trip the watchdog.
Average latency exceeds: Enter the average latency in milliseconds for the ping set beyond which the watchdog will
trip.
Watchdog action: From the dropdown box specify what the watchdog should do when it trips.
• Redial connection
• Reboot Hawk
Slot 2, Use same settings as Slot 1: This option allows you to have Slot 2 use exactly what you specified for Slot 1
without having to re-enter it all.
Setup|WiFi
AP/Client Config
AP
This selection will enable the Nexus Hawk to function as a WiFi Access Point (AP), sharing its connections with others
(Clients) who may connect to it. The Nexus Hawk may serve as either an AP or Client of another AP,
but not both at the
same time
.
NOTE: When in WiFi AP mode, the Nexus Hawk's WiFi port and LAN (Eth1) port are bridged together at the physical layer
as a single virtual device. This means that all P information is the same (192.168.1.1, for instance). As a result, all LAN
clients share the same DHCP pool, subnet, and can access each other. Firewalling and port forwarding may be done to
any device on this shared virtual network. This occurs only in WiFi AP mode, and not in WiFi Client mode.
SSI : This is the name of your wireless network. This option has a 32 alphanumeric character limit. For more
information click here
Broadcast SSI : Check this option to broadcast the name of your AP's WiFi network to others. Doing so
makes discovery and attachment to your AP easier. Failing to broadcast it makes your AP somewhat more
secure, by requiring trusted clients (people who will attach to it) to know the SS D without being prompted.
Channel: Select the channel on which your AP will operate. Channels 1-11 coincide with 802.11b/g (2.4 GHz)
while channels 36 and up coincide with 802.11a (5.8GHz). Effort should be made to select a channel that is not in
use in the immediate vicinity of the Nexus Hawk in order to minimize interference and maximize the WiFi
efficiency.
Security: This specifies the security mode of the Nexus Hawk's WiFi AP.
None: Selecting this option creates an "open" or unsecured AP.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
4 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
WEP:
Wireless Equivalent Privacy
is available in two modes; 64-bit (shorter key) and 128-bit (longer
key). Selecting this option requires you to enter a private key that is known only to you and trusted others that
you want to allow to connect to your AP. For more information click here
WPA-PSK, WPA2-PSK, WPA/WPA2-PSK: This stands for:
WiFi Protected Access
. Selecting this option
requires you to enter a pre-shared key to secure the AP connection. The WPA/WPA2-PSK option allows for dual
operation of both WPA and WPA2 for connected clients. For more information on WPA click here For more
information on WPA2 click here
Pre-shared key: This is a passphrase that is used by the selected security mode. For WEP-level security, this
must be a hexadecimal value using the digits 0-9 and letters from A-F. For the 64-bit option the value must be 10
characters. For 128-bit option the value must be 26 characters. For WPA/WPA2-level security, the value must be
alphanumeric and a minimum of 8 characters and may be a maximum of 63 characters.
The AP's P address is the same one that is specified for the 10/100 Ethernet LAN configuration (Eth1). For
example, if the 10/100 Ethernet LAN P is set to the factory default of 192.168.1.1, this will also be the P
address for the WiFi port of the Nexus Hawk. They are considered "bridged".
Client
The Nexus Hawk may connect to an 802.11a/b/g compliant WiFi Access Point (AP). This function may be found by
navigating to the "Setup|WiFi" page. Check the "Client" box to enable the AP Client.
SSI : Enter the known SS D of the 802.11 a/b/g network that you wish to connect to. Once this option is
selected and applied, it remains active. The Nexus Hawk will continue to scan for an AP with the entered SS D
until it is able to locate it, at which point it will connect. f that AP disappears, the Nexus Hawk will resume its
scanning function in an attempt to connect when one appears. For more information click here
[Scan]: Select this option to view any in-range AP's that are broadcasting their SS D's. Simply click the hyperlink
to make your selection. To find out more about the AP hardware click on the MAC Address link which will
perform a MAC Address lookup.
Security: This is defined by the AP, not the Nexus Hawk. Select the type of security set by the AP. NOTE:
Some AP's differentiate between WPA-PSK and WPA2-PSK. The Nexus Hawk does not. f the AP uses either,
simply select the WPA/WPA2-PSK option.
Pre-shared key: Enter the AP's pre-shared security key. This field is required if security is set to WEP or WPA.
HCP Client: This allows the Nexus Hawk to be automatically configured to function on a network provided by
another AP.
f Enabled the Nexus Hawk will attempt to obtain configuration information from a DHCP enabled AP.
f isabled, the Nexus Hawk will require manual P assignment (also known as "Static P") and the following
console options will come into play:
IP Address: Enter the manually assigned (static) P address. For more information click here
Netmask: Select the desired netmask from the drop down list. For more information click here
Gateway: Enter the desired gateway. For more information click here
NS1: Enter the desired primary Domain Name Server's address. For more information click here
NS2: Enter the P address for an optional (not required) Secondary DNS.
Settings may be verified by navigating to the Status page on the top navigation bar. The wireless client status
section will show a connection status, the SS D of the connected network, and a signal strength indicator.
MAC Filtering
The Nexus Hawk supports MAC Filtering of wireless devices. MAC Filtering allows specified wireless devices to connect by
allowing or denying each specified MAC addresses.
Enabled: Enables MAC Filtering functionality.
Allow: This option allows
only
the specified MAC addresses entered to connect to the Hawk
eny: This option denies the specified MAC addresses access from connecting to the Hawk
MAC: Enter the desired MAC addresses. For more information on MAC click here
elete: Deletes the specified address
Apply Changes: Saves the changes that were made.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
5 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Setup|10/100 Ethernet
Eth0 (WAN) Port
The Nexus Hawk has two Ethernet ports. The port that is closest to the DC power jack is ETH0 -- and is exclusively
reserved to allow the Nexus Hawk to connect to devices that provide Wide Area Network (WAN) connectivity. Connection
is by a standard RJ-45 Ethernet patch cable.
HCP Client: This allows the Nexus Hawk to attempt to obtain configuration information from a DHCP enabled
WAN device. For more information click here
Enabled: The Nexus Hawk automatically obtains configuration parameters from a DHCP server on the WAN.
isabled: The Nexus Hawk will allow the Console Operator to manually configure networking parameters as
follows:
IP Address: Enter the assigned (static) P address. For more information click here
Netmask: Select the desired netmask from the drop down list. For more information click here
Gateway: Enter the P address of the desired gateway. For more information click here
NS1: Enter the P address of the desired Primary Domain Name Server (DNS). For more information click here
NS2: Enter the P address for an optional (not required) Secondary DNS.
Apply Changes: Saves the changes that were made.
Settings may be verified by navigating to the Status page on the top navigation bar. A well configured Eth0 status will
display as "Connected" with a properly formatted P address.
Eth1 (LAN) Port
The Nexus Hawk has two Ethernet ports. The port that is closest to the <RESET> button is ETH1 -- and is exclusively
reserved to allow local network (LAN) connection to the Nexus Hawk (such as used by a locally connected computer).
Direct-connection to a computer will require a Category-5 (minimally) Ethernet crossover cable (a RED crossover cable is
supplied with your purchase and is included in the packaging). For more information click here.
Warning, if you are using this port to configure the Nexus Hawk : Changes here can cause you to lose connectivity to
the Nexus Hawk. Proceed with caution. f at any time, you lose connection and are unable to recover, you may
regain control by resetting the Nexus Hawk to factory defaults.
IP Address: The default address is 192.168.1.1 t may be manually changed here. Note: Changing this
address, while connecting through this port will cause loss of connectivity. To regain connectivity, perform
a DHCP P renewal on your client. From your computer's command prompt:
Windows2000/XP:
ipconfig /release <enter>
ipconfig /renew <enter>
Linux:
ifconfig /release <enter>
ifconfig /renew <enter>
Netmask: Select the desired netmask from the drop down list. For more information click here
HCP Server: For more information click here
Enabled: The Nexus Hawk will provide dynamic configuration parameters to LAN devices.
isabled: The Nexus Hawk will not provide dynamic configuration parameters to LAN devices. This will require
that all LAN devices be manually configured, individually.
Apply Changes: Saves the changes that were made.
You may verify that the Nexus Hawk has been properly configured by navigating to the Status page on the top
navigation bar. A well configured Eth1 status will display as "Connected" with a properly formatted P address.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
6 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Setup|Serial
GPSd
NOTE: The Serial Port supports only Global Positioning System (GPS) functionality in this firmware revision. The GPS
must be both serial (RS-232c) and capable of providing NMEA-0183, Rockwell or Garmin Binary data streams (all of which
are converted into NMEA-0183 on the selected port). The Nexus Hawk's firmware will auto-detect the
communication settings (baud rate, parity, etc.) of the connected GPS.
Only three wires are needed for data connectivity, TXData, RXData and Ground. The diagram below shows the cabling
from the perspective of a plug that is attached to the GPS.
Enable GPSd: Enables the described function. For more information on GPSd click here
TCP Port: This is the TCP port that will interface with the GPS. Most simply, one may use TELNET to attach to
the port and manage the GPS (including the receipt of NMEA sentences, once the GPS is commanded to send
data). By default, this is 192.168.1.1:2947 though it may also be accessible remotely by DNS if a dynamic DNS
service has been subscribed to. For more information on TCP click here
Apply Changes: Updates are applied only when this button is pressed.
Upon pressing Apply Changes, the Nexus Hawk will immediately open the designated port to/from the GPS. Some
GPS's may appear to sit idle until a user sends a command to activate their data stream. The most often used code is
simply "r", at which point the port will present raw NMEA strings. For more information on how to use GPSd-presented
data for mapping and navigation applications, visit http://www.penguin-soft.com/penguin/man/1/gpsd.html .
Note: With only this selected, the GPS data stream is available only to LAN and WiFi connected clients. You may present
the GPS data stream to the WAN port by additionally selecting the Access to GPS Port option.
GPS Aggregation
The GPS Aggregation page enables the Nexus Hawk to send GPS data updates to an aggregator. Updates may be sent at
timed intervals or continuously and GPS data will be cached for later delivery in the event of a disconnect. Supports APRS
standard or raw NMEA data streams. GPSd must be enabled for aggregation to be available.
Connect to aggregator: Enables the GPS to connect to the aggregator specified
Host: Enter the host P address of the aggregator
Port: Enter the port number to connect to on the host
Continuous: Select the Continuous option to send continuous data without stopping
Timed: Select the Timed option to send data at the interval specified
Cache GPS data when aggregator is unavailable: Check this option to enable the caching of GPS data when
the aggregator is unavailable.
APRS: Sends out APRS data. APRS is a trademark of APRS Engineering, LLC, Bob Bruninga President.
• Callsign/I : Enter the callsign/ D to represent the GPS. The callsign/ D must contain at least one
number.
• Icon: Select the icon to represent the GPS
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
7 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
• Overlay: Eleven of the icons support overlay. GPSOD - Digi; GPSOG - HF Gateway; GPSA0 - Circle;
GPSNV - Car; GPSAA - Box; GPSDV - Aircraft; GPSDW - WX station - Green; GPSSN - Triangle; GPSSS -
Ship/Boat; GPSSU - Truck; GPSSV - Van.
Raw (default): Send out raw NMEA data
• Header: Enter the custom header to send in front of the NMEA strings
• Force APRS-style authentication: Check this option to send a valid APRS-style authentication string
to the specified aggregator.
ata Caching
The Nexus Hawk will cache GPS data upon loss of a path to the target host (either an aggregator or a single host) but the
cache is not used as long as there
is
an active path in effect. Upon restoration of the path the cache will be sent to the
target host.
GPS Beacon
The GPS Beacon is used to send specified GPS sentences to the source specified. This feature is useful when trying to
keep bandwidth usage down.
Enable GPS Beacon: Enables the GPS Beacon functionality
Host: Enter the host P address
Port: Enter the port number to connect to on the host
Interval: Enter the interval in seconds at which you want the Hawk to send data to the host
TCP: Select this option to send the data via TCP. For more information on TCP click here
U P: Select this option to send the data via UDP. For more information on UDP click here
Bind sockets/datagrams to LAN IP address: Forces outgoing GPS Beacon data to originate from the Nexus
Hawk's LAN P address. Should only be selected if the GPS Beacon destination is on the other end of a standard
Psec tunnel (not Cisco Xauth). EFAULT: isabled
NMEA Sentences to report: Check which sentences you want to send out.
• GPRMC - Recommend minimum specific GPS data
• GPGGA - Global positioning system fix data
• GPGSA - GPS DOP and active satellites
• GPGSV - GPS satellites in view
Custom Header: Enter the custom header to send in front of the NMEA-0138 string
Security|VPN Client
IPsec
Psec is a protocol allowing VPN connectivity from a client to a central location, providing secure access to a private LAN
over a WAN. The Nexus Hawk supports Psec client functionality and will route traffic from connected client devices over
the VPN as well, thus replacing the need for many Psec clients with one. For more information on PSec click here
Enabled: Enables Psec client connectivity
Server IP/Hostname: Enter the hostname/ P address of the Psec server or concentrator
Server subnet: Enter the server subnet
Phase 1: The first phase of authentication and handshaking to establish an Psec session.
H Group: Diffie-Hellman key group. Options are Group 2 or Group 5
Encryption: Encryption algorithm to be used for Phase 1 handshaking.
3DES: Triple Data Encryption Standard. For more information click here
AES-128: Advanced Encryption Standard 128-bit. For more information click here
Authentication: Authentication hash to be used for Phase 1 handshaking.
MD5: Message-Digest algorithm 5. For more information click here
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
8 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
SHA1: Secure Hash Algorithm. For more information click here
Phase 2: The second phase of authentication and handshaking to establish an Psec session.
Encryption: Encryption algorithm to be used for Phase 2 handshaking.
3DES: Triple Data Encryption Standard. For more information click here
AES-128: Advanced Encryption Standard 128-bit. For more information click here
Authentication: Encryption algorithm to be used for Phase 2 handshaking.
MD5: Message-Digest algorithm 5. For more information click here
SHA1: Secure Hash Algorithm. For more information click here
Authentication Type: Select the type of authentication that you want to use for Psec
X.509 Certificates: Select this option to use the X.509 encryption type. For more information click here
Pre-shared Key: Select this option to use a pre-shared key for authentication
Pre-Shared Key: Enter the pre-shared key defined by your network administrator
CA Certificate: Certificate of the Certificate Authority used to sign the other certificates in use. Enter the CA
certificate here. Please ensure that the certificate is copy-pasted correctly.
Public Server Certificate: Enter the certificate assigned to the Psec server here. Please ensure that the
certificate is copy-pasted correctly.
Public Client Certificate: Enter the certificate assigned to the Psec client here. Please ensure that the
certificate is copy-pasted correctly.
Private Client Key: Enter the client key here.
Private key passphrase: Enter the private key passphrase here.
IPsec (Cisco Xauth)
The Nexus Hawk supports Psec login to Cisco VPN concentrators with group and username credentials.
Enabled: Enables the Psec (Cisco Xauth) functionality.
Server IP/Hostname: Enter the server P or hostname on which the Cisco VPN concentrator resides.
IPsec Group I : Enter the Psec group id
IPsec Group Secret: Enter the Psec group secret
Xauth Username: Enter the Xauth username required by the Cisco VPN concentrator
Xauth Password: Enter the Xauth password required by the Cisco VPN concentrator
P Interval: Time between dead peer detection messages sent from the VPN client to the concentrator.
There is a known incompatibility between this feature and Cisco P X devices. Nexus recommends disabling this
option when connecting to a P X. EFAULT: 300, ISABLE : 0. For more information on DPD click here
NAT-T Mode: Mode in which the Nexus Hawk's VPN client will traverse NAT firewalls.
• Auto: The Nexus Hawk will auto-detect NAT-T mode
• None: Use no NAT-T
• Force NAT-T ( EFAULT): highly recommended for Cisco P X re-key compatibility
• Cisco U P: Uses Cisco proprietary UDP encapsulation
Cisco U P Port: Local port for Cusco UDP encapsulation. Only relevant if Cisco UDP is selected for NAT-T
mode. EFAULT: 10000
Maximum Session Length: Maximum amount of time the Nexus Hawk will allow a VPN session to continue
before terminating it and redialing. Especially useful when re-key problems with the concentrator are
encountered. EFAULT: 0
Redial pause: Amount of time the Nexus Hawk will wait between VPN connection attempts to the concentrator.
EFAULT: 10
OpenVPN
For advanced users, the Nexus Hawk supports functioning as an OpenVPN endpoint. For more information on OpenVPN
click here. For a how-to guide in setting up a VPN server click here
Enabled: Enables OpenVPN functionality.
Interface Type:
• tap: Simulates an Ethernet device and operates with Layer 2 packets. Used to create a Network bridge
• tun: Network Tunnel simulates a network layer device and operates with Layer 3 packets. Used with
Routing. For more information on tun click here
• For more on tap and tun information click here
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
9 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Server IP/Hostname: Enter the server P address or hostname
Port: Enter the port number of the VPN tunnel
Protocol: Select which protocol you wish to use.
• TCP: Select this option to use TCP. This option transfers packets and checks the packets for errors. For
more information click here
• U P: Select this option to use UDP. This option is an alternative protocol to TCP, it is faster than TCP
because it does not use packets, it also does not provide error checking. For more information click here
TUN MTU: Enter the maximum packet size that the VPN is capable of transmitting. For more information click
here
TUN MTU Extra:
TCP MSS:
Public Server Certificate: Enter the public server certificate here. Please ensure that the certificate is copy-
pasted correctly.
Public Client Certificate: Enter the public client certificate here. Please ensure that the certificate is copy-
pasted correctly.
Private Client Key: Enter the client key here.
Apply Changes: No updates are applied unless this button is pressed. Once pressed, the screen changes are
saved.
You can verify the connectivity status of the OpenVPN tunnel by navigating to the Status page and checking the
connectivity status for "Security|OpenVPN Client Tunnel." f the status is indicated as "Connected" and shows a properly
formatted P address, the Nexus Hawk is acting as an OpenVPN client to the remote network.
Security|VPN Server
OpenVPN
For advanced users, the Nexus Hawk supports functioning as an OpenVPN server. For a how-to guide in setting up a VPN
server click here
Enabled: Enables OpenVPN server functionality.
Interface Type: tap: Simulates an Ethernet device and operates with Layer 2 packets. Used to create a
Network bridge.
Port: Enter the port number of the VPN tunnel. EFAULT: 1194
Protocol: Select which protocol you wish to use.
• TCP: Select this option to use TCP. This option transfers packets and checks the packets for errors.
For more information click here
• U P: Select this option to use UDP. This option is an alternative protocol to TCP, it is faster than TCP
because it does not use packets, it also does not provide error checking. For more information click here
Keepalive: Enter the number of seconds that you want the server to send a keep alive string. EFAULT: 10
seconds
Timeout: Enter the number of seconds that the server will continue to attempt to maintain a session with an
unresponsive client. EFAULT: 120 seconds
Address Range: Enter the address range that the sever will assign to incoming client connections. NOTE: This
range should not overlap onto the DCHP address range if enabled (Setup | 10/100 Ethernet).
Public CA Certificate: Enter the public ca certificate here. Please ensure that the certificate is copy-pasted
correctly.
Public Server Certificate: Enter the public server certificate here. Please ensure that the certificate is copy-
pasted correctly.
Private Server Key: Enter the server key here.
iffie-Hellman Key Parameters: Enter the Difie-Hellman key parameters here.
Apply Changes: No updates are applied unless this button is pressed. Once pressed, the screen changes are
saved.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
10 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Applications|WAN Ports
Port Forwarding
The Nexus Hawk supports forwarding of specific port ranges from the WAN to a client on the LAN.
Enabled: Enables the specified port
From: Enter the port number that you want to begin forwarding
To: Enter the port number that you want to end forwarding
TCP/U P: Transmission Control Protocol/User Datagram Protocol Options
Both: Select this option to use both TCP and UDP protocol
TCP: Select this option to use TCP. This option transfers packets and checks the packets for errors. For more
information click here
U P: Select this option to use UDP. This option is an alternative protocol to TCP, it is faster than TCP because it
does not use packets, it also does not provide error checking. For more information click here
Internal Host: Enter the LAN client P address of the host
elete: Deletes the specified port
Apply Changes: Changes are applied only after pressing this button.
To input a single port, simply enter it as both the From and To port. f both the port forwarding and DMZ options are
enabled, port forwarding will take priority, with the remaining ports allocated to the DMZ P address.
Do not enter overlapping port ranges for different P addresses, as this configuration does not translate to a logical port
forwarding structure. Please note that some cellular carriers will firewall the connections to their networks. As such, a
public WAN P address does not guarantee universal accessibility from the internet.
MZ Host
The Nexus Hawk supports a LAN client which can be placed in the DMZ (de-militarized zone) to allow access from the
connected WAN.
Enabled: Enables the DMZ host option.
IP address: Enter the address of the client on the LAN which will accept the WAN connection.
Apply Changes: Updates are applied only upon pressing this button.
f port forwarding and DMZ values conflict, port forwarding will always be given priority. The DMZ host will receive only
the ports not allocated in the forwarding table. Caution: Forwarding all traffic to a specific host may cause the
undesired effect of losing Internet-based connectivity to the Management Console. This is because all data
will be forwarded to the host specified. The Management Console will still be accessible to devices
attached to the LAN (Eth1) and WiFi AP.
The LAN client will now be accessible from any connected WAN interface. Please note that some cellular carriers firewall
the connections to their networks, and a public WAN P address does not guarantee universal accessibility from the
internet.
Remote Access
Allow certain LAN services to be accessible to WAN users, here. NOTE: This connection will be available if the target
network allows outside connections. Target network cannot be firewalled.
Access to the Management Console
HTTP Enabled: The Management Console is now available by WAN (i.e. - nternet) connected users on port
:80. f using a cellular data card, it is presented on that card's P address. f using DynDNS.org's services, it is
presented on the URL's port :80 (i.e. - http://MyHawk.dyndns.org:80 ).
Port: The port that the data will be presented on. Default is 80
HTTPS Enabled: The Management Console is now available by WAN (i.e. - nternet) connected users under a
secure certificate on the port specified.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
11 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Port: The port that the data will be presented on. Default is 443
Allow access by manufacturer for diagnostics
Enabled: This option enables
trusted Nexus iSR technical staff
to remotely access to your Nexus Hawk
securely, via SSH. Providing delightful support to you is our top priority. For more information click here
Access to GPS port
Enabled: Present GPS access to WAN (i.e. - nternet) users. Note: Control of the GPS is governed by the
framework provided by the GPSd daemon. Local clients still have the ability to access the GPS information. For
more information, click here
Applications|Advanced Routing
Static Routes
Static routes allow the Nexus Hawk to always use a specified gateway to access a certain host or network. For more
information click here
Show Current Routes: Press this button to show the currently defined routes
Enabled: Check this box to enable a static route
Name: Enter the name of the static route
estination: Enter the desired destination P Address of the static route
Netmask: Enter the desired netmask. For more information click here
Gateway: Enter the desired gateway
efault for Interface: Check this option to use the default gateway rather than one manually specified
Interface: Select the desired interface or use ‘Best Available’ and the Nexus Hawk will choose the best available
interface
elete: Check this box to delete the selected route
Apply Changes: Press this button to apply the changes
Cancel Changes: Press this button to cancel changes made
efault Route
The default route option allows you to order the path of your default route. f there is a WAN connection that you don't
want made available for your default route move it under the ---DO NOT USE BELOW HERE--- line.
Administration|Management
Password
The Nexus Hawk uses the defaults of Login=manager, Password=manager. t does not follow the Admin/Admin standard
used by other manufacturers specifically to make unintended access more difficult. These values may be changed here.
Login name: Displays the current login name. f you wish to change the login name enter the new name.
Current password: Enter the current configuration password.
New password: Enter the new password
Re-enter new password: Enter the new password again for verification purposes
Password-protect status page: Normally, the Status page is viewable by anyone who attaches to your Nexus
Hawk. Check this option if you wish to restrict that page, requiring login authentication before being able to view
its contents.
Apply Changes: Updates are applied only after pressing this button.
NOTE: Once saved, you will be required to login with the new login information.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
12 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
NS
The Nexus Hawk supports a dynamic DNS update with dyndns.org. f you have a dyndns.org account, this function may
be useful for finding the Nexus Hawk from the internet when it is connected to a WAN interface. Contact your Network
Administrator for system-specific settings. For more information click here
Username: Enter your dyndns.org account username.
Password: Enter your dyndns.org account password; must be at least five characters
Hostname: Enter the hostname associated with your dyndns.org user account. Currently, only hostnames
provided by dyndns.org are supported. NOTE: Hostnames are controlled by the dyndns policy. For more
information click here
Apply Changes: No updates are applied unless this button is pressed. Once pressed, the screen changes are
saved.
Once saved, the Nexus Hawk will attempt to update the specified dyndns.org entry whenever it initiates a new connection
to a WAN interface. NOTE: Only dynamic hosting by DynDNS.org is supported at this time.
Static HCP
The Nexus Hawk supports static DHCP leases and allows configuration of the router to provide the same P address to a
specific client via DHCP upon every connection. For more information on DHCP click here
MAC: Enter the media access control address of the client device. For more information click here
Hostname: Enter the hostname of the client device. Using DNS masquerading, this device may be referenced by
other LAN-connected clients by its assigned Hostname rather than it's assigned P address. For more information
click here
LAN IP: Enter the P address which will be provided to the client device by DHCP. For more information click
here
elete: Check this option to delete the specified entry(s)
Apply Changes: Updates are applied only when this button is pressed.
Example: Use this option to assure that the same P address is always served to a device with a particular MAC address.
Failover
Arrange available WAN links in the order that you would prefer that the Hawk uses them. The Hawk will then
automatically and dynamically use the highest available link on the list.
Priority List: Lists the possible internet connection types.
Up Button: Select an item in the Priorty list and press this button to move the item up in the list.
own Button: Select an item in the Priority list and press this button to move the item down in the list.
NTP
The Network Time Protocol (NTP) interface page allows you to update the Nexus Hawk's internal clock.
Enable NTP Client: Enables the NTP service on the Nexus Hawk
NTP Host: Enter the name of the NTP host
Asset Label
Enter up to 16 alphanumeric characters as an "Asset Label". This text will appear under the Nexus Hawk logo in the
upper left-hand corner of all Management Console screens. This field is used for no other purpose and is provided to
assist human administrators to more easily identify Nexus Hawk assets.
Asset Label: Enter the label used to define the Nexus Hawk.
Apply Changes: Updates are applied only when this button is pressed.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
13 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Administration| ebug File ownload
The Nexus Hawk allows the user to download a debug file to provide to technical support in the event of a system
malfunction. This will allow Nexus iSR engineers to inspect the status of your problem and more quickly determine its
cause.
Press the " ownload" button to save the "debug.bin" file. Simply e-mail it to the email address provided by your
administrator, along with as much detail about the issue as possible.
Administration|Reset
Reboot System
This is the equivalent to pressing the <Reset> button on the back panel of your Nexus Hawk. You will be presented with
a warning. Press the "Reboot" button to reboot the Nexus Hawk. Note: This operation will take up to 2 minutes to
complete.
Note: The system will be unavailable while rebooting!
Restore efaults
Select this option to restore your Nexus Hawk to Factory Default settings without the need to reboot. The changes will
take effect immediately, without delay.
Note: f you have changed your Eth1 P address from the default you will lose connectivity through that port upon
restoring defaults. To regain connectivity, perform a DHCP P renewal on your client. From your computer's command
prompt:
Windows2000/XP:
ipconfig /release <enter>
ipconfig /renew <enter>
Linux:
ifconfig /release <enter>
ifconfig /renew <enter>
WARNING: All settings will be reset to factory defaults, all custom settings will be.
Administration|Firmware Update
The Nexus Hawk allows the user to update to the latest firmware version. The current firmware version is displayed at
the top right corner of the Management Console.
Browse: Press this button to locate a locally stored firmware file to upload to the device. This firmware file
must come directly from http://www.nexusisr.com Navigate to the Support page and click the Nexus
Hawk Firmware Downloads link
Update: Press this button to upload the firmware file to the Nexus Hawk. The Nexus Hawk will attempt to apply
the firmware update and report on the success or failure of the operation. A successful firmware update will be
immediately followed by a reboot (which may take up to 2 minutes to complete).
Administration|Save/Restore Settings
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
14 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Save Current Settings
Save: Pressing this button will save the 'settings.bin' file to the directory you specify.
Restore Settings
Browse: Press this button to locate a locally stored settings file 'settings.bin' to upload to the device. This
settings file must be the file that a Nexus Hawk wrote.
Restore: Press this button to upload the settings file to the Nexus Hawk.
WARNING: Restoring settings from a file may affect accessibility of the Nexus Hawk from your current
location by changing settings such as LAN IP address, WAN connectivity, port forwarding, and other
configuration items.
IP Loopback
The Nexus Hawk supports P Loopback. P Loopback allows users on the LAN to access a service on the same LAN by
connecting to the appropriate forwarded port using the WAN P address. This is especially helpful for client applications
which are only aware of the server/peer's WAN P address.
Example:
Host A is connected to a Hawk LAN with an P address of 192.168.1.2. The Hawk has a WAN P address of 10.0.0.1, and
has a port forwarding entry to route all incoming TCP traffic on port 23 to a telnet service on Host A at 192.168.1.2. Host
B is on the same Hawk LAN with an P address of 192.168.1.3. Host B can access the telnet service on Host A by
referencing the Hawk's WAN P address of 10.0.0.1 and TCP port 23, which the Hawk will route appropriately to
192.168.1.2 without generating any WAN traffic.
For more information on loopback click here
Settings Persistence
Beginning with firmware version 1.2.0 user-entered the settings will persist (no re-keying necessary) as users upgrade
Hawk firmware to keep up-to-date. Said another way, performing a firmware upgrade will no longer automatically reset
the Nexus Hawk to factory default settings.
Note: Settings Persistence is supported for (1) all firmware upgrades and (2) firmware roll-backs that
share the same Firmware Family (identified by the first and second identifiers in the firmware version
numbers (e.g. - 1.2.9, 1.2.13, 1.2.18 are in the same Firmware Family while 1.2.9, 1.3.7 are not)
Status
The status page displays the status of the Nexus Hawk. The contents of this page are updated every 20 seconds (note
the timer at the top of the page).
WAN Connectivity
This area displays how the Nexus Hawk is connected to the "outside world" (most often, the nternet).
PCMCIA Slots
This area displays the status of Cellular card(s) in the card slot(s).
Signal Strength: Displays the strength of the signal
Carrier: Displays the name of your cellular service carrier
Card Name:Displays the model name of the connected card
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
15 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
WAN IP Address: Displays the P that the carrier has assigned to the Nexus Hawk's cellular card(s)
WiFi
AP
This area displays the status of the Access Point.
[xx:xx:xx:xx:xx:xx]: Displays the MAC address of the WiFi access point; this will always be the same as the
WiFi client.
SSI : Displays its SS D
Security: Displays the type of security in effect
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
16 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Client
This area displays the status of the client.
[xx:xx:xx:xx:xx:xx]: Displays the MAC address of the WiFi client; this will always be the same as the WiFi
access point.
Signal strength: Displays the signal strength of the connection
IP Address: Displays the P Address assigned to the Nexus Hawk's WiFi port by the AP's DHCP server
SSI : Displays the SS D of the network that it is connected to (through the remote AP)
Security: Displays the security of the network that it is connected to (through the remote AP)
10/100 Ethernet
WAN Port
This area displays the status of the WAN Port (Eth0) port.
[xx:xx:xx:xx:xx:xx]: Displays the MAC address of the Eth0 port.
IP Address: Displays the P address either delivered from a WAN DHCP server or manually configured through
the Management Console.
LAN Port
This area displays the status of the LAN Port (Eth1) port.
[xx:xx:xx:xx:xx:xx]: Displays the MAC address of the Eth1 port.
IP Address: Displays the P address of the connection.
Serial
This area displays whether or not a GPS device is connected
Security
This area displays the connection state of the OpenVPN Client Tunnel and PSec Client Tunnel.
Help
You can find all the user documentation files for the Nexus Hawk on this page.
User Manual: This is a printable version (PDF) of this file with the added features of an index and technical
specifications chart.
QuickStart Guide: This is a guide in PDF format for initializing the Nexus Hawk
QuickConfig Guide: This is a guide in PDF format for setting up the Nexus Hawk
QuickFix Guide: This is a guide in PDF format for fixing common problems while using the Nexus Hawk
Table of contents
Popular Gateway manuals by other brands
RTA
RTA 460USBSC-NNCU Product user guide
YOKOGAWA
YOKOGAWA YFGW410 Startup guide
Ruijie
Ruijie EG3000 Series quick start guide
Secomea
Secomea SiteManager 1029 Initial setup
Transmitter Solutions
Transmitter Solutions Wi-Enterprise Installation & user manual
virtual access
virtual access GW8600 Service Managed Gateway Installing and configuring
