DSR-150 User Manual
Page 5
...119 6.2.2 Internet over IPS ec tunnel 120 6.3 Configuring VPN clients 120 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 PPTP / L2TP Tunnels ...120 PPTP Tunnel Support ...120 L2TP Tunnel Support ...122 OpenVPN Support ...123 OpenVPN Remote Net work Setup 70 4.2 4.2.1 4.2.2 4.2.3 Wireless Profiles...70 WEP ...IP v6 Firewall Rules 92 5.4.1 Firewall Rule Configuration Examples 93 5.5 Security on Custom Servic es 97 5.6 ALG support ...99 5.7 VPN Passthrough for Firewall 100 5.8 Application Rules ...101 5.9 5.9.1 5.9.2 5.9.3 5.9.4 Web Content Filtering...102 Cont ent Filtering ...102 Approved ...
...119 6.2.2 Internet over IPS ec tunnel 120 6.3 Configuring VPN clients 120 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 PPTP / L2TP Tunnels ...120 PPTP Tunnel Support ...120 L2TP Tunnel Support ...122 OpenVPN Support ...123 OpenVPN Remote Net work Setup 70 4.2 4.2.1 4.2.2 4.2.3 Wireless Profiles...70 WEP ...IP v6 Firewall Rules 92 5.4.1 Firewall Rule Configuration Examples 93 5.5 Security on Custom Servic es 97 5.6 ALG support ...99 5.7 VPN Passthrough for Firewall 100 5.8 Application Rules ...101 5.9 5.9.1 5.9.2 5.9.3 5.9.4 Web Content Filtering...102 Cont ent Filtering ...102 Approved ...
DSR-150 User Manual
Page 6
... ...137 7.2 Using SSL VPN Policies 138 7.2.1 Using Network Res ourc es 141 7.3 Application Port Forwarding 142 7.4 SSL VPN Client Configuration 144 7.5 User Portal ...147 7.5.1 Creating Portal Layouts 147 Chapter 8. Advanced Configuration Tools 150 8.1 USB Device Setup ...150 8.2 USB share port...9.5 Backing up and Restoring Configuration Settings 170 9.6 Upgrading Router Firmware 171 9.7 Upgrading Router Firmware via USB 172 9.8 Dynamic DNS Setup ...173 9.9 9.9.1 9.9.2 9.9.3 9.9.4 Using Diagnostic Tools 174 Ping...175 Trace Route ...175 DNS Lookup ...176 Rout er Options ......
... ...137 7.2 Using SSL VPN Policies 138 7.2.1 Using Network Res ourc es 141 7.3 Application Port Forwarding 142 7.4 SSL VPN Client Configuration 144 7.5 User Portal ...147 7.5.1 Creating Portal Layouts 147 Chapter 8. Advanced Configuration Tools 150 8.1 USB Device Setup ...150 8.2 USB share port...9.5 Backing up and Restoring Configuration Settings 170 9.6 Upgrading Router Firmware 171 9.7 Upgrading Router Firmware via USB 172 9.8 Dynamic DNS Setup ...173 9.9 9.9.1 9.9.2 9.9.3 9.9.4 Using Diagnostic Tools 174 Ping...175 Trace Route ...175 DNS Lookup ...176 Rout er Options ......
DSR-150 User Manual
Page 9
...for 3G internet 66 Figure 40: Physical WAN port settings ...67 Figure 41: Wireless Network Setup Wizards ...69 Figure 42: List of A vailable Profiles shows the options available to secure the wireless link .......... 71 Figure 43: Profile configuration to set network security 73 Figure 44: RA DIUS ... services...98 Figure 60: Custom Services configuration ...98 Figure 61: A vailable ALG support on the router 100 Figure 62: Passthrough options for VPN tunnels 101 Figure 63: List of A vailable Application Rules showing 4 unique rules 102 Figure 64: Content Filtering used to block access to...
...for 3G internet 66 Figure 40: Physical WAN port settings ...67 Figure 41: Wireless Network Setup Wizards ...69 Figure 42: List of A vailable Profiles shows the options available to secure the wireless link .......... 71 Figure 43: Profile configuration to set network security 73 Figure 44: RA DIUS ... services...98 Figure 60: Custom Services configuration ...98 Figure 61: A vailable ALG support on the router 100 Figure 62: Passthrough options for VPN tunnels 101 Figure 63: List of A vailable Application Rules showing 4 unique rules 102 Figure 64: Content Filtering used to block access to...
DSR-150 User Manual
Page 11
..., Traps, and Access Control 160 Figure 111: SNMP system information for this router 161 Figure 112: Date, Time, and NTP server setup 162 Figure 113: Facility settings for Logging ...164 Figure 114: Log configuration options for traffic through router 166 Figure 115: IP v6 Log...167 Figure 116: E-mail configuration as a Remote Logging option 168 Figure 117: Syslog server configuration for Remote Logging (continued 169 Figure 118: VPN logs displayed in GUI event viewer 170 Figure 119: Restoring configuration from a saved file will result in the current configuration being overwritten and ...
..., Traps, and Access Control 160 Figure 111: SNMP system information for this router 161 Figure 112: Date, Time, and NTP server setup 162 Figure 113: Facility settings for Logging ...164 Figure 114: Log configuration options for traffic through router 166 Figure 115: IP v6 Log...167 Figure 116: E-mail configuration as a Remote Logging option 168 Figure 117: Syslog server configuration for Remote Logging (continued 169 Figure 118: VPN logs displayed in GUI event viewer 170 Figure 119: Restoring configuration from a saved file will result in the current configuration being overwritten and ...
DSR-150 User Manual
Page 29
Unified Services Router Figure 10: M ultiple VLAN Subne ts User Manual 2.2.3 VLAN configuration Setup > VLAN Settings > VLANconfiguration Th is p ag e allo ws en ab lin g o r d is ro ut er t o p ro vid e seg men t at io n cap ab ilit ies fo r firewall ru les an d VPN p o licies . Virt u al LA Ns can b e creat ed in t h is ab lin g t h e VLA N fu n ct io n o n t h e ro u t er. Ch eck t h e En ab le VLA N b o x t o ad d VLA N fu n ct io n alit y t o t h e LA N. 27 Th e LA N n et wo rk is co n s id ered t h e d efau lt VLA N.
Unified Services Router Figure 10: M ultiple VLAN Subne ts User Manual 2.2.3 VLAN configuration Setup > VLAN Settings > VLANconfiguration Th is p ag e allo ws en ab lin g o r d is ro ut er t o p ro vid e seg men t at io n cap ab ilit ies fo r firewall ru les an d VPN p o licies . Virt u al LA Ns can b e creat ed in t h is ab lin g t h e VLA N fu n ct io n o n t h e ro u t er. Ch eck t h e En ab le VLA N b o x t o ad d VLA N fu n ct io n alit y t o t h e LA N. 27 Th e LA N n et wo rk is co n s id ered t h e d efau lt VLA N.
DSR-150 User Manual
Page 38
... e ISP y o u h av e s elect ed fo r t h e p rimary W A N link for this router, choos e Static IP addres s , DHCP client, Point-to-Point Tu n n elin g ... h e t ime, in min u t es , t o wait b efo re d is en abled, DSR wo n 't exp ect a d efau lt ro u t e fro m t h e ISP s erv ...Setup Yo u mu s t eit h er allo w t h e ro u t er t o d et ect W A N co n n ect io n t y p e au t o mat ically o r co n fig u re man u ally t h e fo llo win g b as ic s et t in g s t o en ab le In t ern et co n n ect iv it es o v er t h is W A N lin k wh ile s t ill p ermit t in g VPN t raffic t o b e d irect ed t o a VPN...
... e ISP y o u h av e s elect ed fo r t h e p rimary W A N link for this router, choos e Static IP addres s , DHCP client, Point-to-Point Tu n n elin g ... h e t ime, in min u t es , t o wait b efo re d is en abled, DSR wo n 't exp ect a d efau lt ro u t e fro m t h e ISP s erv ...Setup Yo u mu s t eit h er allo w t h e ro u t er t o d et ect W A N co n n ect io n t y p e au t o mat ically o r co n fig u re man u ally t h e fo llo win g b as ic s et t in g s t o en ab le In t ern et co n n ect iv it es o v er t h is W A N lin k wh ile s t ill p ermit t in g VPN t raffic t o b e d irect ed t o a VPN...
DSR-150 User Manual
Page 115
... be a gateway to gateway co nnection (s ite-to-s ite) or a tunnel t o a h o s t o n t h e in g VPN W izard , fo llo w t h e s t ep s b elo w: 1. Figure 73 : VPN Wizard launch s cre e n To eas ily es t ab lis h a VPN t u n n el u s in t ern et (remo t e acces s ). Set t h e Co n n ect io n...r t h is t u n n el; Select the VPN tunnel type to create The tunnel can u s e t h e VPN wizard t o q u ickly creat e b o t h IKE an d VPN p o licies . Unified Services Router User Manual 6.1 VPN Wizard Setup > Wizard > VPN Wizard Yo u can either be configured for either of the ...
... be a gateway to gateway co nnection (s ite-to-s ite) or a tunnel t o a h o s t o n t h e in g VPN W izard , fo llo w t h e s t ep s b elo w: 1. Figure 73 : VPN Wizard launch s cre e n To eas ily es t ab lis h a VPN t u n n el u s in t ern et (remo t e acces s ). Set t h e Co n n ect io n...r t h is t u n n el; Select the VPN tunnel type to create The tunnel can u s e t h e VPN wizard t o q u ickly creat e b o t h IKE an d VPN p o licies . Unified Services Router User Manual 6.1 VPN Wizard Setup > Wizard > VPN Wizard Yo u can either be configured for either of the ...
DSR-150 User Manual
Page 117
... IPs ec . On ly t h e d at eway o r an IPs ec VPN clien t o n a h o s t . Th is will ad d VPN p o licies b y imp o rt in g a file co n t ain in g v pn policies . 6.2 Configuring IPsec Policies Setup > VPN Settings > IPsec > IPsec Policies A n IPs ec policy is between the two policy ...endpoints . Tran s p ort : Th is is u sed fo r en d -to Gatew ay policies) User Manual Th e VPN W izard is t h e reco mmen d ed met h o ...
... IPs ec . On ly t h e d at eway o r an IPs ec VPN clien t o n a h o s t . Th is will ad d VPN p o licies b y imp o rt in g a file co n t ain in g v pn policies . 6.2 Configuring IPsec Policies Setup > VPN Settings > IPsec > IPsec Policies A n IPs ec policy is between the two policy ...endpoints . Tran s p ort : Th is is u sed fo r en d -to Gatew ay policies) User Manual Th e VPN W izard is t h e reco mmen d ed met h o ...
DSR-150 User Manual
Page 122
... ISP's s erver to create a TCP control connection b et ween t h e LA N VPN clien t an d t h e VPN s erv er. 6.4.1 PPTP Tunnel Support Setup > VPN Settings > PPTP > PPTP Client PPTP VPN Clien t can b e au t h en t icat ed u s in t. Yo u can acces s Sta tus > Active VPNs p ag e an d es t ab lis h PPTP VPN t u n n el clickin g Connect. Refer t o t h e clien t s o ft ware g u id e fo...
... ISP's s erver to create a TCP control connection b et ween t h e LA N VPN clien t an d t h e VPN s erv er. 6.4.1 PPTP Tunnel Support Setup > VPN Settings > PPTP > PPTP Client PPTP VPN Clien t can b e au t h en t icat ed u s in t. Yo u can acces s Sta tus > Active VPNs p ag e an d es t ab lis h PPTP VPN t u n n el clickin g Connect. Refer t o t h e clien t s o ft ware g u id e fo...
DSR-150 User Manual
Page 123
... of configured IP addres ses of allowed clients can b e es t ablis hed t h rou gh t h is ro u ter. PPTP Clie nt User Manual Figure 78: PPTP VPN conne ction s tatus Setup > VPN Settings > PPTP > PPTP Server A PPTP VPN can reach the router's PPTP s erver.
... of configured IP addres ses of allowed clients can b e es t ablis hed t h rou gh t h is ro u ter. PPTP Clie nt User Manual Figure 78: PPTP VPN conne ction s tatus Setup > VPN Settings > PPTP > PPTP Server A PPTP VPN can reach the router's PPTP s erver.
DSR-150 User Manual
Page 124
... man ag ed b y t h e ro u t er. 122 Unified Services Router Figure 79 : PPTP tunne l configuratio n - PPTP Se rve r User Manual 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can reach t he ro u ter's L2TP s erv er. On ce t h e L2TP s erv er is en ab led , L2TP clien t s t h at are wit h in...
... man ag ed b y t h e ro u t er. 122 Unified Services Router Figure 79 : PPTP tunne l configuratio n - PPTP Se rve r User Manual 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can reach t he ro u ter's L2TP s erv er. On ce t h e L2TP s erv er is en ab led , L2TP clien t s t h at are wit h in...
DSR-150 User Manual
Page 125
Unified Services Router Figure 80 : L2TP tunne l configuratio n - L2TP Se rve r User Manual 6.4.3 OpenVPN Support Setup > VPN Settings > OpenVPN > OpenVPN Configuration Op en VPN allo ws p eers t o au t h en t icat e each o t h er u s in a mu lt iclien t -s erv er co n figu rat ion, it allows the s erver to releas e an authentication certificate for every client, us ing 123 W hen u sed in g a p re -s h ared s ecret key , cert ificat es , o r u sername/ passwo rd .
Unified Services Router Figure 80 : L2TP tunne l configuratio n - L2TP Se rve r User Manual 6.4.3 OpenVPN Support Setup > VPN Settings > OpenVPN > OpenVPN Configuration Op en VPN allo ws p eers t o au t h en t icat e each o t h er u s in a mu lt iclien t -s erv er co n figu rat ion, it allows the s erver to releas e an authentication certificate for every client, us ing 123 W hen u sed in g a p re -s h ared s ecret key , cert ificat es , o r u sername/ passwo rd .
DSR-150 User Manual
Page 127
Unified Services Router Figure 81 : Ope nVPN configuratio n User Manual 6.4.4 OpenVPN Remote Network Setup > VPN Settings > OpenVPN > OpenVPN Remote Network (Site-toSite) Th is p ag e allo ws t h e u s er t o ad d / ed it a remo t e n et wo rk an d n et mas k wh ich allo ws t h e o t h er Op en VPN clien t s t o reach t h is n et wo rk. 125
Unified Services Router Figure 81 : Ope nVPN configuratio n User Manual 6.4.4 OpenVPN Remote Network Setup > VPN Settings > OpenVPN > OpenVPN Remote Network (Site-toSite) Th is p ag e allo ws t h e u s er t o ad d / ed it a remo t e n et wo rk an d n et mas k wh ich allo ws t h e o t h er Op en VPN clien t s t o reach t h is n et wo rk. 125
DSR-150 User Manual
Page 128
Remote Network : Net wo rk ad d res s o f t h e remo t e res o u rce. S ubnet Mas k : Net mas k o f t h e remo t e res o u rce. 6.4.5 OpenVPN Authentication Setup > VPN Settings > OpenVPN > OpenVPN Authentication This page allows the us er to upload required certificates and keys . 126 Unified Services Router Figure 82: Ope nVPN Re mote Ne twork User Manual Common Name : Co mmo n Name o f t h e Op en VPN clien t cert ificat e.
Remote Network : Net wo rk ad d res s o f t h e remo t e res o u rce. S ubnet Mas k : Net mas k o f t h e remo t e res o u rce. 6.4.5 OpenVPN Authentication Setup > VPN Settings > OpenVPN > OpenVPN Authentication This page allows the us er to upload required certificates and keys . 126 Unified Services Router Figure 82: Ope nVPN Re mote Ne twork User Manual Common Name : Co mmo n Name o f t h e Op en VPN clien t cert ificat e.
DSR-150 User Manual
Page 140
...n a Glo b a l, Gro u p , o r Us er lev el. I.e. Unified Services Router Figure 92 : Us e r configurat ion options User Manual 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Po licies can b e ap p lied t o a s p ecific n et wo rk res o u rce, IP ad d res s o r ran g es o ...n t h e LA N, o r t o d iffe ren t SSL VPN s erv ices s u p p o rt ed b y t h e ro u t er. Us er lev el p o ...
...n a Glo b a l, Gro u p , o r Us er lev el. I.e. Unified Services Router Figure 92 : Us e r configurat ion options User Manual 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Po licies can b e ap p lied t o a s p ecific n et wo rk res o u rce, IP ad d res s o r ran g es o ...n t h e LA N, o r t o d iffe ren t SSL VPN s erv ices s u p p o rt ed b y t h e ro u t er. Us er lev el p o ...
DSR-150 User Manual
Page 143
...p ermit t ed o r d en ied . Leav in g t h e s t art in g s imilar p o licies fo r mu lt ip le remo t e SSL VPN u s ers . Using Network Resources Setup > VPN Settings > SSL VPN Server > Resources Net wo rk res o u rces are s erv ices o r g ro u p s o f LA N IP ad d res s es t h at are... VPN t u n n el, p o rt fo rward in g o r b o t h . Defined res ources : This policy can be defined by configuring the fo llo win g in t...
...p ermit t ed o r d en ied . Leav in g t h e s t art in g s imilar p o licies fo r mu lt ip le remo t e SSL VPN u s ers . Using Network Resources Setup > VPN Settings > SSL VPN Server > Resources Net wo rk res o u rces are s erv ices o r g ro u p s o f LA N IP ad d res s es t h at are... VPN t u n n el, p o rt fo rward in g o r b o t h . Defined res ources : This policy can be defined by configuring the fo llo win g in t...
DSR-150 User Manual
Page 144
... Forwarding s ervice. Unified Services Router User Manual Figure 95: Lis t of configure d re s ource s , which are available to as s ign to SSL VPN policie s 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Po rt fo rward in g TCP p o rt n u mb ers : T CP Ap p lication FTP Data (usually not needed) Po r t Num...
... Forwarding s ervice. Unified Services Router User Manual Figure 95: Lis t of configure d re s ource s , which are available to as s ign to SSL VPN policie s 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Po rt fo rward in g TCP p o rt n u mb ers : T CP Ap p lication FTP Data (usually not needed) Po r t Num...
DSR-150 User Manual
Page 146
...t er's IP ad d res s o r a s erv er o n t h e co rp o rat e LA N t h at t h e v irt u al (PPP) in t erface ad d res s o f t h e VPN t u n n el clien t d o es n ot co nflict wit h p h ys ical d ev ices o n t h e LA N. Unified Services Router User Manual Figure 96 : Lis t of Available Applicat io ns... for SSL Port Forward i ng 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client A n SSL VPN t u n n el clien t p ro vid es a p o in t-to -po int co nnect ion b etween t h ...
...t er's IP ad d res s o r a s erv er o n t h e co rp o rat e LA N t h at t h e v irt u al (PPP) in t erface ad d res s o f t h e VPN t u n n el clien t d o es n ot co nflict wit h p h ys ical d ev ices o n t h e LA N. Unified Services Router User Manual Figure 96 : Lis t of Available Applicat io ns... for SSL Port Forward i ng 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client A n SSL VPN t u n n el clien t p ro vid es a p o in t-to -po int co nnect ion b etween t h ...
DSR-150 User Manual
Page 148
...b e ad d ed t o allo w acces s t o t h e p riv at io n n et wo rk is s et h ere. Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If t h e SSL VPN clien t is as ks fo r p asswo rd, en ter t h e M A C u s er account pas s word but no t root pas s word or s s ...at e LA N's firewall (t y p ically t h is ro u ter) is n eed ed t o fo rward p riv ate t raffic t h rou gh t h e VPN Firewall t o t h e remo t e SSL VPN clien t . Figure 98 : Configu re d clie nt route s only apply in s plit tunne l mode S teps to co n fig u re ro u t es...
...b e ad d ed t o allo w acces s t o t h e p riv at io n n et wo rk is s et h ere. Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If t h e SSL VPN clien t is as ks fo r p asswo rd, en ter t h e M A C u s er account pas s word but no t root pas s word or s s ...at e LA N's firewall (t y p ically t h is ro u ter) is n eed ed t o fo rward p riv ate t raffic t h rou gh t h e VPN Firewall t o t h e remo t e SSL VPN clien t . Figure 98 : Configu re d clie nt route s only apply in s plit tunne l mode S teps to co n fig u re ro u t es...
DSR-150 User Manual
Page 149
...the n be as s ociate d with an authe ntic at io n domain 7.5.1 Creating Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts Th e ro u t er allo ws y o u t o creat e a cu s t o m p ag e fo r remo t e SSL VPN u s ers t h at o p ens wh en th e "Us er Po rtal" lin...icat e d et ails s uch as d etermin ed b y t h e ro ut er ad min is clicked o n t h e SSL VPN men u o f t h e ro u t er GUI. Unified Services Router User Manual 7.5 User Portal Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal W h en remo t e u s ers wan t t o access t he p riv ate n etwo rk t h ro u g ...
...the n be as s ociate d with an authe ntic at io n domain 7.5.1 Creating Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts Th e ro u t er allo ws y o u t o creat e a cu s t o m p ag e fo r remo t e SSL VPN u s ers t h at o p ens wh en th e "Us er Po rtal" lin...icat e d et ails s uch as d etermin ed b y t h e ro ut er ad min is clicked o n t h e SSL VPN men u o f t h e ro u t er GUI. Unified Services Router User Manual 7.5 User Portal Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal W h en remo t e u s ers wan t t o access t he p riv ate n etwo rk t h ro u g ...