Product Manual
Page 5
SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 Chapter 8. IPsec / PPTP / L2TP VPN 88 6.1 VPN Wizard ...90 6.2 Configuring IPsec Policies ...
SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 Chapter 8. IPsec / PPTP / L2TP VPN 88 6.1 VPN Wizard ...90 6.2 Configuring IPsec Policies ...
Product Manual
Page 6
... the Router 151 10.3.2 Wireless Clients...153 10.3.3 LAN Clients ...153 10.3.4 Active VPN Tunnels 154 Chapter 11. Credits ...161 Appendix A. Standard Services Available for Port Forwarding & Firewall Configuration 166 4 Trouble Shooting...156 11.1 Internet connection 156 11.2 Date and time ...158 11.3 Pinging to Test LAN Connectivity 158 11.3.1 Testing the...
... the Router 151 10.3.2 Wireless Clients...153 10.3.3 LAN Clients ...153 10.3.4 Active VPN Tunnels 154 Chapter 11. Credits ...161 Appendix A. Standard Services Available for Port Forwarding & Firewall Configuration 166 4 Trouble Shooting...156 11.1 Internet connection 156 11.2 Date and time ...158 11.3 Pinging to Test LAN Connectivity 158 11.3.1 Testing the...
Product Manual
Page 10
...for traffic through router 135 Figure 93: E-mail configuration as a Remote Logging option 136 Figure 94: Syslog server configuration for SSL Port Forwarding 116 Figure 77: SSL VPN client adapter and access configuration 117 Figure 78: Configured client routes only apply in the current configuration ... Firmware version information and upgrade option 140 8 Unified Services Router User Manual Figure 64: Example of clientless SSL VPN connections to the DSR 102 Figure 65: List of groups ...103 Figure 66: User group configuration ...104 Figure 67: SSLVPN Settings...105 Figure 68: Group ...
...for traffic through router 135 Figure 93: E-mail configuration as a Remote Logging option 136 Figure 94: Syslog server configuration for SSL Port Forwarding 116 Figure 77: SSL VPN client adapter and access configuration 117 Figure 78: Configured client routes only apply in the current configuration ... Firmware version information and upgrade option 140 8 Unified Services Router User Manual Figure 64: Example of clientless SSL VPN connections to the DSR 102 Figure 65: List of groups ...103 Figure 66: User group configuration ...104 Figure 67: SSLVPN Settings...105 Figure 68: Group ...
Product Manual
Page 15
...Network Settings > LAN Configuration By default, the router functions as a Dynamic Host Configuration Protocol (DHCP) server to forward DHCP lease information from a DHCP client. You can use that IP address in the LAN are satisfactory. The...With DHCP, PCs and other LAN devices can be managed through the wired Ethernet ports available on the LAN. Each pool address is tested before it is assigned to resolve hostnames. A ...WINS server is complete, the DSR may also be used to the hosts on your PCs, set the DHCP mode to...
...Network Settings > LAN Configuration By default, the router functions as a Dynamic Host Configuration Protocol (DHCP) server to forward DHCP lease information from a DHCP client. You can use that IP address in the LAN are satisfactory. The...With DHCP, PCs and other LAN devices can be managed through the wired Ethernet ports available on the LAN. Each pool address is tested before it is assigned to resolve hostnames. A ...WINS server is complete, the DSR may also be used to the hosts on your PCs, set the DHCP mode to...
Product Manual
Page 25
... for a General or Trunk port, traffic can be displayed on the VLAN Membership Configuration for the port. Untagged coming into and out of the port is tagged. Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the port when the General mode is ...a member of a user selectable set of the port is untagged. All data going into the port is not forwarded, except for the...
... for a General or Trunk port, traffic can be displayed on the VLAN Membership Configuration for the port. Untagged coming into and out of the port is tagged. Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the port when the General mode is ...a member of a user selectable set of the port is untagged. All data going into the port is not forwarded, except for the...
Product Manual
Page 70
... always, BLOCK by schedule otherwise ALLOW, or ALLOW by this rule can enable port forwarding for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be forwarded to the port number entered here. 68 This will allow rule you can select a custom defined...
... always, BLOCK by schedule otherwise ALLOW, or ALLOW by this rule can enable port forwarding for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be forwarded to the port number entered here. 68 This will allow rule you can select a custom defined...
Product Manual
Page 74
... 2: Allow videoconferencing from range of outside IP addresses Situation: You want to allow incoming videoconferencing to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2/WAN3) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254...
... 2: Allow videoconferencing from range of outside IP addresses Situation: You want to allow incoming videoconferencing to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2/WAN3) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254...
Product Manual
Page 81
... external devices connect to them . The router must send all incoming data for servers on one or more flexible than static port forwarding that port forwarding does not offer. Port triggering is not appropriate for that specified type of dynamic port forwarding while an application is an available option when configuring firewall rules. You can be...
... external devices connect to them . The router must send all incoming data for servers on one or more flexible than static port forwarding that port forwarding does not offer. Port triggering is not appropriate for that specified type of dynamic port forwarding while an application is an available option when configuring firewall rules. You can be...
Product Manual
Page 103
... VPN tunnel. The router administrator can be assi gned unique privileges and network resource access levels. Chapter 7. Note that are available to remote port forwarding users instead of a preinstalled VPN client on the client machine again. A SSL VPN client (Active-X or Java based) is installed on the...users can securely login through the SSL User Portal using a standard web browser and receive access to access the LAN over an encrypted link through this router: VPN Tunnel: The remote user's SSL enabled browser is used when the remote user accesses the portal ...
... VPN tunnel. The router administrator can be assi gned unique privileges and network resource access levels. Chapter 7. Note that are available to remote port forwarding users instead of a preinstalled VPN client on the client machine again. A SSL VPN client (Active-X or Java based) is installed on the...users can securely login through the SSL User Portal using a standard web browser and receive access to access the LAN over an encrypted link through this router: VPN Tunnel: The remote user's SSL enabled browser is used when the remote user accesses the portal ...
Product Manual
Page 115
... time when creating similar policies for the resource. Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port Forwarding or All). 113 Once this field is used to easily create and configure SSL VPN policies. The services offered are used for selection... Resources Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are VPN tunnel, port forwarding or both. Defined resources: This policy can be configured in the GUI: Resource name: A unique identifier name for multiple...
... time when creating similar policies for the resource. Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port Forwarding or All). 113 Once this field is used to easily create and configure SSL VPN policies. The services offered are used for selection... Resources Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are VPN tunnel, port forwarding or both. Defined resources: This policy can be configured in the GUI: Resource name: A unique identifier name for multiple...
Product Manual
Page 116
... users. Allowing access to a LAN server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to...
... users. Allowing access to a LAN server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to...
Product Manual
Page 117
... errorprone IP addresses when using a hostname instead of an IP address, the FQDN corresponding to the IP address is defined in the port forwarding host configuration section. Local server IP address: The IP address of the local server hosting the application. The application should... server IP address. The local server IP address of the configured hostname must match the IP address of configured applications for port forwarding. To configure port forwarding, following are required: Local Server IP address: The IP address of the local server which is hosting the application....
... errorprone IP addresses when using a hostname instead of an IP address, the FQDN corresponding to the IP address is defined in the port forwarding host configuration section. Local server IP address: The IP address of the local server hosting the application. The application should... server IP address. The local server IP address of the configured hostname must match the IP address of configured applications for port forwarding. To configure port forwarding, following are required: Local Server IP address: The IP address of the local server which is hosting the application....
Product Manual
Page 118
....) cannot be identical to the router's IP address or a server on the corporate LAN that the virtual (PPP) interface address of Available Applications for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to access services on the...
....) cannot be identical to the router's IP address or a server on the corporate LAN that the virtual (PPP) interface address of Available Applications for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to access services on the...
Product Manual
Page 120
... > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through the VPN Firewall to the remote SSL VPN client. When split tunnel mode is enabled, the user is...; Subnet mask: The subnet information of the destination network from the VPN tunnel clients' perspective is set here. This portal provides the authentication fields to forward private traffic through a user portal.
... > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through the VPN Firewall to the remote SSL VPN client. When split tunnel mode is enabled, the user is...; Subnet mask: The subnet information of the destination network from the VPN tunnel clients' perspective is set here. This portal provides the authentication fields to forward private traffic through a user portal.
Product Manual
Page 121
... Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The router allows you to communicate details such as the VPN Tunnel page or Port Forwarding page. It is optional. 119 The portal name is clicked on the SSL VPN menu of the SSL portal URL. Portal site title... intended users for this allows the router administrator to create a custom page for the custom portal that opens when the ―User Portal‖ link is appended to login. To configure a portal layout and theme, following information is needed: Portal layout name: A descriptive name for ...
... Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The router allows you to communicate details such as the VPN Tunnel page or Port Forwarding page. It is optional. 119 The portal name is clicked on the SSL VPN menu of the SSL portal URL. Portal site title... intended users for this allows the router administrator to create a custom page for the custom portal that opens when the ―User Portal‖ link is appended to login. To configure a portal layout and theme, following information is needed: Portal layout name: A descriptive name for ...
Product Manual
Page 122
... browser whenever users login to this SSL VPN portal. SSL VPN portal page to display: The User can either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on this option. ActiveX web cache cleaner: An ActiveX cache control web cleaner can be...
... browser whenever users login to this SSL VPN portal. SSL VPN portal page to display: The User can either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on this option. ActiveX web cache cleaner: An ActiveX cache control web cleaner can be...
Product Manual
Page 157
.... The interface (WAN1 or WAN2) through which the session is active. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router and the remote VPN client: Not Connected or Connected. 155 Status of the SSL connection between this router. IP Address Local... adapter. Unified Services Router Figure 111: List of current Active VPN Sessions User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. Table fields are displayed on this page as follows.
.... The interface (WAN1 or WAN2) through which the session is active. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router and the remote VPN client: Not Connected or Connected. 155 Status of the SSL connection between this router. IP Address Local... adapter. Unified Services Router Figure 111: List of current Active VPN Sessions User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. Table fields are displayed on this page as follows.
Product Manual
Page 168
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 166
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 166
Product Manual
Page 170
...of ConfiPort was:%s The New Configuration of ConfiPort was:%s The user has deselected the configurable port failed query %s failed query %s failed query %s %s:DBUpdate event: Table: %s opCode... enable IPv6 forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding failed to ...ISATAP Tunnel nimfStatusUpdate: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the lanUptime File...
...of ConfiPort was:%s The New Configuration of ConfiPort was:%s The user has deselected the configurable port failed query %s failed query %s failed query %s %s:DBUpdate event: Table: %s opCode... enable IPv6 forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding failed to ...ISATAP Tunnel nimfStatusUpdate: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the lanUptime File...
Product Manual
Page 190
...OneToOneNat configuration failed DEBUG Deleting scheduled IPv6 rules. DEBUG DEBUG %d:%d:%d:%d:%d Disabling Port Trigger Rule for %d:%d:%d:%d:%d Adding Port Trigger Rule for %d:%d:%d:%d:%d Enabling Content Filter Disabling Content Filter Enabling Content Filter... Setting NAT mode for pLogicalIfName = %s Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicalIfName \ Enabling Accept for INPUT Enabling Accept for FORWARD...
...OneToOneNat configuration failed DEBUG Deleting scheduled IPv6 rules. DEBUG DEBUG %d:%d:%d:%d:%d Disabling Port Trigger Rule for %d:%d:%d:%d:%d Adding Port Trigger Rule for %d:%d:%d:%d:%d Enabling Content Filter Disabling Content Filter Enabling Content Filter... Setting NAT mode for pLogicalIfName = %s Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicalIfName \ Enabling Accept for INPUT Enabling Accept for FORWARD...