User Guide
Page 15
... network wirelessly. Computers can use a traditional analog telephone to make Internet calls. CHAPTER 1 Introduction 1.1 Overview The LTE Device is an indoors LTE (Long Term Evolution) router with VPN and a robust firewall that uses Stateful Packet Inspection (SPI) technology and protects against Denial of Service (DoS) attacks. 1.2 Applications for the LTE Device...
... network wirelessly. Computers can use a traditional analog telephone to make Internet calls. CHAPTER 1 Introduction 1.1 Overview The LTE Device is an indoors LTE (Long Term Evolution) router with VPN and a robust firewall that uses Stateful Packet Inspection (SPI) technology and protects against Denial of Service (DoS) attacks. 1.2 Applications for the LTE Device...
User Guide
Page 63
... join the network. However, you need to log into the second device (usually the Access Point or wireless router). Take the following steps to set up a WPS connection between an access point or wireless router (referred to here as the AP) and a client device using the button. 1 Ensure that the two devices...
... join the network. However, you need to log into the second device (usually the Access Point or wireless router). Take the following steps to set up a WPS connection between an access point or wireless router (referred to here as the AP) and a client device using the button. 1 Ensure that the two devices...
User Guide
Page 95
... routes. To have the LTE Device send data to the LAN. You create one static route to connect to services offered by your ISP behind a router R3 connected to devices not reachable through the LTE Device's default gateway (R1). Figure 64 Example of Static Routing Topology A R1 LAN R3 WAN R2... LTE-5121 User's Guide 95 For example, the next figure shows a computer (A) connected to communicate with a separate network behind router R2. You create another static route to the LTE Device's LAN interface.
... routes. To have the LTE Device send data to the LAN. You create one static route to connect to services offered by your ISP behind a router R3 connected to devices not reachable through the LTE Device's default gateway (R1). Figure 64 Example of Static Routing Topology A R1 LAN R3 WAN R2... LTE-5121 User's Guide 95 For example, the next figure shows a computer (A) connected to communicate with a separate network behind router R2. You create another static route to the LTE Device's LAN interface.
User Guide
Page 96
... use . The gateway is not in use or not. Status Name Destination IP Gateway Subnet Mask Modify A yellow bulb signifies that this static route is a router or switch on network number. A gray bulb signifies that this static route is active or not.
... use . The gateway is not in use or not. Status Name Destination IP Gateway Subnet Mask Modify A yellow bulb signifies that this static route is a router or switch on network number. A gray bulb signifies that this static route is active or not.
User Guide
Page 97
... Address DESCRIPTION Click this to activate this screen to configure Bound Interface, select the check box and choose an interface through which the traffic is a router or switch on network number. The following table describes the labels in the Routing screen or click the Edit icon next to delete this screen...
... Address DESCRIPTION Click this to activate this screen to configure Bound Interface, select the check box and choose an interface through which the traffic is a router or switch on network number. The following table describes the labels in the Routing screen or click the Edit icon next to delete this screen...
User Guide
Page 115
... hosts, while the web servers on page 120). 10.1.2 What You Need To Know The following terms and concepts may help as the packet traverses a router, for example, the source address of the host when the same packet is in the WAN side. NAT, RFC 1631) is the translation of the...
... hosts, while the web servers on page 120). 10.1.2 What You Need To Know The following terms and concepts may help as the packet traverses a router, for example, the source address of the host when the same packet is in the WAN side. NAT, RFC 1631) is the translation of the...
User Guide
Page 121
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, a web server and a Telnet server, on your network. The following table summarizes this information. The global IP addresses for Many-to-One and ...
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, a web server and a Telnet server, on your network. The following table summarizes this information. The global IP addresses for Many-to-One and ...
User Guide
Page 149
... screen contains the following figure helps explain the main fields in the web configurator. Figure 102 IPSec Fields Summary Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address Click Security > VPN to the list. # This is a standards-based VPN that provides confidentiality, data integrity, and...
... screen contains the following figure helps explain the main fields in the web configurator. Figure 102 IPSec Fields Summary Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address Click Security > VPN to the list. # This is a standards-based VPN that provides confidentiality, data integrity, and...
User Guide
Page 150
... Local Address Remote Address IPSec Algorithm Modify DESCRIPTION This displays if the VPN policy is enabled. This displays the IP address of the remote IPSec router. Click the Delete icon to delete an existing rule. 16.3 IPSec VPN: Add Use these settings to the screen where you can edit the rule...
... Local Address Remote Address IPSec Algorithm Modify DESCRIPTION This displays if the VPN policy is enabled. This displays the IP address of the remote IPSec router. Click the Delete icon to delete an existing rule. 16.3 IPSec VPN: Add Use these settings to the screen where you can edit the rule...
User Guide
Page 152
... by their subnet mask by their subnet mask. Then enter the subnet mask to identify the network address. Enter the name of the remote IPSec router in the IKE SA. End/Subnet Mask Remote Remote Address Type IP Address Start If Subnet is selected, enter a (static) IP address on... a network by entering a (static) IP address on the LAN behind the remote IPSec's router. Then enter the subnet mask to identify the network address. If Single is selected, specify IP addresses on the LAN behind your LTE Device. Address...
... by their subnet mask by their subnet mask. Then enter the subnet mask to identify the network address. Enter the name of the remote IPSec router in the IKE SA. End/Subnet Mask Remote Remote Address Type IP Address Start If Subnet is selected, enter a (static) IP address on... a network by entering a (static) IP address on the LAN behind the remote IPSec's router. Then enter the subnet mask to identify the network address. If Single is selected, specify IP addresses on the LAN behind your LTE Device. Address...
User Guide
Page 153
...; When there is for identification purposes only and can be able to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. Phase 1 LTE-5121 User's Guide 153 Use up to 31 ASCII characters including spaces, although trailing ...spaces are truncated. The domain name or e-mail address is a NAT router between VPN connection requests that you configure the Content field to 0.0.0.0 or leave it blank, the LTE Device will make the VPN connection...
...; When there is for identification purposes only and can be able to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. Phase 1 LTE-5121 User's Guide 153 Use up to 31 ASCII characters including spaces, although trailing ...spaces are truncated. The domain name or e-mail address is a NAT router between VPN connection requests that you configure the Content field to 0.0.0.0 or leave it blank, the LTE Device will make the VPN connection...
User Guide
Page 154
... size and encryption algorithm. SHA is also slower. a 256-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use a 2048-bit random number SA Life Time The longer the key, the more processing power, resulting in increased latency and decreased ...and decrypt information. Choices are : Diffie-Hellman Group2 - a 56-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use in this field. Choices are : DES - A short SA Life Time increases security by forcing the two VPN gateways to update ...
... size and encryption algorithm. SHA is also slower. a 256-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use a 2048-bit random number SA Life Time The longer the key, the more processing power, resulting in increased latency and decreased ...and decrypt information. Choices are : Diffie-Hellman Group2 - a 56-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use in this field. Choices are : DES - A short SA Life Time increases security by forcing the two VPN gateways to update ...
User Guide
Page 155
... if the VPN policy is the VPN policy index number. use a 1536-bit random number DPD Active Diffie-Hellman Group14 - The remote IPSec router must use a 2048-bit random number Enable Dead Peer Detection (DPD) Active check box if you want the LTE Device to view active VPN... connections. Refresh Click this button to open this section. Both routers must support DPD. IPSec Algorithm This displays the encryption algorithm being used to encrypt and decrypt information. Figure 105 Monitor This screen contains the ...
... if the VPN policy is the VPN policy index number. use a 1536-bit random number DPD Active Diffie-Hellman Group14 - The remote IPSec router must use a 2048-bit random number Enable Dead Peer Detection (DPD) Active check box if you want the LTE Device to view active VPN... connections. Refresh Click this button to open this section. Both routers must support DPD. IPSec Algorithm This displays the encryption algorithm being used to encrypt and decrypt information. Figure 105 Monitor This screen contains the ...
User Guide
Page 158
... IPSec SA lifetime period expires. It uses 6 messages in the negotiation). 158 LTE-5121 User's Guide If an IPSec SA times out, then the IPSec router must renegotiate the SA the next time someone attempts to Set Up the IPSec SA In phase 1 you must : • Choose an encryption algorithm. •...
... IPSec SA lifetime period expires. It uses 6 messages in the negotiation). 158 LTE-5121 User's Guide If an IPSec SA times out, then the IPSec router must renegotiate the SA the next time someone attempts to Set Up the IPSec SA In phase 1 you must : • Choose an encryption algorithm. •...
User Guide
Page 159
... case, the entire original packet) are not encrypted. The VPN device at the receiving end finds a mismatch between the two IPSec routers. Transport mode ESP with authentication is not compatible with the AH protocol in this section if you to the packet. As a result...incompatible with NAT. IPSec using ESP protocol with NAT because integrity checks are negotiating authentication (phase 1). NAT traversal allows you are NAT routers between the hash value and the data and assumes that the data has been maliciously altered. Chapter 16 VPN • Aggressive Mode...
... case, the entire original packet) are not encrypted. The VPN device at the receiving end finds a mismatch between the two IPSec routers. Transport mode ESP with authentication is not compatible with the AH protocol in this section if you to the packet. As a result...incompatible with NAT. IPSec using ESP protocol with NAT because integrity checks are negotiating authentication (phase 1). NAT traversal allows you are NAT routers between the hash value and the data and assumes that the data has been maliciously altered. Chapter 16 VPN • Aggressive Mode...
User Guide
Page 160
...by a NAT device. The ID type and content act as an extra level of identification for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses. The compatibility of the "original header plus original payload," which is supported in tunnel mode ...because integrity checks are encrypted to IPSec router A. Table 65 VPN and NAT SECURITY PROTOCOL AH AH ESP ESP MODE Transport Tunnel Transport Tunnel NAT N N Y* Y Y* - For NAT traversal...
...by a NAT device. The ID type and content act as an extra level of identification for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses. The compatibility of the "original header plus original payload," which is supported in tunnel mode ...because integrity checks are encrypted to IPSec router A. Table 65 VPN and NAT SECURITY PROTOCOL AH AH ESP ESP MODE Transport Tunnel Transport Tunnel NAT N N Y* Y Y* - For NAT traversal...
User Guide
Page 161
... e-mail address. Chapter 16 VPN The type of ID can be a real domain name or e-mail address. 16.5.7.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set to E-mail. E-mail Type an e-mail address (up to 31 characters) by which...
... e-mail address. Chapter 16 VPN The type of ID can be a real domain name or e-mail address. 16.5.7.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set to E-mail. E-mail Type an e-mail address (up to 31 characters) by which...
User Guide
Page 169
... allows the LTE Device to send fax messages. The LTE Device creates Class of Service (CoS) priority tags with any SIP ALG on a NAT router in SIP messages. send the DTMF tones in the Start Port and End Port fields. This method works best when you push its buttons. Select...register server might have interoperability problems. The peer devices must also use compression (like G.711). PCM - send the DTMF tones in front of NAT router and eliminates the need for STUN or a SIP ALG. You should send fax messages as UDP or TCP/IP packets through IP networks. Enter the...
... allows the LTE Device to send fax messages. The LTE Device creates Class of Service (CoS) priority tags with any SIP ALG on a NAT router in SIP messages. send the DTMF tones in the Start Port and End Port fields. This method works best when you push its buttons. Select...register server might have interoperability problems. The peer devices must also use compression (like G.711). PCM - send the DTMF tones in front of NAT router and eliminates the need for STUN or a SIP ALG. You should send fax messages as UDP or TCP/IP packets through IP networks. Enter the...
User Guide
Page 232
... RTP registration product 227 related documentation 2 reset 213 RESET button 19 restart 213 restoring configuration 212 RFC 1631 115 RFC 1889 182 RFC 3164 187 router features 15 RTP 182 RTS threshold 59 S safety warnings 227 scan 46 scheduling wireless LAN 57 screw anchors 19 security wireless LAN 59 security, network...
... RTP registration product 227 related documentation 2 reset 213 RESET button 19 restart 213 restoring configuration 212 RFC 1631 115 RFC 1889 182 RFC 3164 187 router features 15 RTP 182 RTS threshold 59 S safety warnings 227 scan 46 scheduling wireless LAN 57 screw anchors 19 security wireless LAN 59 security, network...