User Guide
Page 5
Every effort has been made to differences in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device. WiMAX Device Computer Notebook computer Server Base Station Firewall Router Internet Switch Wireless Signal Telephone WiMAX Device Configuration User's Guide 5 Document Conventions Graphics in this manual is accurate.
Every effort has been made to differences in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device. WiMAX Device Computer Notebook computer Server Base Station Firewall Router Internet Switch Wireless Signal Telephone WiMAX Device Configuration User's Guide 5 Document Conventions Graphics in this manual is accurate.
User Guide
Page 46
... Static Route for the IP update policy. 7 Click Save. 4.8.3 Testing the DDNS Setting Now you may be able to the WiMAX Device's LAN. The router may connect a router to access the WiMAX Device from the Internet. This tutorial shows how to extend your Intranet and control traffic flowing directions, you should appear...
... Static Route for the IP update policy. 7 Click Save. 4.8.3 Testing the DDNS Setting Now you may be able to the WiMAX Device's LAN. The router may connect a router to access the WiMAX Device from the Internet. This tutorial shows how to extend your Intranet and control traffic flowing directions, you should appear...
User Guide
Page 47
... specify a static routing rule on N1 192.168.1.253 WiMAX Device Configuration User's Guide 47 N1 A R N2 B This tutorial uses the following figure, router R is sent to the WiMAX Device's LAN. In this Tutorial DEVICE / COMPUTER IP ADDRESS The WiMAX Device's WAN 172.16.1.1 The WiMAX Device's LAN... 192.168.1.1 A 192.168.1.34 R's IP address on the WiMAX Device to specify R as the router in N2 network), the traffic is connected to the WiMAX Device's WAN default gateway by default. In this case, the WiMAX Device routes traffic from...
... specify a static routing rule on N1 192.168.1.253 WiMAX Device Configuration User's Guide 47 N1 A R N2 B This tutorial uses the following figure, router R is sent to the WiMAX Device's LAN. In this Tutorial DEVICE / COMPUTER IP ADDRESS The WiMAX Device's WAN 172.16.1.1 The WiMAX Device's LAN... 192.168.1.1 A 192.168.1.34 R's IP address on the WiMAX Device to specify R as the router in N2 network), the traffic is connected to the WiMAX Device's WAN default gateway by default. In this case, the WiMAX Device routes traffic from...
User Guide
Page 53
... Note: Manager IP VLAN ID is the same as one of the LAN transparent VLAN ID VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=5 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each row. For example...
... Note: Manager IP VLAN ID is the same as one of the LAN transparent VLAN ID VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=5 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each row. For example...
User Guide
Page 55
... LAN transparent VLAN ID User Network VLAN Tag ID=5 Transparent VLAN Tag ID=10 LAN CPE VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=3 VLAN Tag ID=3 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each...
... LAN transparent VLAN ID User Network VLAN Tag ID=5 Transparent VLAN Tag ID=10 LAN CPE VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=3 VLAN Tag ID=3 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each...
User Guide
Page 91
.... otherwise, leave them in the form of possible hosts on a network. IP Address IP addresses identify individual devices on . Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to divide one network into multiple sub-networks.
.... otherwise, leave them in the form of possible hosts on a network. IP Address IP addresses identify individual devices on . Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to divide one network into multiple sub-networks.
User Guide
Page 92
... default server. For example, let's say you can leave the DNS servers out of port numbers. RIP Setup RIP (Routing Information Protocol) allows a router to the computer. the WiMAX Device will ignore any RIP packets received. • None - In addition to the outside world even though NAT makes your... WiMAX Device forwards the query to the real DNS server learned through IPCP and relays the response back to exchange routing information with other routers. the difference being that DNS proxy works only when the ISP uses the IPCP DNS server extensions. Chapter 7 Network Setting If the ...
... default server. For example, let's say you can leave the DNS servers out of port numbers. RIP Setup RIP (Routing Information Protocol) allows a router to the computer. the WiMAX Device will ignore any RIP packets received. • None - In addition to the outside world even though NAT makes your... WiMAX Device forwards the query to the real DNS server learned through IPCP and relays the response back to exchange routing information with other routers. the difference being that DNS proxy works only when the ISP uses the IPCP DNS server extensions. Chapter 7 Network Setting If the ...
User Guide
Page 93
... a computer on the LAN to dynamically take turns using UPnP? ALG Some applications, such as SIP, H.323 or FTP) at the application layer. Some NAT routers may include a SIP Application Layer Gateway (ALG). Chapter 7 Network Setting 192.168.1.35 to a third (C in the data stream. You assign the LAN IP addresses...
... a computer on the LAN to dynamically take turns using UPnP? ALG Some applications, such as SIP, H.323 or FTP) at the application layer. Some NAT routers may include a SIP Application Layer Gateway (ALG). Chapter 7 Network Setting 192.168.1.35 to a third (C in the data stream. You assign the LAN IP addresses...
User Guide
Page 95
Select Router from the ISP. Select the protocol the WiMAX Device uses to connect to cross the WiMAX Device. This option enables or disables allow ARP requests ... to tag frames for NAT, allowing devices on the LAN to use their own internal IP addresses while communicating with devices on the WAN. • Router - Click Network Setting > WAN to open this to manually enter the IP address the WiMAX Device uses. • From ISP - Select this if you have...
Select Router from the ISP. Select the protocol the WiMAX Device uses to connect to cross the WiMAX Device. This option enables or disables allow ARP requests ... to tag frames for NAT, allowing devices on the LAN to use their own internal IP addresses while communicating with devices on the WAN. • Router - Click Network Setting > WAN to open this to manually enter the IP address the WiMAX Device uses. • From ISP - Select this if you have...
User Guide
Page 105
... static route. Chapter 7 Network Setting Click Add in the Network Setting > Route > Static Route screen to configure how the WiMAX Device exchanges information with other routers. Figure 53 Static Route Screen This screen contains the following fields: Table 36 Static Route LABEL Destination IP Subnet Mask Next Hop DESCRIPTION Enter the...
... static route. Chapter 7 Network Setting Click Add in the Network Setting > Route > Static Route screen to configure how the WiMAX Device exchanges information with other routers. Figure 53 Static Route Screen This screen contains the following fields: Table 36 Static Route LABEL Destination IP Subnet Mask Next Hop DESCRIPTION Enter the...
User Guide
Page 132
... authentication through a shared secret key and uses a three way handshake. It provides additional security over stateless MPPE, but should not be located behind a NAT enabled router. This will be used in clear text and does not use the dropdown list box to select the type of the PPTP server. Select the...
... authentication through a shared secret key and uses a three way handshake. It provides additional security over stateless MPPE, but should not be located behind a NAT enabled router. This will be used in clear text and does not use the dropdown list box to select the type of the PPTP server. Select the...
User Guide
Page 136
... allowed for this screen as an Auth Protocol, use encryption. It provides additional security over stateless MPPE, but should not be located behind a NAT enabled router. Select Yes to select the type of the L2TP server. Select Yes if the client will allow multiple clients using NAT to -Point Encryption (MPPE).
... allowed for this screen as an Auth Protocol, use encryption. It provides additional security over stateless MPPE, but should not be located behind a NAT enabled router. Select Yes to select the type of the L2TP server. Select Yes if the client will allow multiple clients using NAT to -Point Encryption (MPPE).
User Guide
Page 137
...the IP address for connecting to open the General screen as shown next. Local Endpoint This displays the IP address of the remote IPSec router. Ensure that the IP address is the VPN policy index number. Enabled This displays if the VPN policy is enabled. Get IP ...) LABEL DESCRIPTION Password Enter the password for connecting to the client. Figure 77 IPSec Fields Summary Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address Click Security > IPSec VPN to the L2TP server. WiMAX Device Configuration User's Guide 137
...the IP address for connecting to open the General screen as shown next. Local Endpoint This displays the IP address of the remote IPSec router. Ensure that the IP address is the VPN policy index number. Enabled This displays if the VPN policy is enabled. Get IP ...) LABEL DESCRIPTION Password Enter the password for connecting to the client. Figure 77 IPSec Fields Summary Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address Click Security > IPSec VPN to the L2TP server. WiMAX Device Configuration User's Guide 137
User Guide
Page 138
Add Click this button to add an item to the list. 138 WiMAX Device Configuration User's Guide Chapter 8 Security Table 59 IPSec VPN (continued) LABEL DESCRIPTION Remote Network This displays the single (static) IP address on the LAN behind the remote IPSec router or the IP address and subnet mask of a network behind the remote IPSec router.
Add Click this button to add an item to the list. 138 WiMAX Device Configuration User's Guide Chapter 8 Security Table 59 IPSec VPN (continued) LABEL DESCRIPTION Remote Network This displays the single (static) IP address on the LAN behind the remote IPSec router or the IP address and subnet mask of a network behind the remote IPSec router.
User Guide
Page 140
Gateway Information Local Endpoint Interface Select the interface for identification purposes only and can be able to identify this if the remote IPSec router has a static IP address or a domain name. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. For example, in ...Select E-mail to an IPSec server. It is recommended that the key is hexadecimal and "0123456789ABCDEF" is the client (dial-in from IPSec routers with a "0x" (zero x), which to distinguish between VPN connection requests that best describes your pre-shared key in the IKE SA....
Gateway Information Local Endpoint Interface Select the interface for identification purposes only and can be able to identify this if the remote IPSec router has a static IP address or a domain name. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. For example, in ...Select E-mail to an IPSec server. It is recommended that the key is hexadecimal and "0123456789ABCDEF" is the client (dial-in from IPSec routers with a "0x" (zero x), which to distinguish between VPN connection requests that best describes your pre-shared key in the IKE SA....
User Guide
Page 141
... Remote Endpoint field description). use a 1536-bit random number The longer the key, the more processing power, resulting in from remote IPSec routers with a specific proposal. For Domain Name or E-mail, type a domain name or e-mail address by its IP address. WiMAX Device... Configuration User's Guide 141 The configuration of proposals should not affect performance significantly. It is a NAT router between the two IPSec routers. • When you want the WiMAX Device to distinguish between VPN connection requests that you will use for identification ...
... Remote Endpoint field description). use a 1536-bit random number The longer the key, the more processing power, resulting in from remote IPSec routers with a specific proposal. For Domain Name or E-mail, type a domain name or e-mail address by its IP address. WiMAX Device... Configuration User's Guide 141 The configuration of proposals should not affect performance significantly. It is a NAT router between the two IPSec routers. • When you want the WiMAX Device to distinguish between VPN connection requests that you will use for identification ...
User Guide
Page 142
...peer to pings. Specify the time interval for the connectivity check. The peer must be configured to respond to make sure the remote IPSec router is active at an IP address or subnet. You can have the same configured local or remote IP address, but not both. In ...same local and remote IP address(es). This does not affect any other active rules with the Remote Endpoint field set to the remote IPSec router's configured local IP addresses. Remote IP addresses must be static and correspond to 0.0.0.0. Local IP addresses must support DPD. Select icmp to use...
...peer to pings. Specify the time interval for the connectivity check. The peer must be configured to respond to make sure the remote IPSec router is active at an IP address or subnet. You can have the same configured local or remote IP address, but not both. In ...same local and remote IP address(es). This does not affect any other active rules with the Remote Endpoint field set to the remote IPSec router's configured local IP addresses. Remote IP addresses must be static and correspond to 0.0.0.0. Local IP addresses must support DPD. Select icmp to use...
User Guide
Page 143
...hash algorithm to have the WiMAX Device regularly perform a TCP or UDP handshake with the AES encryption algorithm The WiMAX Device and the remote IPSec router must use for an SA. a 192-bit key with the DES encryption algorithm • 3DES - A short SA Life Time increases security...SHA1 is generally considered stronger than MD5, but it is selected, enter a (static) IP address on the LAN behind the remote IPSec's router. However, every time the VPN tunnel renegotiates, all users accessing remote resources are Algorithm SHA1 and MD5. If Single address is also slower. ...
...hash algorithm to have the WiMAX Device regularly perform a TCP or UDP handshake with the AES encryption algorithm The WiMAX Device and the remote IPSec router must use for an SA. a 192-bit key with the DES encryption algorithm • 3DES - A short SA Life Time increases security...SHA1 is generally considered stronger than MD5, but it is selected, enter a (static) IP address on the LAN behind the remote IPSec's router. However, every time the VPN tunnel renegotiates, all users accessing remote resources are Algorithm SHA1 and MD5. If Single address is also slower. ...
User Guide
Page 144
Both routers must use of encryption techniques such as follows. Save Click Apply to save your previous settings. 8.12 Technical Reference This section provides some technical background ...
Both routers must use of encryption techniques such as follows. Save Click Apply to save your previous settings. 8.12 Technical Reference This section provides some technical background ...
User Guide
Page 146
... an IKE SA should stay up before it times out. phase 1 (Authentication) and phase 2 (Key Exchange). If an IPSec SA times out, then the IPSec router must : • Choose an encryption algorithm. • Choose an authentication algorithm • Choose a Diffie-Hellman public-key cryptography key group. • Set the IPSec SA...
... an IKE SA should stay up before it times out. phase 1 (Authentication) and phase 2 (Key Exchange). If an IPSec SA times out, then the IPSec router must : • Choose an encryption algorithm. • Choose an authentication algorithm • Choose a Diffie-Hellman public-key cryptography key group. • Set the IPSec SA...