ETIC SIG Manual do Utilizador

SIG TLS or IPSec VPN server _________________ User manual Document reference : 9017409-01 _________________

INSTALLATION 1 Product description SIG router Interface Led Function Ethernet 1 DATA Blinking quickly : Data activity LINK Lit : Interf

INSTALLATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 11 Ethernet RJ45 connector Ethernet 10/100 BT Pin Nr Signal Function 1

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 13 1 Configuring the SIG router 1.1 Overview Administration server a

CONFIGURATION 1.2 First configuration Step 1 : Create or modify the PC’s IP connection. Assign to the PC an IP @ in accordance with the SIG IP add

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 15 1.3 Modifying the configuration Modifications from the LAN (Interf

CONFIGURATION Page 16 User’s guide ref 9017409-01 SIG Router & VPN server 2 Rebooting the router after parameters changes • After the param

CONFIGURATION 5 Restricting access to the administration server The access to the administration server can be protected by a login and password. T

CONFIGURATION Page 18 User’s guide ref 9017409-01 SIG Router & VPN server 6 Assigning IP addresses to the LAN and the WAN interfaces 6.1 Pr

CONFIGURATION Moreover The LAN IP address must be different from any of the remote LAN IP address. 6.2 LAN interface parameters 6.2.1 IP addres

The SIG router & VPN server is manufactured by ETIC TELECOM 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL : + (33) (0)4-76-04-

CONFIGURATION Page 20 User’s guide ref 9017409-01 SIG Router & VPN server 6.2.2 DHCP server configuration Over the LAN interface, the SIG ro

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 21 6.3 WAN interface parameters The « Ethernet 4 » RJ45 connector i

CONFIGURATION 7 Creating VPN connections between routers 7.1 Principles A VPN tunnel is a safe link set between two end-points routers over an I

CONFIGURATION To create VPN connections between routers, • select the « Set up» menu and then « Network» and then “VPN connections”. SIG Rout

CONFIGURATION 7.2 IPSec VPN connections 7.2.1 Configuring the IPSec protocol • Select the “Set up” menu, the “network” menu and then ‘VPN conn

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 25 “Authentication & encryption key” parameters : Authentication

CONFIGURATION 7.2.2 Setting up an outgoing IPSec connection IP networkVPNRouter Outgoingconnection Incomingconnection Remote LANIP addressRemot

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 27 ‘Remote WAN IP address’ parameter : Enter the IP network address a

CONFIGURATION 7.2.3 Configuring an ingoing IPSec connection VPNRouter Remote LANIP addressLANIP addressIncomingconnection Outgoingconnection Remo

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 29 Give a name to the connection and select the “ingoing” connection di

CONTENT SIG Router & VPN server User’s guide ref. 9017409-01 Page 3 PRESENTATION 1 TECHNICAL DATA...

CONFIGURATION 7.3 TLS VPN connections 7.3.1 Configuring the TLS-SSL protocol • Select the “Set up” menu, the “network” menu and then the ‘VPN co

CONFIGURATION “VPN network address” & “VPN network netmask” parameters : The TLS VPN server router assigns automatically an IP address to the V

CONFIGURATION 7.3.2 Configuring an outgoing TLS connection 2 Configuring an outgoing TLS connection IP networkVPNRouter Outgoingconnection Inco

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 33 “Login & Password” parameter: Enter the login and password, the

CONFIGURATION 7.3.3 Configuring an ingoing TLS connection VPNRouter Remote LANIP addressLANIP addressIncomingconnection Outgoingconnection Remote

CONFIGURATION “Remote LAN address” & “Remote LAN netmask” ” parameters : Enter the IP network address and netmask assigned to the remote LAN. “

CONFIGURATION 8.2 Static routes However, the router R2 is not able to route frames between a device like L1 belonging to the LAN network and a dev

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 37 Remark : It is not necessary to enter in the router R2 the static r

CONFIGURATION Page 38 User’s guide ref 9017409-01 SIG Router & VPN server To enable RIP, • select the « Set up» menu, the “Routing” menu and

CONFIGURATION PLC1 192.168.0.15TCP : 102PLC2 192.168.0.16TCP : 502PC 192.168.0.17TCP : 8062.10.10.7TCP : 102WAN IP addr. :62.10.10.7WANnetwor

CONTENT Page 4 User’s guide ref 9017409-01 SIG Router & VPN server … CONFIGURATION 8 ROUTING FUNCTIONS...

CONFIGURATION the SNAT function which consists in replacing the source IP address. Because the DNAT and SNAT functions modify the IP addresses of

CONFIGURATION 9.2.2 Configuration To set the advanced address translation functions, • select the “Set up” menu, “Network” , and then the “Advan

CONFIGURATION To create a new DNAT rule • Click “Add a DNAT” rule. • Select “Yes” to enable the rule. • Enter the replacement criterion : Sour

CONFIGURATION To replace the source IP address & destination port • Click “Add a SNAT” rule. • Select “Yes” to enable the rule. • Enter th

CONFIGURATION Page 44 User’s guide ref 9017409-01 SIG Router & VPN server 10 VRRP redundancy 10.1 Principle VRRP is a protocol designed to

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 45 10.2 Configuring VRRP on the LAN interface To enable and configure

CONFIGURATION Page 46 User’s guide ref 9017409-01 SIG Router & VPN server 10.3 Configuring VRRP on the WAN interface To enable and configur

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 47 11 Remote users connections service The SIG provides a full remote

CONFIGURATION 12 Remote users connections 12.1 Principles A remote user connection is a tunnel set between a remote PC and a router providing the

CONFIGURATION 12.2 Configuring a TLS connection The M2Me_Secure software provided by ETIC TELECOM is a Windows TLS client software. Installed on a

CONTENT SIG Router & VPN server User’s guide ref. 9017409-01 Page 5 … CONFIGURATION 15 ADVANCED FUNCTIONS...

CONFIGURATION • Select the VPN type “ TLS”. • Click the “Properties” button and set the parameters. ”Port number” & “Protocol” : Select t

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 51 “Remote Users authentication” parameters : Authentication an encrypt

CONFIGURATION 12.3 Configuring a PPTP connection We describe hereafter how to configure the router and the PC to set a PPTP remote user connectio

CONFIGURATION 13 Users list The user list registers 25 authorised remote users forms. Each user form stores the identity of the user (Login and p

CONFIGURATION Attention : Coming from factory, a default user is registered; his login is admin and the password is also admin. After the test p

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 55 E-mail : The SIG will send an email to that address in two situatio

CONFIGURATION Page 56 User’s guide ref 9017409-01 SIG Router & VPN server 14 Firewall 14.1 Overview The firewall filters IP packets betwe

CONFIGURATION The firewall of the SIG firewall can thus be represented by the drawing hereafter : VPN between routersWANLANUsers filtersMain filterF

CONFIGURATION Page 58 User’s guide ref 9017409-01 SIG Router & VPN server 14.2 Main filter The main filter applies to all the IP packets ex

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 59 • Main filter table The main filter is a table, each line being a r

CONFIGURATION 14.2.2 Configuring the main filter Select the “Security” menu and then “Firewall” and “Main filter”. The “Main filter” page is di

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 61 Configure successively the WAN traffic rules using the same method.

CONFIGURATION Page 62 User’s guide ref 9017409-01 SIG Router & VPN server ”Destination IP address” & “destination port” parameters : Ente

CONFIGURATION Step 2 : Enter the list of devices of the LAN network • Select the «System» menu, then «Devices list». The list of the devices of the

CONFIGURATION Step 3 : Build a remote user filter • Select the « security» menu, then « firewall» and then «Filter list» The users filters list is

CONFIGURATION • Click « add a new filter ». • Assign a name to the new filter. • Choose the policy ; « All is forbidden except what we specify

CONFIGURATION Page 66 User’s guide ref 9017409-01 SIG Router & VPN server Step 4 : Assign a filter to each user • Select the « Remote user»

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 67 15 Advanced functions 15.1 Adding a certificate Coming from the

CONFIGURATION 15.3 Configuring the web portal The web portal in an html page; it displays a list of devices connected to the LAN. Each line of the

CONFIGURATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 69 15.4 Configuring the DNS server For domain names resolution, the S

INSTALLATION SIG Router & VPN server User’s guide ref. 9017409-01 Page 7 1 Technical data General characteristics Dimensions 137 x 48 x 1

MAINTENANCE SIG Router & VPN server User’s guide ref. 9017409-01 Page 71 1 Diagnostic The html server provides extended diagnostic functions.

MAINTENANCE Page 72 User’s guide ref 9017409-01 SIG Router & VPN server 2 Saving the parameters to a file Once a product has been configured

MAINTENANCE SIG Router & VPN server User’s guide ref. 9017409-01 Page 73 Step 4 : Update the firmware Launch the web browser Enter the IP addr

MAINTENANCE Page 74 User’s guide ref 9017409-01 SIG Router & VPN server

APPENDIX 1 HTML administration server SIG Router & VPN server User’s guide ref. 9017409-01 Page 75 1/ Set up menu Remote users To assign an

APPENDIX 1 HTML administration server Page 76 User’s guide ref 9017409-01 SIG Router & VPN server 2/ Diagnostic menu Log To display the event

APPENDIX 2 VPN basic mechanisms 1 Overview VPN is the acronym for « virtual private network » ; it is a mechanism which allows to connect safely 2

APPENDIX2 VPN basic mechanisms Page 78 User’s guide ref 9017409-01 SIG Router & VPN server 2 Functions A VPN provides the functions describe

APPENDIX 2 VPN basic mechanisms SIG Router & VPN server User’s guide ref. 9017409-01 Page 79 VPN clearing Periodically, each router (or at le

INSTALLATION Page 8 User’s guide ref 9017409-01 SIG Router & VPN server VPN and firewall VPN • 128 VPN • IPSec - Client or server - PSK or

APPENDIX2 VPN basic mechanisms Page 80 User’s guide ref 9017409-01 SIG Router & VPN server

13, Chemin du Vieux Chêne 38240 Meylan - France Tel : 33 4 76 04 20 00 Fax : 33 4 76 04 20 01 E-mail : contact@eticteleco

INSTALLATION 2 Overview The SIG is designed to build safe and reliable remote control system through the internet or private extended networks.