MultiTech RF600VPN VPN Setup Checklist

This document explains the setup of one RF600VPN at the main location connected as a VPN with RF550VPN(s) at the remote location(s) using static IP addresses at all locations.

There is an addendum at the end of this document for using dynamic IP addresses at remote locations.

This will require one copy of this document. And a separate copy of the RF550VPN document for each of the RF550’s

Client: ______________________

Site Name_______________

OS: 

• Win XP Pro
• Win2k Pro
• Other: ______________________

Route Finder Info

SN__________________________

Product/Model #______________________

Firmware version _____________________

NOTE: This document reflects a procedural change effective 10/07/2002

(all Windows XP Pro machines)

to use a password of perf on the Administrator account.

Machines built before 10/07/2002

(Windows 2000 Pro and NT/4 machines) had no password on the Administrator account.

Connect devices

• Connect the WAN port on VPN device to the Cable or DSL modem. This is the incoming signal
• (Optional) Connect the Serial port on the VPN device to the Dial-Up or ISDN modem

• The LAN port must be connected to a hub/switch, which then feeds to the PC’s or server.

Note: Do not use the Uplink port on the hub.

• Connect the power port to the power supplyConfigure Windows NT-4 PC
• Start > Settings > Control PanelDouble click Network icon
• At top of Network dialog box, click Protocols tab
• Select TCP/IP Protocol associated with your NIC
• Click Bindings
• In Bindings dialog box, find Show Bindings For box. Select All Adapters
• Double click the entry for your NIC
• Select the Protocol tab
• Click Properties
• Click Obtain IP address from DHCP server

OR

• Click Specify an Address,
• Set address to 10.1.1.xxx
• Set Subnet Mask to 255.255.255.0
• Click Apply, then OK, then close all applets
• Repeat this section for each PC on network

Configure Win2K Pro or XP Pro PC

• Start > Settings Control PanelDouble click on Network and Dial-up Connections
• Right click on Local Area Connection, then left click on Properties
• Select Internet Protocol [TCP/IP], you NIC should then display in the Connect Using boxClick Properties
• Click Obtain IP address from DHCP server

OR

• Click Specify an Address,
• Set address to 192.168.2.2
• Set Subnet Mask to 255.255.255.0
• Set Default Gateway to IP address of LAN port on FR600VPN 192.168.2.1
• Click Apply, then OK, then close all applets
• Repeat this section for each PC on network

Ping device

AT a PC, Start > Run > cmd to open a prompt. IPCONFIG at the prompt to ensure you are on the same network

Login to RouteFinder

• At a PC, open a web browser with an address of: https://192.168.2.1. This is the default address of the RouteFinder
• Click Yes at the optional Security Alert screen
• At Login screen, enter a user name of admin with a password of admin (we will change password later). Click Login. Click No at Auto Complete

Check Firmware Version

• Firmware version is listed on opening page

Time Zone Settings

• Select Administration on the top tool bar. Set the Time Zone then Next

Initial Configuration Using the Wizard Setup

• Click Wizard Setup on the top tool bar
• Enter the administrator’s e-mail address. ___________________

Ex: admin@yourdomain.com

• (Optional) Enter your Hostname

Ex: routfinder.yourdomain.com

• Enter the LAN IP address and mask. These should already be set to default settings

IP address: 192.168.2.1

IP subnet mask: 255.255.255.0

• Check the Static IP box
• Enter the WAN IP address. This should be your static IP address

IP address:

____.____.____.____

IP subnet mask:

____.____.____.____

Gateway: (same as IP address)

____.____.____.____

• Check the Packet Filter Rule

• Check box in  Modem Settings if using a modem for backup

• Leave all passwords blank

• Click Save, then OK

• It will take 1 0r 2 minutes to save settings. Do Not Close Browser until redirected to a new web page

Configure Networks & Services | Networks

• Click Networks & Services on the top tool bar
• Enter these only for the locations that are available

• Enter name: loc2LAN

IP address: (192.168.3.0)

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add (if changed)

• Enter name: loc2WAN

(Optional-only if remote is static)

IP address:

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add (if changed)

•        Enter name: loc3LAN

IP address: (192.168.4.0)

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add (if changed)

•        Enter name: loc3WAN

(Optional-only if remote is static)

IP address:

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add

•        Enter name: loc4LAN

IP address: (192.168.5.0)

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add

•        Enter name: loc4WAN

(Optional-only if remote is static)

IP address:

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add

•        Enter name: loc5LAN

IP address:

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add

•        Enter name: loc5WAN

(Optional-only if remote is static)

IP address:

____.____.____.____

IP subnet mask:

____.____.____.____

Click Add

Configure Network Setup | Interfaces

• Click Network Setup on tool bar

Record the Default Gateway:

____.____.____.____

Host Name:__________

• (Opt) External Name Server: _____________

Click Add

• (Opt) WINS Server: _____________

Click Add

• Record the LAN (eth0) IP address:

____.____.____.____

Subnet mask:

____.____.____.____

Click Save (if changed)

• Record the WAN (eth1) IP address:

___.____.____.____

Subnet mask:

____.____.____.____

Click Save (if changed)

• Set the DMZ (eth2) IP address: 192.168.99.1

Subnet mask: 255.255.255.0

Click Save

Configure Packet Filters | Packet Filter Rules

• Click Packet Filters on tool bar
• There should already be row for: LAN > Any > Any > Accept
• For Dynamic remotes, add a new line item for each loc

loc2LAN > Any > lan > Accept

Click Add      (loc3, loc4,etc)

• For Static remotes, add these two for every static remote

loc2LAN > Any > lan > Accept

Click Add

loc2WAN > Any > lan > Accept

Click Add

Configure VPN | IPSec

• Click VPN on tool bar
• Checkmark and Save VPN Status
• DO NOT check IKE Debugging!

This is used for debugging ONLY!

• DO NOT check IPSec debugging!

This is used for debugging ONLY!

• Add an IKE Connection for each remote

Connection Name: 

___________________

(For example loc2LAN)

• Checkmark Perfect Forward Secrecy
• Authentication Method = Secret
• Enter Secret Key: (perf)

________________

(Must be same on both sides)

• Local WAN IP = WAN
• Local LAN  = lan
• Remote Gateway IP = Any
• Remote LAN Subnet = loc2LAN
• Click Add
• Wait
• Repeat the Add an IKE Connection for each loc (loc3LAN, etc.)
• Be sure to check Status box to enable that VPN

NOTE: Do not use the Proxy section

It may cause problems

Double Check SSH Settings

• Click on Administration on the toolbar
• Click on SSH on left
• Ensure Status is Unchecked

A note about Secure Shell Status:

- When this box is unchecked, loginuser is disabled and never used.

- When this box is checked, loginuser is used. Users admin or loginuser will have remote access to the command line. A password will then be needed for loginuser

Check Device Status

• Click Statistics & Logs on toolbar
• Click IPSec on left side of screen
• Click on IPSec Live Connections
• There should be a connection listed on this page
• Close this page after viewing it

Change Admin Password

• Click on User Authentication in tool bar
• At lower end of screen, click on Edit for the Admin user
• After a screen refresh, enter the password of perfection twice, then Save

Enable Dial Up Modem Backup for WAN

NOTE: This section is optional. It will enable a dial up modem connection to auto-dial if the DSL connection is dropped.

• Click on Network Setup in tool bar
• On left side of screen, click on PPP
• Modem can be enabled with check box
• Username, Password, and Dial-upn Settings can be entered on this screen

Logout

• Click Logout on tool bar

Addendum for setting up RF600VPN to use with Dynamic IP Addresses at remote locations

• Click on VPN on the toolbar
• If necessary, click on IPSec on left
• On table at bottom of screen, click on Edit to edit the entry for loc2LAN (only if loc2 is dynamic)
• Change the Remote Gateway IP setting to Any
• Do the same for other location entries that will have a Dynamic IP Address

• Click on Network & Services on the toolbar
• If necessary, click on Networks on left
• Leave loc2LAN as normal for loc 2
• Delete loc2WAN from the table
• Do the same for other location entries that will have a Dynamic IP Address

• There are no changes necessary for the RF550VPN

Reset Device

NOTE: This section is included for reference only! All settings will be reset to factory defaults and password will be set to admin

• Click on Administration on the toolbar
• On left side of screen, click on Factory Defaults
• Click OK at the warning message to reset to Factory Defaults
• Click OK at the IP Address Change screen
• Wait for approximately two minutes for the server to be reset

Open a Telnet Port for temporary use

NOTE: This is for reference only! Opening a telnet port is a security risk!

Telnet ports should be closed as early as possible

• Click on Network Setup in top bar
• Click on DNAT on left side
• Setup a telnet port with

• Pre DNAT Network of  WANInterface
• Service of TELNET
• Post DNAT Network of Telnet Server (could try telnetserv)
• Destination Service of TELNET
• Click Add

• Click on Packet Filters in top bar
• You should be in Packet Filter Rules on left side
• Add a User Defined Filter with

• From(client) of Any
• Service of TELNET
• To(Server) of Any (could try telnetserv)
• Action of ACCEPT
• Click Add

To remove this open port:

• Click on Network Setup in top bar
• Click on DNAT on left side
• Delete the DNAT DefinitionSetup
• Click on Packet Filters in top bar
• You should be in Packet Filter Rules on left side
• Delete the telnet User Defined Filter