-
Digicom Michelangelo SHDSL - page 1
Michelangelo SHD SL SHDSL VPN Firew all Bridge/ Router User’s Manual V er . 1.0 ...
-
Digicom Michelangelo SHDSL - page 2
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 1: Introduction 2 Chapter 1: Introduction Introduction to your Router W elcome to the Digicom MICHELANGELO SHDSL Router . Y our Digicom SHDSL router is an “all-in-one” unit, combining an SH DSL modem, SHDSL router and Ethernet network switch, providing everything you need to get the machines ...
-
Digicom Michelangelo SHDSL - page 3
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 1: Introduction 3 Dynamic Domain Name System (DDNS) The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname. This dynamic IP address is the W AN IP address. For example, to use the service, you must first apply for an account from a DDNS service like http://www .dyn ...
-
Digicom Michelangelo SHDSL - page 4
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 2: Installing the Router 4 Chapter 2: Installing the Router Important note for using this router Package Contents SHDSL Router CD-ROM containing the online manual RJ-1 1 SHDSL / telephone Cable Ethernet (CA T -5 LAN) Cable Console (PS2-RS232) Cable AC-DC power adapter (12V DC, 1A) Quick Start Gu ...
-
Digicom Michelangelo SHDSL - page 5
MICHELANGELO SHDSL VPN Firewall Bridge/Router 5 The Front LEDs of MICHLANGELO SHDSL LED Meaning 1 2 LINE 1 & 2 Lit when successfully connected to SHDSL line and it is synchronized. 3 LAN Port 1X — 4X (RJ-45 connector) Lit when connected to an Ethernet device. Green for 100Mbps; Orange for 10Mbps. Blinking when data is Transmitted / Received. ...
-
Digicom Michelangelo SHDSL - page 6
MICHELANGELO SHDSL VPN Firewall Bridge/Router 6 The Rear Ports of MICHELANGELO SHDSL Port Meaning 1 Power Switch Power ON/OFF switch 2 PWR Connect the supplied power adapter to this jack. 3 RESET T o be sure the device is being turned on ‡ press RESET button for: 1-3 seconds : quick reset the device. 6 seconds above, and power off, power on the d ...
-
Digicom Michelangelo SHDSL - page 7
MICHELANGELO SHDSL VPN Firewall Bridge/Router 7 Cabling One of the most common causes of problems is bad cabling or SHDSL line(s) . Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. V erify that the LAN Link and SHDSL line LEDs are lit. If they are not, verify that you are using the proper cables. ...
-
Digicom Michelangelo SHDSL - page 8
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 8 Any TCP/IP capable workstation can be used to communicate with or through the router . T o configure other types of workstations, please consult the manufacturer’s documentation. Chapter 3: Basic Installation The router can be configured with your w eb browser . A web b ...
-
Digicom Michelangelo SHDSL - page 9
Chapter 3: Basic Installation 9 Configuring PCs in W indows in W indow XP 1. Go to Start / Control Panel (in Classic View). In the Control Panel, double-click Network Connections . 2. Double-click Local Area Connection . (See Figure 3.1) 3. In the LAN Area Connection Status window , click Properties . ( See Figure 3.2) 4. Select Internet Protocol ( ...
-
Digicom Michelangelo SHDSL - page 10
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 10 Configuring PCs in W indows 2000 1. Go to Start / Settings / Control Panel . In the Control Panel, double-click Network and Dial-up Connections . 2. Double-click Local Area (“LAN”) Connection . (See Figure 3.5) 3. In the LAN Area Connection Status window , click Prop ...
-
Digicom Michelangelo SHDSL - page 11
Chapter 3: Basic Installation 1 1 Configuring PC in W indows 95/98/ME 1. Go to Start / Settings / Control Panel . In the Control Panel, double-click Network and choose the Configuration tab. 2. Select TCP / IP -> NE2000 Compatible , or the name of any Network Interface Card (NIC) in your PC. ( See Figure 3.9) 3. Click Properties . 4. Select the ...
-
Digicom Michelangelo SHDSL - page 12
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 12 Configuring PC in W indows NT4.0 1. Go to Start / Settings / Control Panel . In the Control Panel, double-click Network and choose the Protocols tab. 2. Select TCP/IP Protocol and click Properties . ( See Figure 3.12) 3. Select the Obtain an IP address from a DHCP server ...
-
Digicom Michelangelo SHDSL - page 13
Chapter 3: Basic Installation 13 Factory Default Settings Before configuring your , you need to know the following default settings. W eb Interface (Username and Password) Username: admin Password: admin The default username and password are “ admin ” and “ admin ” respectively . Device LAN IP settings: IP Address: 192.168.1.254 Subnet Mask ...
-
Digicom Michelangelo SHDSL - page 14
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 14 Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically , Static IP (Fixed IP Address) and PPPoE. Gather the inform ...
-
Digicom Michelangelo SHDSL - page 15
Chapter 3: Basic Installation 15 Configuring with your W eb Browser Open your web browser , enter the IP address of your router , which by default is 192.168.1.254 , and click “ Go ”, a user name and password window prompt will appear . The default username and password are “admin” and “admin” respectively . (See Figure 3.14) Figure 3.1 ...
-
Digicom Michelangelo SHDSL - page 16
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 16 Chapter 4: Configuration At the configuration homepage, the left navigation pane where bookmarks are provided links you directly to the desired setup page, including: Status - ARP T able - Routing T able - DHCP T able - PPTP Status - IPSec Status - L2TP Status - Email Status ...
-
Digicom Michelangelo SHDSL - page 17
Chapter 4: Configuration 17 Status ARP T able This section displays the router’s ARP (Address Resolution Protocol) T able, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall – MAC Add ...
-
Digicom Michelangelo SHDSL - page 18
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 18 DHCP T able Leased: The DHCP assigned IP addresses information. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). Expired: The expired IP addresses information. Permanent: The fixed host mapping information Leased T able IP Address: The IP addres ...
-
Digicom Michelangelo SHDSL - page 19
Chapter 4: Configuration 19 PPTP Status This shows details of your configured PPTP VPN Connections. Name: The name you assigned to the particular PPTP connection in your VPN configuration. T ype: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active. T unne ...
-
Digicom Michelangelo SHDSL - page 20
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 20 L2TP Status This shows details of your configured L2TP VPN Connections. Name: The name you assigned to the particular L2TP connection in your VPN configuration. T ype: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whet ...
-
Digicom Michelangelo SHDSL - page 21
Chapter 4: Configuration 21 Event Log This page displays the router’s Event Log entries. Major events are logged to this window , such as when the router’s SHDSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Fi ...
-
Digicom Michelangelo SHDSL - page 22
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 22 NA T Sessions This section lists all current NA T sessions between interface of types external (W AN) and internal (LAN). Diagnostic It tests the connection to computer(s) which is connected to LAN ports and also the W AN Internet connection. If PING www .google.com is shown ...
-
Digicom Michelangelo SHDSL - page 23
Chapter 4: Configuration 23 UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play). Please see the Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options. ...
-
Digicom Michelangelo SHDSL - page 24
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 24 Quick Start For detailed instructions on configuring your W AN settings, please see the W AN section of this manual. Usually , the only details you will need for the Quick Start wizard to get you online are your login (often in the form of username@ispname ), your password an ...
-
Digicom Michelangelo SHDSL - page 25
Chapter 4: Configuration 25 Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection. Please note that the contents of this list will vary , depending on what is supported by your ISP . ...
-
Digicom Michelangelo SHDSL - page 26
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 26 Configuration When you click this item, you get following sub-items to configure your router . LAN, W AN, System, Firewall, VPN, QoS, Virtual Server , T ime Schedule and Advanced These functions are described below in the following sections. LAN (Local Area Network) Here are ...
-
Digicom Michelangelo SHDSL - page 27
Chapter 4: Configuration 27 Ethernet Primary IP Address IP Address: The default IP on this router . SubNetmask: The default subnet mask on this router . RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. IP Alias This function supports to create multiple virtual IP interfaces on this router . It helps to connect two or more lo ...
-
Digicom Michelangelo SHDSL - page 28
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 28 Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traf fic from specific authorized machines or can restrict unwanted machine(s) to access your LAN. There are no pre-define Eth ...
-
Digicom Michelangelo SHDSL - page 29
Chapter 4: Configuration 29 Y ou can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert to the Ethernet Client Filter table. The maximum Ethernet client is 16. Port Setting This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that ...
-
Digicom Michelangelo SHDSL - page 30
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 30 DHCP Server Y ou can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addre ...
-
Digicom Michelangelo SHDSL - page 31
Chapter 4: Configuration 31 W AN - Wide Area Network W AN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here are the items within the W AN section: ISP , DNS and SHDSL . ISP The factory default is PPPoE. If your ISP uses th is access protocol, click Edit to input other parameters as below ...
-
Digicom Michelangelo SHDSL - page 32
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 32 RFC 1483 Routed Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access ...
-
Digicom Michelangelo SHDSL - page 33
Chapter 4: Configuration 33 RFC 1483 Bridged Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . Encapsulation method: Select the encapsulation format, this is provided by your ISP . Acceptable Frame T ype: Specify what kind of ...
-
Digicom Michelangelo SHDSL - page 34
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 34 PPPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access the In ...
-
Digicom Michelangelo SHDSL - page 35
Chapter 4: Configuration 35 MTU: Maximum T ransmission Unit. The size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. Advanced Options (PPPoA) LLC Header: Selects encapsulation mode, true for using LLC or false for using VC-Mux. Create Route: This setting specifies whether a route is ad ...
-
Digicom Michelangelo SHDSL - page 36
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 36 IPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access the Int ...
-
Digicom Michelangelo SHDSL - page 37
Chapter 4: Configuration 37 PPPoE Connections Description: User-definable name for this connection. VPI/VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access the Internet through a single ISP account, sharing a sing ...
-
Digicom Michelangelo SHDSL - page 38
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 38 § Detail: Y ou can define the destination port and packet type (TCP/UDP) without checking by timer . It allows you to set which outgoing traf fic will not trigger and reset the idle timer . RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. MTU: Maximum ...
-
Digicom Michelangelo SHDSL - page 39
Chapter 4: Configuration 39 PPPoE with Pass-through Connections PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the router can get one W AN address to the router . With the PPPoE and PPPoE pass- through, concurrently , it allows user to have a W AN address assigned to the router ...
-
Digicom Michelangelo SHDSL - page 40
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 40 § Connect on Demand: If you want to establish a PPPoE session only when there is a packet requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet). Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no ac ...
-
Digicom Michelangelo SHDSL - page 41
Chapter 4: Configuration 41 DNS A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. On the Internet, every host has a unique and user-friendly name (domain name) such as www .helloworld .com and an IP address. An IP address is a 32-bit number in the form of xxx.xxx.xxx.xxx , for example 192.168.1.254. Y ou can thin ...
-
Digicom Michelangelo SHDSL - page 42
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 42 SHDSL 4-wired Mode 2-wired Mode 4-Wired Connection: MICHELANGELO SHDSL supports either 2-wire and 4-wires SHDSL connection. Activate the device to 4-wired by enabling the function; otherwise, disable it to be used as 2-wire mode connection. Note: When select 2-wired mode , onl ...
-
Digicom Michelangelo SHDSL - page 43
Chapter 4: Configuration 43 System Here are items within the System section: T ime Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management. T ime Zone The router does not have a real time clock on board; instead, it uses the Simple Network T ime Protocol (SNTP) to get the current time from an SNTP server outside your netw ...
-
Digicom Michelangelo SHDSL - page 44
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 44 Remote Access T o temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. Y ou may change other configuration options for the web administration interface using Device ...
-
Digicom Michelangelo SHDSL - page 45
Chapter 4: Configuration 45 DO NOT power down the router or interrupt the firmware upgrading while it is still in process. Improper operation could damage the router . Firmware Upgrade Y our router’s “firmware” is the software that allows it to operate and provides all its functionality . Think of your router as a dedicated computer , and the ...
-
Digicom Michelangelo SHDSL - page 46
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 46 Backup / Restore These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with dif ferent settings, knowing that you have a backup handy in the case of ...
-
Digicom Michelangelo SHDSL - page 47
Chapter 4: Configuration 47 Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to rese ...
-
Digicom Michelangelo SHDSL - page 48
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 48 User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. Y ou can set up multiple user accounts, each with their own password. Y ou are able to Edit existing users and Create new users ...
-
Digicom Michelangelo SHDSL - page 49
Chapter 4: Configuration 49 When using V irtual Servers your PCs will be exposed to the degree specified in your V irtual Server settings provided the ports specified are opened in your firewall packet filter settings. Firewall and Access Control Y our router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access ...
-
Digicom Michelangelo SHDSL - page 50
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 50 General Settings Y ou can choose not to enable Firewall, you will not able to add filter rules by yourself in the Packet Filter , or enable the Firewall using preset filter rules and modify the packet filter rules as required. The Packet Filter is used to filter packets based ...
-
Digicom Michelangelo SHDSL - page 51
Chapter 4: Configuration 51 Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See T able1: Predefined Port Filter for ...
-
Digicom Michelangelo SHDSL - page 52
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 52 Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See T able 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preco ...
-
Digicom Michelangelo SHDSL - page 53
Chapter 4: Configuration 53 Packet Filter – Add TCP/UDP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. The maximum name length is 32 characters. T ime Schedule: It is self-defined time period. Y ou may specify a time schedule for your prioritization policy . For setup and detail, re ...
-
Digicom Michelangelo SHDSL - page 54
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 54 Packet Filter – Add Raw IP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. T ime Schedule: It is self-defined time period. Y ou may specify a time schedule for your prioritization policy . For setup and detail, ...
-
Digicom Michelangelo SHDSL - page 55
Chapter 4: Configuration 55 Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. T o setup a web server located on the local network when the firewall is enabled, y ...
-
Digicom Michelangelo SHDSL - page 56
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 56 Configuring Packet Filter: 1. Click Port Filters . Y ou will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: Y ou may click Edit the predefined rule instead of Delete it. This is an example to show t ...
-
Digicom Michelangelo SHDSL - page 57
Chapter 4: Configuration 57 5. The new port filter rule for HTTP is shown below: 6. Configure your V irtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section f ...
-
Digicom Michelangelo SHDSL - page 58
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 58 Intrusion Detection The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as po ...
-
Digicom Michelangelo SHDSL - page 59
Chapter 4: Configuration 59 T able 2: Hacker attack types recognized by the IDS Intrusion Name Detect Parameter Blacklist T ype of Block Duration Drop Packet Show Log Ascend Kill Ascend Kill data Src IP DoS Y es Y es WinNuke TCP Port 135, 137~139, Flag: URG Src IP DoS Y es Y es Smurf ICMP type 8 Des IP is broadcast Dst IP Victim Protection Y es Y e ...
-
Digicom Michelangelo SHDSL - page 60
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 60 URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www .abcde.com or http://www .example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; yo ...
-
Digicom Michelangelo SHDSL - page 61
Chapter 4: Configuration 61 dropped. 3. If the packet does not match either of the above two items, it is sent to the remote web server . 4. Please be note that the completed URL, “www” + domain name, shall be specified. For example to block traf fic to www .google.com.au, enter “www .google” or “www .google.com” In the example below , ...
-
Digicom Michelangelo SHDSL - page 62
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 62 IM / P2P Blocking IM, short for Instant Message, is required to use client program software that allows users to communicate, in exchanging text message, with other IM users in real time over the Internet. A P2P application, known as Peer-to-peer , is group of computer users ...
-
Digicom Michelangelo SHDSL - page 63
Chapter 4: Configuration 63 Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling. ...
-
Digicom Michelangelo SHDSL - page 64
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 64 VPN - Virtual Private Networks V irtual Private Networks is ways to establish secured communication tunnels to an organization’s network via the Internet. Y our router supports three main types of VPN (V irtual Private Network), PPTP , IPSec and L2TP . PPTP (Point-to-Point ...
-
Digicom Michelangelo SHDSL - page 65
Chapter 4: Configuration 65 PPTP Connection - Remote Access Connection Name: User-defined name for the connection (e.g. “connection to of fice”). T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN server . § When configuring your ro ...
-
Digicom Michelangelo SHDSL - page 66
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 66 Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the of fice, connected to a couple of PCs and Servers. Dial-out ...
-
Digicom Michelangelo SHDSL - page 67
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 67 Configuring the PPTP VPN in the Office Y ou can either input the IP address (69.1.121.33 in this case) or hostname to reach the server . Item Function Description 1 Connection Name VPN_PPTP Given name of PPTP connection Dial out Check Dial out 2 Server IP Address (or Hostname ...
-
Digicom Michelangelo SHDSL - page 68
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 68 PPTP Connection - LAN to LAN Connection Name: User-define description of the connection. T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN server . § When config ...
-
Digicom Michelangelo SHDSL - page 69
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 69 Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head of fice to connect two private networks over the Internet. The routers are installed in the head of fice and branch office accordingly . Both of fice LAN networks M ...
-
Digicom Michelangelo SHDSL - page 70
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 70 Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch of fice. Please make sure this IP is not used in the head of fice LAN. Item Function Description 1 Connection Name HeadOf fice Given a name of PPTP connec ...
-
Digicom Michelangelo SHDSL - page 71
Chapter 4: Configuration 71 Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head of fice. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router . Item Function Description 1 Co ...
-
Digicom Michelangelo SHDSL - page 72
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 72 IPSec (IP Security Protocol) Click Create to create a new IPSec VPN connection account. After you have created the IPSec connection, account information will be displayed. (See example above). § Enable / Disable: This function activates or deactivates the IPSec connection. T ...
-
Digicom Michelangelo SHDSL - page 73
Chapter 4: Configuration 73 IPSec VPN Connection Connection Name: User-defined name for the connection (e.g. “connection to of fice”). Local Network: Set the IP address, subnet or address range of the local network. § Single Address: The IP address of the local host. § Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with ...
-
Digicom Michelangelo SHDSL - page 74
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 74 change encryption keys during the second phase of VPN negotiation. This function will provide better security , but extends the VPN negotiation time. Dif fie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured c ...
-
Digicom Michelangelo SHDSL - page 75
Chapter 4: Configuration 75 Advanced Option This function is only available after completed creating an IPSec account. Click Advanced Option to change the following settings: IKE (Internet key Exchange) Mode: Select IKE mode to Main mode or Aggressive mode. This IKE provides secured key generation and key management. IKE Proposal: Hash Function: It ...
-
Digicom Michelangelo SHDSL - page 76
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 76 Local ID: § T ype: Specify local ID type. § Content: Input ID’s information, like domain name www .ipsectest.com. Remote ID: § T ype: Specify Remote ID type. § Identifier: Input remote ID’s information, like domain name www .ipsectest.com. SA Lifetime: Specify the num ...
-
Digicom Michelangelo SHDSL - page 77
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 77 Example: Configuring a IPSec LAN-to-LAN VPN Connection T able 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Rout ...
-
Digicom Michelangelo SHDSL - page 78
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 78 Configuring IPSec VPN in the Head Office Item Function Description 1 Connection Name IPSec_HeadOf fice Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 2 Netmask 255.255.255.0 Head office network 3 Secure Gateway Address (or Hostname) 6 ...
-
Digicom Michelangelo SHDSL - page 79
Chapter 4: Configuration 79 Configuring IPSec VPN in the Branch Office Item Function Description 1 Connection Name IPSec_Branch Office Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.0.0 2 Netmask 255.255.255.0 Branch office network 3 Secure Gateway Address (or Hostname) 69.121.1.3 IP address of the head of fice ...
-
Digicom Michelangelo SHDSL - page 80
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 80 Example: Configuring a IPSec Host-to-LAN VPN Connection ...
-
Digicom Michelangelo SHDSL - page 81
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 81 Configuring IPSec VPN in the Office Item Function Description 1 Connection Name IPSec Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 2 Netmask 255.255.255.0 Head office network 3 Secure Gateway Address (or Hostname) 69.121.1.30 IP add ...
-
Digicom Michelangelo SHDSL - page 82
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 82 L2TP (Layer T wo T unneling Protocol) T wo types of L2TP VPN are supported Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to create a new VPN connection account. After you have created L2TP connection, account status will be displayed. ( ...
-
Digicom Michelangelo SHDSL - page 83
Chapter 4: Configuration 83 L2TP Connection - Remote Access L2TP VPN Connection Connection Name: User-defined name for the connection (e.g. “connection to of fice”). T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN server . § When ...
-
Digicom Michelangelo SHDSL - page 84
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 84 IPSec: Enable for enhancing your L2TP VPN security . Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 ( MD5 ), Secure Hash Algorithm ( SHA1 ) or NONE . SHA1 is m ...
-
Digicom Michelangelo SHDSL - page 85
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 85 Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head of fice, connected to a c ...
-
Digicom Michelangelo SHDSL - page 86
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 86 Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker . Please make sure this IP is not used in the Of fice LAN. Item Function Description 1 Connection Name VPN_L2TP Given a name of L2TP connection Dial in Check Dial in 2 ...
-
Digicom Michelangelo SHDSL - page 87
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 87 Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s of fice establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the of fice, connected to a couple of PCs and Servers. Dial-out ...
-
Digicom Michelangelo SHDSL - page 88
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 88 Configuring the L2TP VPN in the Office Item Function Description 1 Connection Name VPN_L2TP Given name of L2TP connection Dial out Check Dial out 2 Server IP Address (or Hostname) 69.121.1.33 An Dialed server IP Username username 3 Password 123456 A given username & passw ...
-
Digicom Michelangelo SHDSL - page 89
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 89 Example: Configuring your Router to Dial-in to the Server Currently , Microsoft Windows operation system does not support L2TP incoming service. Additional software may be required to set up your L2TP incoming service. ...
-
Digicom Michelangelo SHDSL - page 90
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 90 L2TP Connection - LAN to LAN L2TP VPN Connection Connection Name: User-define description of the connection. T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN ser ...
-
Digicom Michelangelo SHDSL - page 91
Chapter 4: Configuration 91 L2TP over IPSec (L2TP/IPSec) VPN Connection IPSec: Enable for enhancing your L2TP VPN security . Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 ( MD5 ), Secure Hash Algorithm ( SHA1 ) or NONE . SHA-1 is mo ...
-
Digicom Michelangelo SHDSL - page 92
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 92 Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head of fice to connect two private networks over the Internet. The routers are installed in the head office and branch of fice accordingly . Both office LAN networks MUST ...
-
Digicom Michelangelo SHDSL - page 93
Chapter 4: Configuration 93 Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch of fice. Please make sure this IP is not used in the head of fice LAN. Item Function Description 1 Connection Name HeadOf fice Given a name of L2TP connection Dial in Check Dial in 2 Private IP Addres ...
-
Digicom Michelangelo SHDSL - page 94
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 94 Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head of fice. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to rea ...
-
Digicom Michelangelo SHDSL - page 95
Chapter 4: Configuration 95 QoS (Quality of Service) QoS function helps you to control your network traf fic for each application from LAN (Ethernet and/or Wireless) to W AN (Internet). It facilitates you to control the dif ferent quality and speed of through put for each application when the system is running with full loading of upstream. Here ar ...
-
Digicom Michelangelo SHDSL - page 96
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 96 DSCP Marking : Dif ferentiated Services Code Point (DSCP), it is the first 6 bits in the T oS byte. DSCP Marking allows users to assign specific application traf fic to be executed in priority by the next Router based on the DSCP value. See T able 4. The DSCP Mapping T able: ...
-
Digicom Michelangelo SHDSL - page 97
Chapter 4: Configuration 97 Outbound IP Throttling (LAN to W AN) IP Throttling allows you to limit the speed of IP traf fic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Application : A user-define description to identify this new policy/application. T ime Schedule : Schedulin ...
-
Digicom Michelangelo SHDSL - page 98
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 98 Inbound IP Throttling (W AN to LAN) IP Throttling allows you to limit the speed of IP traf fic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Application : A user-define description to identify this new p ...
-
Digicom Michelangelo SHDSL - page 99
Chapter 4: Configuration 99 Example: QoS for your Network Connection Diagram Information and Settings Upstream: 928 kbps Downstream: 8 Mbps V oIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100 0 100 200 300 400 500 kbps VoIP/VPN HIGH Others NORMAL Restricted LOW Throughput VoIP/VPN HIGH Others NORMAL Restri ...
-
Digicom Michelangelo SHDSL - page 100
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 100 Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other ...
-
Digicom Michelangelo SHDSL - page 101
Chapter 4: Configuration 101 Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth. The settings below help you to limit bandwidth for the restricted application. ...
-
Digicom Michelangelo SHDSL - page 102
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 102 V irtual Server (“Port Forwarding”) In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Inte ...
-
Digicom Michelangelo SHDSL - page 103
Chapter 4: Configuration 103 Add Virtual Server Because NA T can act as a “natural” Internet firewall, your router protects your network from being accessed by outside users when using NA T , as all incoming connection attempts will point to your router unless you specifically create V irtual Server entries to forward those ports to a PC on you ...
-
Digicom Michelangelo SHDSL - page 104
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 104 If you like to remote accessing your Router through the Web/HTTP at all time, you would need to enable port number 80 (W eb/HTTP) and map to Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with IP address of 192.1 ...
-
Digicom Michelangelo SHDSL - page 105
Chapter 4: Configuration 105 Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NA T algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other V irtual Server ...
-
Digicom Michelangelo SHDSL - page 106
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 106 Edit One-to-One NA T (Network Address T ranslation) One-to-One NA T maps a specific private/local IP address to a global/public IP address. If you have multiple public/W AN IP addresses from you ISP , you are eligible for One-to-One NA T to utilize these IP addresses. NA T T ...
-
Digicom Michelangelo SHDSL - page 107
Chapter 4: Configuration 107 T ime Schedule: A self-defined time period to enable your virtual server . Y ou may specify a time schedule or Always on for the usage of this V irtual Server Entry . For setup and detail, refer to Time Schedule section Application : Users-defined description to identify this entry or click to select existing predefined ...
-
Digicom Michelangelo SHDSL - page 108
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 108 Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols. Port numbers range from 0 to 65535, but only ports numbers 0 to 1023 ...
-
Digicom Michelangelo SHDSL - page 109
Chapter 4: Configuration 109 Time Schedule The T ime Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This T ime Schedule correlates closely with route ...
-
Digicom Michelangelo SHDSL - page 110
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 10 Configuration of T ime Schedule Edit a Time Slot 1. Choose any T ime Slot (ID 1 to ID 16) to edit, click Edit. Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on ...
-
Digicom Michelangelo SHDSL - page 111
Chapter 4: Configuration 1 1 1 Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router . Users who do not understand the features should not attempt to reconfigure their router , unless advised to do so by support staf f. Here are items within the Advanced secti ...
-
Digicom Michelangelo SHDSL - page 112
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 12 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is e specially useful for hosting servers via your SHDSL connection, so that anyo ...
-
Digicom Michelangelo SHDSL - page 113
Chapter 4: Configuration 1 13 Check Email This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. Y ou may also view the status of this function using the Status – Email Checking section of the web interface, which also pr ...
-
Digicom Michelangelo SHDSL - page 114
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 14 Device Management The Device Management advanced configuration settings allow you to control your router’s security options and device monitoring features. Embedded W eb Server ( 2 Management IP accounts) HTTP Port: This is the port number the router’s embedded web serv ...
-
Digicom Michelangelo SHDSL - page 115
Chapter 4: Configuration 1 15 Universal Plug and Play (UPnP) UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP of fers many advantages for users running NA T routers through UPnP NA T T raversal, and on supported systems makes tasks such as port forwarding muc ...
-
Digicom Michelangelo SHDSL - page 116
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 16 ˛ SNMP group From RFC1650 (EtherLike-MIB): ˛ dot3Stats From RFC 1493 (Bridge MIB): ˛ dot1dBase group ˛ dot1dTp group ˛ dot1dStp group (if configured as spanning tree) From RFC 1471 (PPP/LCP MIB): ˛ pppLink group ˝ pppLqr group (not applicable) From RFC 1472 (PPP/Secu ...
-
Digicom Michelangelo SHDSL - page 117
Chapter 4: Configuration 1 17 IGMP IGMP , known as Internet Group Management Protocol , is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable. VLAN Bridge This section ...
-
Digicom Michelangelo SHDSL - page 118
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 18 Step 1: Setup Member Ports Go to Configuration ‡ LAN ‡ Bridge Interface. Y ou can setup member ports for each VLAN group under Bridge Interface section. From the example, two VLAN groups need to be created. Ethernet: P1 (Port 1) Ethernet1: P2, P3 and P4 (Port 2, 3, 4) P ...
-
Digicom Michelangelo SHDSL - page 119
Chapter 4: Configuration 1 19 From the example, PVC 0/33 to 0/39 is assigned for video using 1483 Bridged mode. Check RFC 1483 Bridged and click Next to continue the setup. Spaces next to VPI and VCI, type 0 and 33 in respectively . Select appropriate A TM Class, Encapsulation Method, Acceptable Frame T ype, Filter T ype and PVID for Untagged Frame ...
-
Digicom Michelangelo SHDSL - page 120
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 120 Step 3: Setup VLAN Service Go to Configuration ‡ Advanced ‡ VLAN Bridge DefaultVlan lists all member ports. It is necessary to group specific member ports for each VLAN. From the example, two VLAN groups are requested: Data and V ideo. T o create another VLAN group for V ...
-
Digicom Michelangelo SHDSL - page 121
Chapter 4: Configuration 121 Mapping the VLAN Bridge with Bridge Interface created in Step1, you will see the conformable relationship in these two screenshots. Step 4: IGMP Snooping Enable Go Configuration ‡ Advanced ‡ IGMP . IGMP Snooping must be enabled in order to allow video stream forwarding correctly . Save Configuration to Flash After c ...
-
Digicom Michelangelo SHDSL - page 122
MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 5: T roubleshooting Chapter 5: T roubleshooting If the router is not functioning properly , first check this chapter for simple troubleshooting before contacting your service provider or Digicom support. Problems starting up the router Problem Corrective Action None of the LEDs are on when you t ...
Do you have a question concerning Digicom Michelangelo SHDSL?
Use the form below
If you did not solve your problem by using a manual Digicom Michelangelo SHDSL, ask a question using the form below. If a user had a similar problem with Digicom Michelangelo SHDSL it is likely that he will want to share the way to solve it.