HP OfficeConnect Router Series Bedienungsanleitung

dua08609-5aaa01.book Page 1 Thursday, September 11, 2003 12:15 PM

10When you use the Secure Router in your network (Figure 2), it becomes your connection to the Internet. Connections can be made directly to the Route

100DHCPDynamic Host Configuration Protocol. This protocol automatically assigns an IP address for every computer on your network. Windows 95, Windows

101IEEEInstitute of Electrical and Electronics Engineers. This American organization was founded in 1963 and sets standards for computers and communic

102NATNetwork Address Translation. NAT enables all the computers on your network to share one IP address. The NAT capability of the Router allows you

103SPIStateful Packet Inspection. This feature requires the Router to remember what outgoing requests have been sent and only allow responses to those

104dua08609-5aaa01.book Page 104 Thursday, September 11, 2003 12:15 PM

105INDEXNumbers100BASE-TX 9910BASE-T 993DESdefined 99upgrading to 69Aaccess rights 50adding special applications 53addressTCP/IP 81admin password 23ch

106diagramfront panel 12rear panel 13sample network 9digital subscriber line 100disabling IPSec 61disabling PPPoE client software 20disabling the fire

107Internet SettingsPPTP 40Internet settingsblocking access 50configuring 36DHCP 38PPPoE 39static address 37wizard 26inventory 11IP address 81allocati

108one-to-many NATconfiguring 45one-to-one NATconfiguring 45Ppackage contents 11passwordchanging 35system 23wizard 24PC privilegessetting 50PINGallowi

109settingsadvanced 55setup wizard 23shared key 62, 63, 65, 66sharing broadband 9special applications 52adding 53custom 53stacking clipusing 15static

11Package ContentsThe OfficeConnect Secure Router kit includes the following items: One OfficeConnect Secure Router One power adapter for use with t

110wizardauto-configuration 26defined 103DHCP 30Internet settings 26LAN settings 30launching manually 24setup 23summary 31world time (UTC) 25dua08609-

111REGULATORY NOTICESFCC StatementThis equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15

DUA08609-5AAA01Published September 2003dua08609-5aaa01.book Page 112 Thursday, September 11, 2003 12:15 PM

12Front PanelThe front panel of the Secure Router contains a series of indicator lights (LEDs) that help describe the state of various networking and

134 Cable/DSL Status LEDGreen (100 Mbps link) / Yellow (10 Mbps link)Indicates a number of different conditions, as described below.On The link betwe

14dua08609-5aaa01.book Page 14 Thursday, September 11, 2003 12:15 PM

15INSTALLING THE ROUTERIntroductionThis chapter will guide you through a basic installation of the OfficeConnect Secure Router, including: Connecting

164 Push the clip down gently to secure it, ensuring the fastening pieces snap into the slots on the unit.To fit another unit:1 Rest the second unit o

17this option. Note that when you install the Router, you will not need to use the dialup VPN on your PC anymore. To configure the Router you will nee

183 Connect the power adaptor to the Router and wait for the Alert LED to stop flashing. Check that the Cable/DSL Status LED is illuminated.4 Switch o

19SETTING UP YOUR COMPUTERSThe OfficeConnect Secure Router has the ability to dynamically allocate network addresses to the computers on your network,

3Com Corporation350 Campus DriveMarlborough, MA 01752-3064Copyright © 2003, 3Com Corporation. All rights reserved. No part of this documentation may b

20Figure 8 Internet Protocol Properties7 Restart your computer.Windows 95, 981 From the Windows Start Menu, select Settings > Control Panel.2 Dou

21Figure 9 Internet PropertiesYou may wish to remove the PPPoE client software from your computer to free resources, as it is not required for use w

22dua08609-5aaa01.book Page 22 Thursday, September 11, 2003 12:15 PM

23RUNNING THE SETUP WIZARDIf the Router needs to be configured, for example if it has not yet been used or has been reset, it will run the Setup Wizar

24Figure 12 Welcome ScreenIf the Wizard does not launch automatically (this may occur if the Router has been powered up or configured previously) yo

25Figure 14 Change Administration Password ScreenChoose a password that you can remember but that others are unlikely to guess. Remember that the pa

26Auto-Configuration SettingsIf the Router is able to detect a PPPoE or DHCP server on its Ethernet Cable/DSL port then it will offer you the option o

27Static IP ModeTo setup the Router for use with a static IP address connection, use the following procedure:Figure 18 Static IP Mode Screen1 Enter

28Figure 20 Clone MAC Address Screen4 If your ISP requires an assigned MAC address, select the appropriate radio button: Yes, please clone the MAC

294 If your ISP requires the addresses of a Primary and Secondary DNS Server then enter them in the fields labelled Primary DNS Address and Secondary

3CONTENTSContents 3About This Guide 7Naming Convention 7Conventions 7Introducing the OfficeConnect Secure Router 9OfficeConnect Secure Router 9Secure

30time without activity before the Router terminates the Internet connection. By default the value will be forever.7 Check all your settings, and then

31Figure 24 DHCP Server Setup Screen3Com recommends that you activate the DHCP server and leave it at the default values unless you already have a D

32If want to make changes, click the Back button until you reach the screen which contains the settings you want to change and follow the instructions

33ROUTER CONFIGURATIONThis chapter describes all the options available through the Router configuration pages, and is provided as a reference. Navigat

34Getting HelpOn every screen, a Help button is available that provides access to the context-sensitive online help system. Click this button for furt

35Changing the Administration Password You should change the password to prevent unauthorized access to the Administration System.Figure 28 Password

36Connection to ISPThis option, shown in Figure 30, allows you to change the method your Router uses to connect to your ISP. You should only need to c

37 Static IP Address (DSL or Cable)The ISP provides the IP addressing information for you to enter manually. To configure the Router you will need to

38The following settings are required to set up Static IP address connection. Enter the values provided by your ISP: IP Address — The address allocat

39 Subnet Mask — The subnet for the address is automatically configured but is not displayed. ISP Gateway Address — The Gateway address from your IS

4Network Settings 35Connection to ISP 36LAN Settings 41DHCP Clients List 42Advanced Networking 44Setting up NAT 44Static Routing 46Dynamic Routing 47D

40 PPPoE Password — The password you use to access your ISP. PPPoE Service Name — Your ISP may require you to specify a service name for your connec

41 PPTP User Name - The user name you use to access your ISP. PPTP Password - The password you use to access your ISP. Primary DNS Address — If you

42If you are using static addresses for your PCs you must alter the network configuration on each PC so that they have an IP address within the same s

43Figure 36 DHCP Clients ScreenThe Router grants leases for 7 days. If a computer does not connect for a week, its IP Address may be reused.The Rout

44Advanced NetworkingSetting up NATThe Router is able to perform Network Address Translation (NAT) in one of two modes as shown in Figure 38: One-to-

45Setting up One-to-Many NATFigure 39 Network Address Translation ScreenThis is very easy to set up and is the Router’s default mode. It works with

46To set up One-to-One NAT:1 Select One-to-One NAT from the NAT Mode drop-down box.2 Enter the second address of your Internet range of addresses in t

47Dynamic RoutingThe Router provides support for RIPv1, RIPv2 or both for each interface, for sending and receiving data, LAN routes are sent on the L

48Dynamic DNSThe Router provides a list of dynamic DNS providers for you to choose from. Dynamic DNS is disabled by default.Figure 43 Dynamic DNS Sc

49Creating a Virtual DMZA virtual DMZ (De-Militarized Zone) Host is a computer on your network with reduced protection provided by the firewall. This

5How does a Device Obtain an IP Address and Subnet Mask? 82DHCP Addressing 82Static Addressing 82Auto-IP Addressing 83Private IP Addresses 83Technical

50Figure 46 Custom Setup Screen4 Select either All WAN PCs can access this server, or Authorized Remote IP Address(es). If you select Authorized Rem

51Figure 48 All PCs Setup Screen4 Either: Enter the additional services that you wish to allow in the except (specify ports) box and set the drop d

52Example: Allowing only web and E-mail access.To allow web and E-mail access and block all other services across the Router’s firewall: Ensure that

53So that these special applications can work properly and are not blocked, the firewall needs to be told about them. In each instance there will be a

54Application Setup Screen gains the extra fields needed to describe a custom special application. These are shown in Figure 52 below.Figure 52 Cust

55AdvancedSelect Advanced to display the Advanced Settings screen. See Figure 53 below.Figure 53 Advanced Settings ScreenThe Internet connects milli

56Content FilteringSelect Content Filtering to display the Content Filtering Settings screen. See Figure 54 below. When the Content Filter Mode is set

57Figure 56 Content Filtering Edit List ScreenFilter PolicySelect the Filter Policy tab to display the Filter Policy screen. See Figure 57 below.To

58Configuring VPNsVirtual private networks (VPN) provide an encrypted connection (or tunnel) between networks or between a network and a user over a p

59but does not apply to PPTP connections. If PPTP only is enabled, This Router’s ID field does not appear.If you require main mode IPSec connections t

6dua08609-5aaa01.book Page 6 Thursday, September 11, 2003 12:15 PM

60The connections made by L2TP over IPSec will appear to come from these addresses. The addresses must be in a continuous range. In the Address Pool f

61For each connection configured for the Router, a row is added to the table. Each row contains the following items: Delete button — deletes the VPN

62Depending on which Tunnel Type you have selected, choose from the following to edit or add the remaining fields: “IPSec Connections using Remote Us

63making the tunnel more secure but slowing data transfer. To enable perfect forward secrecy ensure that the Use Perfect Forward Secrecy box is checke

64 Encryption type — choose the encryption type from DES, 3DES or AES. 3DES is more secure than DES but may take longer to encrypt and decrypt. AES o

653 Switch to the VPN Connections screen and click New.4 Ensure that the Gateway to Gateway radio button is selected.The remote Secure Router used in

66Click Apply to save your changes or Close to return without saving. When you have created a user account the user will need to know in order to enab

67Figure 65 IPSec RoutesFigure 66 Edit RouteAccessing the System ToolsThe System Tools menu includes four administration items: Restart, Time Zone

68Any network users who are currently accessing the Internet will have their access interrupted whilst the restart takes place, and they may need to r

69Loading and Saving the Router ConfigurationFigure 70 Configuration ScreenSelect the Configuration tab to display the Configuration screen (Figure

7ABOUT THIS GUIDEThis guide is intended for use by those responsible for installing and setting up network equipment; consequently, it assumes a basic

70Figure 71 Upgrade ScreenOnce you have downloaded the software, use the Browse button to locate the file on your computer, and then click on Apply.

71LAN subnet and a syslog server must be installed on the remote server.Logs — to view both the normal events, and security threats logged by the Rout

72Figure 75 Log Settings ScreenObtaining Support and Feedback for your RouterSelecting Support/Feedback on the main menu generates both: The suppor

73clicking on the Provide Feedback button on the Support/Feed-back screen which will connect you to 3Com's website.Figure 77 Feedback Screendua

74dua08609-5aaa01.book Page 74 Thursday, September 11, 2003 12:15 PM

75TROUBLESHOOTINGBasic Connection Checks Check that the Router is connected to your computers and to the Cable/DSL modem, and that all the equipment

76Connecting to the InternetIf you can browse to the Router configuration screens but cannot access sites on the Internet, check the following: Confi

776 Re-apply power to the Router, and when the start-up sequence has completed, browse to:http://192.168.1.1 and run the configuration wizard. You may

78This will connect you to the fail-safe mode of the Router.5 Follow the on-screen instructions. Enter the path and filename of the software image fil

79USING DISCOVERYRunning the Discovery Application3Com provides a user-friendly Discovery application for detecting the OfficeConnect Secure Router on

8Feedback about this User GuideYour suggestions are very important to us. They will help make our documentation more useful to you. Please e-mail comm

802 When the Welcome screen is displayed click on Next and wait until the application discovers the Routers connected to your LAN.Figure 79 Discover

81IP ADDRESSINGThe Internet Protocol SuiteThe Internet protocol suite consists of a well-defined set of communications protocols and several standard

82Typ e TwoIn larger networks, where there are more devices, the IP address of ‘192.168.100.8’ is, again, split into two parts but is structured diff

83Auto-IP AddressingNetwork devices use automatic IP addressing if they are configured to acquire an address using DHCP but are unable to contact a DH

84dua08609-5aaa01.book Page 84 Thursday, September 11, 2003 12:15 PM

85TECHNICAL SPECIFICATIONSThis section lists the technical specifications for the OfficeConnect Secure Router.InterfacesCable or DSL modem connection

86System RequirementsOperating SystemsThe Secure Router will support the following Operating Systems: Windows 95, 98, Me Windows NT 4.0 Windows 200

87SAFETY INFORMATIONImportant Safety InformationWARNING: Warnings contain directions that you must follow for your personal safety. Follow all directi

88VORSICHT: Die Netzsteckdose muß in der Nähe des Geräts und leicht zugänglich sein. Die Stromversorgung des Geräts kann nur durch Herausziehen des Ge

89que si l'équipement auquel il est raccordé fonctionne également dans des conditions conformes à cette norme.AVERTISSEMENT: Il n'y a pas d&

9INTRODUCING THE OFFICECONNECT SECURE ROUTERWelcome to the world of networking with 3Com®. In the modern business environment, communication and shari

90dua08609-5aaa01.book Page 90 Thursday, September 11, 2003 12:15 PM

91OBTAINING SUPPORT FOR YOUR PRODUCTRegister Your Product to Gain Service BenefitsTo take advantage of warranty and other service benefits, you must f

92Contact Us3Com offers telephone, e-mail and internet access to technical support and repair services. To access these services for your region, use

93.Europe, Middle East, and Africa Telephone Technical Support and RepairFrom anywhere in these regions, call:+44 (0)1442 435529From the following cou

94You can also obtain support in this region using the following:Spanish speakers, enter the URL: http://lat.3com.com/lat/support/form.htmlPortuguese

95END USER SOFTWARE LICENCE AGREEMENT3Com CorporationEND USER SOFTWARE LICENSE AGREEMENTYOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS B

96such termination you agree to destroy the Software and Documentation, together with all copies and merged portions in any form.LIMITED WARRANTIES AN

97ISP INFORMATIONInformation Regarding Popular ISPsInternet Connection Typ e sCharacteristics Popular ISPsDynamic IP(Clone MAC)Cable modem ISP, non-ho

98dua08609-5aaa01.book Page 98 Thursday, September 11, 2003 12:15 PM

99GLOSSARY10BASE-TThe IEEE specification for 10 Mbps Ethernet over Category 3, 4 or 5 twisted pair cable.100BASE-TXThe IEEE specification for 100 Mbps