- DL manuals
- Icom
- Network Router
- SR-VPN1
- Instruction Manual
Icom SR-VPN1 Instruction Manual
Summary of SR-VPN1
Page 1
Instruction manual sr-vpn1 vpn router introduction 1 before using the sr-vpn1 2 about the internet connection 3 ipsec wizard 4 other basic functions 5 about the setting screen 6 maintenance 7 for your information.
Page 2
Introduction thank you for purchasing this icom product. The sr-vpn1 vpn router is designed and built with icom’s ip network technology. We hope you agree with icom’s philosophy of “technology first.” many hours of research and development went into the design of your sr-vpn1. I all rights reserved....
Page 3
Introduction ii features • secure, protected ipsec tunneling connecting up to 32 locations. • proven to work with idas multi-site systems. • supports ftth, xdsl line. (wan) note: an interface converter is separately required. • 10/100/1000 base-t ethernet ports. • 4 [lan] ports with a switching hub....
Page 4
Introduction iii default values • see section 5 for the default values other than above. To prevent unauthorized access: you must be careful when choosing your password, and change it occasionally. • choose one that is not easy to guess. • use numbers, characters and letters (both lower and upper ca...
Page 5
Introduction iv ▼ ▼ ▼ ▼ setting procedure set up the sr-vpn1 following the procedure below. Step.1 step.2 step.3 step.4 step.5 connect to a pc and turn on the power connection guide (separated) access the setting screen connection guide (separated)/section 1 configure the network connection section ...
Page 6
Introduction about the mac address the wan/lan mac addresses are printed on the sticker on the bottom. • mac addresses are also displayed on the setting screen. (☞p5-5) in the following cases, you need to know the mac addresses • when cloning the sr-vpn1s settings using a usb flash drive, you need t...
Page 7
1-1 before using the sr-vpn1 section 1 1. Panel description ………………………………………………………………………………………………………………………… 1-2 m front panel …………………………………………………………………………………………………………………………… 1-2 m rear panel …………………………………………………………………………………………………………………………… 1-4 2. Feature description ……………………………………………………………………………………………...
Page 8
1 before using the sr-vpn1 1-2 1. Panel description m front panel q w e r t y u i o q [update] button ………… when [msg] lights green, a firmware update is ready. To download and install the new firmware, hold down this button until [msg] blinks. • to use the firmware update function, an internet conne...
Page 9
1 before using the sr-vpn1 1-3 q w e r t y u i o y [vpn] ……………………… lights green: an ipsec connection is established. U [ppp] ……………………… lights green: ppp is established. I [backup] ………………… lights green: the backup line is communicating. O [usb] ports ……………… caution: turn off the power before insertin...
Page 10
1 before using the sr-vpn1 1-4 1. Panel description (continued) m rear panel w e q r t y q [console] port ………… connect an rs-232c serial communication interface to externally configure the sr-vpn1. (optional opc-1402 is required.) w [lan] ports ……………… connect the network devices such as a hub. [led ...
Page 11
1 before using the sr-vpn1 1-5 2. Feature description m about the routing function the sr-vpn1 has a router function that allows the devices on the lan to access the internet. • the routing function is disabled as the default. • ask your internet provider (isp) for the network line type. [connecting...
Page 12
1 before using the sr-vpn1 1-6 2. Feature description (continued) m about the vpn function a vpn (virtual private network) enables a host computer to send and receive data across shared or public net- works like the internet as if it were a private network. You can easily configure the vpn connectio...
Page 13: Section
2-1 about the internet connection section 2 step 1. About the isp (internet service provider) ……………………………………………………………………………………… 2-2 step 2. About the type of modem ………………………………………………………………………………………………………… 2-2 step 3. Selecting the internet connection method ……………………………………………………………………………………… 2-3 step...
Page 14
2 about the internet connection 2-2 step 1. About the isp (internet service provider) step 2. About the type of modem before configuring the sr-vpn1, ask your isp or dealer for the required equipment and network connection method. [connecting a bridge modem] connect a bridge modem or dce (ftth) to t...
Page 15
2 about the internet connection 2-3 step 3. Selecting the internet connection method step 4. Connecting the modem connect the modem to the [wan1] port. [bridge modem] connect the bridge modem or dce (ftth) to the [wan1] port. [router modem] connect the router modem to the [wan1] port. Select the int...
Page 16
2 about the internet connection 2-4 click [router settings], then [wan1]. • the [wan1] screen appears. 1 select [dhcp client] in the [connection type] item. 2 click . 3 click . • when you are asked to reboot the sr-vpn1, follow the instructions. 4 select the network line type. Step 5. Select the net...
Page 17
2 about the internet connection 2-5 (continued on the next page.) m when using a static ip address step 5. Select the network line type (continued) click [router settings], then [wan1]. • the [wan1] screen appears. 1 select [static ip] in the [connection type] item. Enter the values into the items i...
Page 18
2 about the internet connection 2-6 m when using a static ip address (continued) step 5. Select the network line type (continued) click . • when you are asked to reboot the sr-vpn1, follow the instructions. 5 after rebooting, verify that "connecting" appears in the [connection status] item. • click ...
Page 19
2 about the internet connection 2-7 click [router settings], then [wan1]. • the [wan1] screen appears. 1 select [pppoe] in the [connection type] item. Select or enter the value into the items in the [connection settings] field. 2 3 click . 4 m when the ip address is obtained in the pppoe method step...
Page 20
2 about the internet connection 2-8 after rebooting, select the destination and then click . Note: you cannot change the destination if one of the pppoe connections is established. 6 click to update the screen. 7 m when the ip address is obtained in the pppoe method (continued) step 5. Select the ne...
Page 21
2 about the internet connection 2-9 the wan failover function automatically switches the default gateway port to maintain internet connectivity. If a connectivity failure occurs on the [wan1] port (the main port), the wan failover function automatically routes all traffic through the [wan2] (the bac...
Page 22: Section
3-1 ipsec wizard section 3 step 1. About the network connection type ……………………………………………………………………………………………… 3-2 step 2. About the setting items …………………………………………………………………………………………………………… 3-3 step 3. Configure the ipsec tunnel ……………………………………………………………………………………………………… 3-4.
Page 23
3 ipsec wizard 3-2 step 1. About the network connection type the setting parameters differ, depending on your network environment. Static ip–static ip static wan ip addresses are assigned to both sr-vpn1. Static ip–dynamic ip static wan ip address is assigned to one sr-vpn1 (site a). Dynamic wan ip ...
Page 24
3 ipsec wizard 3-3 step 2. About the setting items the setting parameters differ, depending on the network connection method. (this is an example.) tunnel name* 1 the name of the vpn tunnel. (up to 63 characters) the address of the other sr-vpn1 (site b) except static ip–dynamic ip the wan ip addres...
Page 25
3 ipsec wizard 3-4 click the [vpn settings] menu, then [ipsec wizard]. The [ipsec wizard] screen appears. 1 click . Select [both local and remote routers have static ip addresses.], and then click . 2 3 the following procedure is an example to configure the ipsec tunnel connecting two sites (a and b...
Page 26
3 ipsec wizard 3-5 enter the values, and then click . Confirm the entry, and the click . • click if you want to change the entry. 4 5 step 3. Configure the ipsec tunnel (continued) • if you want to create another tunnel, click . • you can monitor the status of tunnels on the [ipsec] or [ipsec settin...
Page 27: Section
4-1 other basic functions section 4 1. How to restrict access …………………………………………………………………………………………………………………… 4-2 setting password ………………………………………………………………………………………………………………………… 4-2 2. How to set the sr-vpn1’s internal clock time ………………………………………………………………………………………… 4-3 setting date and time (manual sett...
Page 28
4 other basic functions 4-2 if you set a new administrator password, you can restrict access to the sr-vpn1’s setting screen. The default administrator password is “admin.” 1. How to restrict access to prevent unauthorized access you must be careful when choosing your password, and change it occasio...
Page 29
4 other basic functions 4-3 you can set the sr-vpn1’s internal clock time. 2. How to set the sr-vpn1’s internal clock time click the [management] menu, then [date and time]. • the [date and time] screen appears. 1 click the [management] menu, then [date and time]. • the [date and time] screen appear...
Page 30
4 other basic functions 4-4 you can change the ip pool start address by following the procedure below. 3. Changing the ip pool start address click the [network settings] menu, then [dhcp server]. • the [dhcp server] screen appears. 1 enter the new ip pool start address and default gateway, and then ...
Page 31: Section
5-1 about the setting screen section 5 (continued on the next page.) 1. About the setting screen ……………………………………………………………………………………………………… 5-4 2. [top] menu …………………………………………………………………………………………………………………… 5-5 m system status ……………………………………………………………………………………………………………… 5-5 m network status …………………………………………...
Page 32
5 about the setting screen 5-2 (continued from the previous page) (continued on the next page.) 5. [router settings] menu …………………………………………………………………………………………………… 5-21 m connection status dhcp client …………………………………………………………………………………… 5-21 m connection status static ip ……………………………………………………………………………………… ...
Page 33
5 about the setting screen 5-3 (continued from the previous page) 7. [management] menu ……………………………………………………………………………………………………… 5-71 m administrator …………………………………………………………………………………………………………… 5-71 m usb ……………………………………………………………………………………………………………………… 5-72 m http/https ……………………………………………………………………………………………...
Page 34
5 about the setting screen 5-4 1. About the setting screen link to the icom website click the icom logo to open the icom website if your pc is connected to the internet. Setting menu displays the screen name list on the menu line. When you click the menu title, a list of items drops down which you c...
Page 35
5 about the setting screen 5-5 2. [top] menu m system status displays the firmware version and mac addresses (wan/lan). M network status displays the network information such as ip addresses (wan/lan). • the mac addresses are also printed on the label on the bottom of the sr-vpn1. [top] (this is an ...
Page 36
5 about the setting screen 5-6 2. [top] menu (continued) m port status displays the communication rate and mode for each port (wan/lan). [top] notes • the sr-vpn1’s [lan] and [wan] ports are auto-negotiation enabled and can automatically select the optimal speed and duplex mode if the peer devices a...
Page 37
5 about the setting screen 5-7 3. [information] menu [information]–[syslog] m syslog displays the log information. The latest 500 log entries are displayed. (this is an example.) q severity …………………… select the log information to display. • enter a check mark to display the log entries. • remove the ...
Page 38
5 about the setting screen 5-8 3. [information] menu (continued) m ipsec status displays the ipsec tunnel status. Q ………………… click to refresh the status screen. W no. ………………………… the tunnel number. E name ……………………… the tunnel name. R status …………………… the tunnel status. • connected connected. • waiting ...
Page 39
5 about the setting screen 5-9 3. [information] menu (continued) m ipsec status displays the details of each ipsec tunnel. Q uptime …………………… the elapse time (in second) from the time when the connection has been made. W session …………………… the operation mode of the ipsec ike. • initiator the sr-vpn1 is...
Page 40
5 about the setting screen 5-10 3. [information] menu (continued) m ipsec route status displays the ipsec routing status. Q destination ……………… the network address of the route's destination network. W subnet mask …………… the subnet mask of the route's destination network. E route ……………………… the tunnel ...
Page 41
5 about the setting screen 5-11 3. [information] menu (continued) m memory usage display a statistical graph of the memory usage. • these setting items are reset when you leave this screen. Q plot interval ……………… select the plot interval. (default: 2 minutes) w refresh automatically … select "enable...
Page 42
5 about the setting screen 5-12 3. [information] menu (continued) m traffic statistics displays the traffic graph for each port (wan/lan). • these setting items are reset when you leave this screen. Q interfaces ………………… select the interface to display the graph. • enter a check mark to display a gra...
Page 43
5 about the setting screen 5-13 3. [information] menu m traffic statistics (continued) t …………………… click to open the traffic graph window. • the x axis represents the date and time, and the y axis represents the usage (%). (this is an example.) [information]–[statistics] k t k q k w e r in: incoming ...
Page 44
5 about the setting screen 5-14 4. [network settings] menu m host name enter the host name. Host name ………………… enter the host name. (up to 31 characters) (default: sr-vpn1) note: the name must start with an alphanumeric character, and must not start or end with a “–.” [network settings]–[ip address].
Page 45
5 about the setting screen 5-15 4. [network settings] menu (continued) m ip address enter the sr-vpn1’s ip address. Q ip address ……………… enter the lan ip address according to your network environment. (default: 192.168.0.1) note: when using the dhcp server function, the network part of the ip address...
Page 46
5 about the setting screen 5-16 4. [network settings] menu (continued) m dhcp server configure the dhcp server function. Q dhcp server …………… select “enable” to use the dhcp server function. (default: enable) w ip pool start address … enter the ip pool start address. (default: 192.168.0.10) e pool si...
Page 47
5 about the setting screen 5-17 k k k k k k k k k k q w e r t y u i o !0 4. [network settings] menu m dhcp server (continued) u default gateway ………… enter the default gateway ip address. I dns proxy ……………… select “enable” to use the dns proxy function. (default: enable) when “enable” is selected, yo...
Page 48
5 about the setting screen 5-18 4. [network settings] menu (continued) m static dhcp enter mac and static ip addresses to the dhcp server. • you can enter up to 32 entries. M static dhcp table displays the static dhcp entries. Static dhcp ………………… enter the mac and ip addresses, and then click . Note...
Page 49
5 about the setting screen 5-19 4. [network settings] menu (continued) m routing table displays the routing information. [network settings]–[static routing] k q k w k e k r k t q destination ……………… the network address of the route's destination network. W subnet mask …………… the subnet mask of the rou...
Page 50
5 about the setting screen 5-20 4. [network settings] menu (continued) m static routing enter the static routing destinations. • you can enter up to 32 entries. M list of static routing entries (this is an example.) (this is an example.) [network settings]–[static routing] k q k w k e k r q destinat...
Page 51
5 about the setting screen 5-21 5. [router settings] menu m connection status dhcp client displays the wan connection status. Q connection status ……… displays the wan connection status. Click to connect to the network. Click to refresh the screen. W connection type ……… displays the wan connection ty...
Page 52
5 about the setting screen 5-22 5. [router settings] menu (continued) m connection status static ip displays the wan connection status. Q connection status ……… displays the wan connection status. W connection type ……… displays the wan connection type. E dns server ……………… displays the dns server's ip...
Page 53
5 about the setting screen 5-23 q destination ……………… select the wan connection to display the connection status. / click to connect or disconnect the selected wan port. Click to refresh the status. W connection status ……… displays the connection status. ([disconnected], [connecting] or [connected]) ...
Page 54
5 about the setting screen 5-24 5. [router settings] menu (continued) m connection type select the wan connection type. Connection type ………… select the wan connection type as specified by your isp. (default: no connection) • "no connection" select this when the wan port is not connected to the netwo...
Page 55
5 about the setting screen 5-25 5. [router settings] menu (continued) [router settings]–[wan1/wan2] m connection settings dhcp client configure the wan connection. Q nickname ………………… enter the name of the connection. (up to 31 characters) w primary dns server …… enter the primary dns server address ...
Page 56
5 about the setting screen 5-26 5. [router settings] menu (continued) [router settings]–[wan1/wan2] m connection settings static ip configure the wan connection. Q nickname ………………… enter the isp's name. (up to 31 characters) w ip address ……………… enter the wan ip address as specified by your isp. E su...
Page 57
5 about the setting screen 5-27 5. [router settings] menu (continued) m connection settings pppoe configure the wan connection. (up to 8 destinations can be registered.) q select connection ……… select the wan connection. (default: wan01) w nickname ………………… enter the isp's name. (up to 31 characters)...
Page 58
5 about the setting screen 5-28 5. [router settings] menu m connection settings pppoe (continued) y ip address ……………… enter the wan ip address, if specified by your isp. U primary dns server …… enter the primary dns server address as specified by your isp. I secondary dns server … enter the secondar...
Page 59
5 about the setting screen 5-29 5. [router settings] menu m connection settings pppoe (continued) !0 mss limit ………………… enter the mss limit, if specified by your isp. (default: 1322) range: "536"–"1452" (bytes) !1 ac-name ………………… enter the access concentrator name, if specified by your isp. !2 servic...
Page 60
5 about the setting screen 5-30 5. [router settings] menu (continued) m list of connection settings …………………… click to delete the entry. [router settings]–[wan1/wan2].
Page 61
5 about the setting screen 5-31 5. [router settings] menu (continued) m wan failover configure the wan failover function. The wan failover function automatically switches the default gateway port to maintain internet connectivity. ( ☞p2-9) q wan1 failure detection select the detecting option, depend...
Page 62
5 about the setting screen 5-32 5. [router settings] menu (continued) m wan failover (continued) e failover after …………… enter the maximum number of retry attempts. (default: 4) range: "1"–"10" r retry interval …………… enter the retry period. (default: 30) range: "1"–"300" (seconds) t initial waiting t...
Page 63
5 about the setting screen 5-33 (this is an example.) 5. [router settings] menu (continued) m current status displays the wan failover function and wan connection status. Q ………………… click to refresh the screen. W detection status ………… displays the monitoring status. ("disabled," "enabled (suspending)...
Page 64
5 about the setting screen 5-34 5. [router settings] menu (continued) m nat configure the nat function. • this function can be used when the connection type (☞p5-24) is set to [dhcp client], [static ip] or [pppoe]. M dmz host configure the dmz host function. • the nat function can be used when the c...
Page 65
5 about the setting screen 5-35 5. [router settings] menu (continued) m port forwarding the port forwarding function forwards the packets from a masquerade ip (router global ip) address to a private ip address. M list of port forwarding entries q wan port ………………… select the mnemonic for the wan port...
Page 66
5 about the setting screen 5-36 q no. ………………………… select the filtering order. The filter function checks/inspects the packets in the selected order according to the filter setting in [list of ip filter entries]. Range: "1"–"64" w entry ……………………… select "enable" to apply the filter setting. (default: ...
Page 67
5 about the setting screen 5-37 e action …………………… select the filtering method. (default: pass) • block: blocks all packets matched to the filtering condition. • pass: passes all packets matched to the filtering condition. R direction ………………… select the filtering direction. (default: in) • in: filter...
Page 68
5 about the setting screen 5-38 y source ip address ……… enter the source ip address (and mask) to filter. The all packets from the entered ip address are filtered (blocked or passed). Leave this item blank to filter all packets. Mask range: "1"–"32" u destination ip address enter the destination ip ...
Page 69
5 about the setting screen 5-39 i protocol (continued) …… • icmp: only icmp enter the icmp type and code to the [type] and [code] items. Range: "0"–"255" • igmp: only igmp • custom: specified by the protocol number. Enter the upper layer protocol number into the [custom value] item. Range: "0"–"255"...
Page 70
5 about the setting screen 5-40 o source port ……………… select the source port, or enter the tcp/udp source port number. 5. [router settings] menu [router settings]–[ip filter] m ip filter setting (continued) k k k k k k k k k k k k k k q w e r t y u i o !0 !1 !2 !3 !4.
Page 71
5 about the setting screen 5-41 !0 destination port ………… select the destination port, or enter the tcp/udp destination port number. 5. [router settings] menu [router settings]–[ip filter] m ip filter setting (continued) k k k k k k k k k k k k k k q w e r t y u i o !0 !1 !2 !3 !4.
Page 72
5 about the setting screen 5-42 !1 tcp flags ………………… select the tcp flags. • the selected flags' first character is displayed in [list of ip filter entries] ( ☞p5-45). (example: "ack" and "rst" are selected.) 5. [router settings] menu [router settings]–[ip filter] m ip filter setting (continued) k k...
Page 73
5 about the setting screen 5-43 !2 stateful packet inspection (spi) …………………………… select "enable" to temporary pass through the response packets. (default: disable) !3 quick …………………………… select whether to stop or continue matching when a packet matches a filtering condition. (default: enable) • enable:...
Page 74
5 about the setting screen 5-44 !4 syslog ………………… select "enable" to output the syslog. (default: disable) • the log information is displayed on the [syslog] screen in the [information] menu. ( ☞p5-7) note: this function may affect the system performance. We recommend not using this except for the t...
Page 75
5 about the setting screen 5-45 m list of ip filter entries 5. [router settings] menu (continued) [router settings]–[ip filter] (this is an example.) q …………………… click to edit the entry. • the entry contents are loaded to the ip filter setting field (☞p5-36). W ………………… click to remove the entry. [abo...
Page 76
5 about the setting screen 5-46 m dynamic dns configure the dynamic dns client. Q no. ………………………… select the entry number. (default: 1) w automatic update ……… select "enable" to automatically notify the dynamic dns server of the change of the sr-vpn1's global ip address. (default: disable) e update i...
Page 77
5 about the setting screen 5-47 k k k k k k k k k k q w e r t y u i o !0 m dynamic dns (continued) y host name ……………… enter the sr-vpn1's host name. (up to 31characters) u domain name …………… enter the sr-vpn1's domain name. (up to 31characters) i username ………………… enter the user id to access the dynam...
Page 78
5 about the setting screen 5-48 m dynamic dns updates displays the update status of the dynamic dns servers. Q time ……………………… displays the time when the sr-vpn1 notified the dynamic dns server of the sr-vpn1's global ip address. W status …………………… displays the update status. Note: if an error message...
Page 79
5 about the setting screen 5-49 6. [vpn settings] menu m ipsec wizard the ipsec wizard allows you to easily configure the vpn connection. See section 3 for details. [vpn settings]–[ipsec wizard] note • connect the wan line to the [wan] port, and then configure the router function to use the vpn func...
Page 80
5 about the setting screen 5-50 6. [vpn settings] menu (continued) m ipsec common settings configure the ipsec common settings. Q ipsec ……………………… select "enable" to use the ipsec function. (default: enable) w nat-traversal …………… select "enable" to use the nat-traversal (nat passthrough) function. (d...
Page 81
5 about the setting screen 5-51 6. [vpn settings] menu (continued) m tunnel creates the ipsec tunnel. Q no ………………………… the tunnel number. (1–32) w tunnel …………………… select "enable" to use the tunnel entry. (default: enable) e nickname ………………… enter the tunnel name. R psk (pre-shared key) … enter the ke...
Page 82
5 about the setting screen 5-52 6. [vpn settings] menu m tunnel (continued) i permanent connection … select the ipsec tunnel connection type. (default: enable) • "enable" connects to the ipsec tunnel when the wan ip address is obtained. • "disable" connects to the ipsec tunnel only when clicking in ...
Page 83
5 about the setting screen 5-53 6. [vpn settings] menu (continued) m routes enter the subnet to connect to the ipsec tunnel. Q destination ……………… enter the network address of the other sr-vpn1 (site b in the illustration below). W subnet mask …………… enter the subnet mask to connect to the ipsec tunne...
Page 84
5 about the setting screen 5-54 6. [vpn settings] menu (continued) m list of ipsec settings q ………………… click to update the screen. W no. ………………………… the tunnel entry number. E nickname ………………… the tunnel name. R status …………………… the tunnel status. • connected connected. • waiting connection ready. • co...
Page 85
5 about the setting screen 5-55 6. [vpn settings] menu m list of ipsec settings (continued) u status button …………… / click to disconnect. / click to connect. I …………………… click to edit the entry. • the edited contents are loaded into the [tunnel] and [routes] fields. O ………………… click to delete the entry...
Page 86
5 about the setting screen 5-56 6. [vpn settings] menu (continued) m ipsec (detail) configure the ipsec tunnel details. Q no ………………………… select the tunnel entry number. • the selected tunnel's settings are reloaded. [vpn settings]–[ipsec (detail)] (continued on the next page.) k q k o k o k w k !0 k ...
Page 87
5 about the setting screen 5-57 6. [vpn settings] menu m ipsec (detail) (continued) w ike version ……………… select the ike (internet key exchange) version to use. (default: 1 (initiator) and 1, 2 (responder)) • the sr-vpn1 supports ike versions 1 and 2. • 1: the initiator and responder use version 1. •...
Page 88
5 about the setting screen 5-58 6. [vpn settings] menu m ipsec (detail) (continued) e ike mode ………………… select the ike key exchange mode. (default: automatic) • automatic the exchange mode is automatically selected. • main mode a more secure exchange mode than the aggressive mode. • aggressive mode t...
Page 89
5 about the setting screen 5-59 6. [vpn settings] menu m ipsec (detail) (continued) r ike keepalive interval … enter the ike keepalive (dpd) interval. Range: "0"–"600" (default: 10) • select "0" to disable the ike keepalive. T ike session ……………… select the ike key exchange method. (default: initiato...
Page 90
5 about the setting screen 5-60 6. [vpn settings] menu m ipsec (detail) (continued) y initial-contact ……… select "enable" to send the initial-contact notification message. (default: enable) note: only for ike version 1. U pfs ……………………… select "enable" to use the pfs (perfect forward security) functi...
Page 91
5 about the setting screen 5-61 6. [vpn settings menu m ipsec (detail) (continued) i isakmp sa reauth …… select "enable" to negotiate a new sa on the isakmp sa re-authentication. (default: enable) note: only for ike version 2. • enable create a new isakmp sa for ike phase 1. • disable update the isa...
Page 92
5 about the setting screen 5-62 6. [vpn settings] menu m ipsec (detail) (continued) !0 encryption algorithm … select the encryption algorithm. (default: 3des) note: set the same algorithm to both sr-vpn1s. • 3des use 3des (triple des, 168 bit). • aes-cbc (128 bit) use aes-cbc (advanced encryption st...
Page 93
5 about the setting screen 5-63 6. [vpn settings] menu m ipsec (detail) (continued) !2 lifetime …………………… enter the sa lifetime. Note: specify the lifetime or lifesize. (default: 28800 (seconds)) phase 1: • seconds range: "300"–"691200" (seconds) • kbytes range: "100"–"100000" (kb) note: if you set t...
Page 94
5 about the setting screen 5-64 6. [vpn settings] menu (continued) m about the ike version the setting items differ, depending on the ike version. Ike version 1 ike version 2 ike mode yes no ike keepalive interval yes yes ike session yes yes initial-contact yes no pfs yes no isakmp sa reauth no yes ...
Page 95
5 about the setting screen 5-65 6. [vpn settings] menu (continued) m list of ipsec settings q ………………… click to refresh the screen. W no. ………………………… the tunnel entry number. E nickname ………………… the tunnel name. R status …………………… the tunnel status. • connected connected. • waiting connection ready. • c...
Page 96
5 about the setting screen 5-66 6. [vpn settings] menu (continued) m multicast configure the ipsec tunnel to pass through the multicast packets. Q multicast routing ……… select "enable" to use the multicast routing function. (default: disable) w mode ……………………… select the multicast routing function mo...
Page 97
5 about the setting screen 5-67 6. [vpn settings] menu m multicast (continued) t igmp query interval …… enter the igmp query interval. (default: 60) range: "30"–"28800" (seconds) [vpn settings]–[multicast] k q k w k e k r k t.
Page 98
5 about the setting screen 5-68 m setting example this is an example to configure the ipsec tunnel connecting two sites (a and b) in the multicast mode. Note • the client (a) and the server (b) are assumed to be connected through the ipsec vpn. • enter the site b's (server's) lan ip address into the...
Page 99
5 about the setting screen 5-69 m status client displays the multicast device's status. 6. [vpn settings] menu [vpn settings]–[multicast] k q k e k w k r q server ip address ……… the server's ip address set in the [multicast] field. W connection status ……… server connections status. • connected the k...
Page 100
5 about the setting screen 5-70 m status server displays the multicast device's status. 6. [vpn settings] menu [vpn settings]–[multicast] k q k w k e q ip address ……………… displays the list of client ip addresses to transfer multicast packets to. Note: the sr-vpn1's lan ip address is displayed on the ...
Page 101
5 about the setting screen 5-71 7. [management] menu m administrator set the administrator password. [management]–[administrator] to prevent unauthorized access you must be careful when choosing your password. A good policy is to occasionally change it. • choose one that is not easy to guess. • use ...
Page 102
5 about the setting screen 5-72 7. [management] menu (continued) m usb select the usb flash drive option. [management]–[management tools] q usb flash drive ………… select "enable" to use a usb flash drive. (default: enable) note: if you use the automatic firmware update function or automatic setting lo...
Page 103
5 about the setting screen 5-73 7. [management] menu (continued) m http/https select the protocol to access the sr-vpn1's setting screen. Note: if you select "disable" in both [http] (q) and [https] (w), you cannot access the sr-vpn1's setting screen again. In this case, you have to initialize the s...
Page 104
5 about the setting screen 5-74 7. [management] menu (continued) m telnet/ssh select the protocol option to access the sr-vpn1's setting screen from a telnet or ssh client. [management]–[management tools] q telnet ……………………… select “disable” to block the telnet protocol. (default: enable) see the 7-3...
Page 105
5 about the setting screen 5-75 7. [management] menu (continued) m ssh public key management submit the ssh public key. M ssh public key registration status [management]–[management tools] public key file …………… select a public key file to submit. 1. Click and then select the file location to save th...
Page 106
5 about the setting screen 5-76 7. [management] menu (continued) m date and time you can set the sr-vpn1’s internal clock time. (see section 4 for details.) [management]–[date and time] q current time …………… displays the current time. W manually set time ……… displays the time when you have opened thi...
Page 107
5 about the setting screen 5-77 7. [management] menu (continued) m time zone select the appropriate time zone. [management]–[date and time] q time zone ……………… select the appropriate time zone. (default: asia/tokyo) w use daylight savings time select "disable" if not necessary. (default: enable) • if...
Page 108
5 about the setting screen 5-78 7. [management] menu (continued) m ntp the automatic clock synchronize function automatically synchronizes the internal clock with the time server (ntp). • to use this function, an internet connection and default gateway settings are necessary. [management]–[date and ...
Page 109
5 about the setting screen 5-79 7. [management] menu (continued) m syslog select the information to be saved to the syslog host. [management]–[syslog] q debug …………………… select “enable” to display the debug information. (default: disable) w info ………………………… select “enable” to display the info messages....
Page 110
5 about the setting screen 5-80 7. [management] menu (continued) m snmp configure the snmp function. [management]–[snmp] q snmp ………………………… select “enable” to use the snmp function. (default: enable) w get community …………… enter the snmp get community string. (up to 31 characters) (default: public) e ...
Page 111
5 about the setting screen 5-81 7. [management] menu m snmp (continued) the following is the snmp information. Note: this information may be changed without notice. [management]–[snmp] -- ********************************************************************** -- * icom private mib -- ****************...
Page 112
5 about the setting screen 5-82 7. [management] menu m snmp (continued) [management]–[snmp] max-access read-only status current description “ipsec tunnel interface number.” ::= { ipsec 1 } vtunneloper object-type syntax integer { up(1), -- ready to pass packets down(2), testing(3) -- in some test mo...
Page 113
5 about the setting screen 5-83 7. [management] menu (continued) m ping test run the ping test. [management]–[network test] q host ……………………… enter the ip address to send the ping packets to. W number of times ………… select the number of times to send. (default: 4) e packet size ………………… select the size...
Page 114
5 about the setting screen 5-84 7. [management] menu (continued) m traceroute test run the traceroute test. [management]–[network test] q node ……………………… enter the node's (device's) ip address. W max hop count …………… select the maximum hop number. (default: 16) e timeout …………………… select the response t...
Page 115
5 about the setting screen 5-85 7. [management] menu (continued) m reboot click to reboot the sr-vpn1. • when clicking , the "do you want to reboot the system?" message appears. Click to continue. [management]–[reboot].
Page 116
5 about the setting screen 5-86 7. [management] menu (continued) m backup settings save the sr-vpn1's settings to a pc as a backup. M restore settings load the setting file (extension: "sav") to the sr-vpn1. Note: loading takes a few minutes. [management]–[backup/restore settings] save to file ……………...
Page 117
5 about the setting screen 5-87 7. [management] menu (continued) m list of settings displays the changed settings. Note: the list is clear when the sr-vpn1 is initialized. [management]–[backup/restore settings] (this is an example.).
Page 118
5 about the setting screen 5-88 7. [management] menu (continued) m factory defaults click to return all settings to the factory default. [management]–[factory defaults] note: if you cannot access the sr-vpn1’s setting screen, initialize the sr-vpn1 using the button. See the sup- plied “precautions“ ...
Page 119
5 about the setting screen 5-89 7. [management] menu (continued) m firmware status displays the firmware version. [management]–[firmware update] notes • never turn off the power until the updating has been completed. Otherwise, the sr-vpn1 may be damaged. • ask your dealer for updated function or sp...
Page 120
5 about the setting screen 5-90 7. [management] menu (continued) m online update downloads the firmware through the internet, and automatically updates it. Note: to use this function, an internet connection, dns and default gateway settings are necessary. [management]–[firmware update] check for upd...
Page 121
5 about the setting screen 5-91 7. [management] menu (continued) m automatic update the firmware can be automatically downloaded and updated. M manual update the firmware can be updated using the saved firmware. [management]–[firmware update] automatic update ………… select "enable" to use the automati...
Page 122: Section
6-1 maintenance section 6 1. How to save the sr-vpn1’s setting to a pc ………………………………………………………………………………………… 6-2 saving the setting ……………………………………………………………………………………………………………………… 6-2 2. How to load the saved file to a sr-vpn1 ……………………………………………………………………………………………… 6-3 reloading the settings file into the ...
Page 123
6 maintenance 6-2 you can save the sr-vpn1’s settings to a pc or usb flash drive. The saved settings can be used to recover the configuration. • the settings can be directly loaded into the sr-vpn1 from the usb flash drive. 1. How to save the sr-vpn1’s setting to a pc click [management], then [backu...
Page 124
6 maintenance 6-3 note: do not write the saved file to any other devices. You can load the sr-vpn1's settings from a pc. • the settings can be directly loaded into the sr-vpn1 from the usb flash drive. (☞p6-12) 2. How to load the saved file to a sr-vpn1 click [management], then [backup/restore setti...
Page 125
6 maintenance 6-4 there two ways to initialize the sr-vpn1. • set the sr-vpn1’s ip address again after the sr-vpn1 is initialized. A: using the button. If you cannot access the sr-vpn1 setting screen, initialize the sr-vpn1 using the button. B: initialize on the sr-vpn1’s setting screen. If you can ...
Page 126
6 maintenance 6-5 b: using the sr-vpn1’s setting screen 3. How to restore the settings(continued) click [management], then [factory defaults]. • the [factory defaults] screen appears. 1 click . • the warning window appears. 2 click . • the sr-vpn1 automatically reboots. 3 click click about the initi...
Page 127
6 maintenance 6-6 there are two ways to update the firmware. A: updating on the setting screen. Update the firmware on the setting screen. B: use the firmware update function. (☞p6-8) the firmware can be automatically downloaded and updated. • you can update the firmware using a usb flash drive. (☞p...
Page 128
6 maintenance 6-7 note: • never turn off the power until the updating has been completed. Otherwise, the sr-vpn1 may be dam- aged. • the sr-vpn1’s ip address is set to “192.168.0.1,” when initialized by the firmware update. Set the pc’s ip address to “192.168.0.Xxx.” (you can set xxx to any number f...
Page 129
6 maintenance 6-8 b: use the firmware update function when [msg] lights green, a firmware update is ready. See the “precautions” leaflet for details. • to use this function, an internet connection, dns and default gateway settings are necessary. • we recommend to save the setting file as the backup....
Page 130
6 maintenance 6-9 (continued on the next page.) you can clone the sr-vpn1’s settings and firmware using a usb flash drive. • see pages 6-12 to 6-16 for details. About the usb flash drive: • before using the usb flash drive, save the content to a pc as the backup. • the usb flash drive is not supplie...
Page 131
6 maintenance 6-10 (continued on the next page.) [about the settings file name] the settings file must be saved as “savedata.Sav” in the usb flash drive. The firmware file, which is downloaded from icom website, must be saved as “firmware.Dat” in the usb flash drive. • only the settings file saved o...
Page 132
6 maintenance 6-11 [how to clone the settings and the firmware using a usb flash drive.] a usb flash drive can contain settings and firmware files for different sr-vpn1s. You need to create folders, whose names are each sr-vpn1’s lan mac address (☞pv, p5-5), and save the firm- ware and settings file...
Page 133
6 maintenance 6-12 (continued on the next page.) you can clone the settings to other sr-vpn1s. It is convenient when you sequentially configure plural sr-vpn1s. Note: before using a usb flash drive, see page 6-9. Saving the settings file to a usb flash drive 6. How to restore the configuration using...
Page 134
6 maintenance 6-13 (continued on the next page.) w turn on the power q insert the usb flash drive lights in orange while accessing the device. Loading the settings from the usb flash drive remove the usb flash drive from the pc appropriately. 1 prepare the sr-vpn1 to load the settings. 2 turn off th...
Page 135
6 maintenance 6-14 note: if "disable" is selected in the [usb flash drive] item on the [usb] screen, this function cannot be used. (☞p5-72) loading the settings from the usb flash drive (continued) 6. How to restore the configuration using a usb flash drive (continued) when the all data has been loa...
Page 136
6 maintenance 6-15 (continued on the next page.) the firmware update can be done by using a usb flash drive. Note: before using a usb flash drive, see page 6-9. Updating the firmware 7. How to update the firmware using a usb flash drive download a new firmware (extension: “dat”) from icom website. 1...
Page 137
6 maintenance 6-16 updating the firmware (continued) 7. How to update the firmware using a usb flash drive (continued) note: after the firmware updating is finished, check the firmware version on the setting screen to verify that the update was cor- rectly done. All leds light while the firmware upd...
Page 138: For Your Information
7-1 for your information section 7 1. Trouble shooting ………………………………………………………………………………………………………………………… 7-2 2. How to connect to the sr-vpn1 using telnet ………………………………………………………………………………………… 7-4 m how to connect ……………………………………………………………………………………………………………………… 7-4 m how to use the [console] port …………………………...
Page 139
7 for your information 7-2 if the sr-vpn1 seems to be malfunctioning, please check the following before sending it to a service center. 1. Trouble shooting the [pwr] led does not light. • the ac adapter is not connected to the sr-vpn1. - verify that the ac adapter is securely connected. • the ac ada...
Page 140
7 for your information 7-3 cannot connect to the internet (continued) • failed to obtain a wan ip address from the isp. - the obtained wan ip address is displayed on the [top] screen. • the wan line has been manually disconnected. - to recover the connection, click in the [connection status] item on...
Page 141
7 for your information 7-4 for windows ® 7: before performing the following procedure, turn on [telnet client] on the [turn windows features on or off] window. ([control panel]>[programs and features]>[turn windows features on or off]) m how to connect q start up windows. W click the [start] button,...
Page 142
7 for your information 7-5 m general power supply: dc12 v ±10% [plug polarity: ] (supplied ac adapter ac100 v ±10%) less than 15 watts usable condition: temperature; 0–40°c, humidity; 5–95% (at no condensation) dimension: approximately 232 (w) × 38 (h) × 168 (d) mm; 9.1 (w) × 1.5 (h) × 6.6 (d) in (p...
Page 143
A-7072-1ex © 2013 icom inc. 1-1-32 kamiminami, hirano-ku, osaka 547-0003, japan.