Asus iPBX30 User Manual
  1. Manuals
  2. Brands
  3. Asus Manuals
  4. Gateway
  5. iPBX30
  6. User manual

Asus iPBX30 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
iPBX30
User Manual
E2883 / December 2006

Advertisement

Table of Contents
loading

Related Manuals for Asus iPBX30

Summary of Contents for Asus iPBX30

  • Page 1 User Manual E2883 / December 2006...

  • Page 2: Table Of Contents

    1.3 Using this Document ..........2 1.3.1 Notational conventions ..........2 1.3.2 Typographical conventions ......... 2 1.3.3 Special messages ............2 2 Getting to Know your iPBX30 .......3 2.1 Parts List ..............3 2.2 Hardware Features ............3 2.3 Software Features .............4 2.3.1 NAT Features ............. 4 2.3.2 Firewall Features ............
  • Page 3 3.1.2 Step 2. Connecting computers or a Network.... 13 3.1.3 Step 3. Attaching the AC adapter ......13 3.1.4 Step 4. Powering on iPBX30, the ADSL or cable modem and power up your computers..... 13 3.2 Part 2 — Configuring Your Computers ....14 3.2.1 Before you begin ............
  • Page 4 5.2.1 WAN Connection Mode ..........29 5.2.2 PPPoE ..............30 5.2.2.1 WAN PPPoE Configuration Parameters ... 31 5.2.2.2 Configuring PPPoE for WAN ......32 5.2.3 PPPoE Unnumbered ..........33 5.2.3.1 WAN PPPoE Unnumbered Configuration Parameters ............34 5.2.3.2 Configuring PPPoE Unnumbered for WAN..35 5.2.4 Dynamic IP ...............
  • Page 5 6.1.5.1 Access Fixed DHCP Configuration Page – (Advanced ->DHCP Server) ......48 6.1.5.2 Add a Fixed DHCP Lease ......... 49 6.1.5.3 Delete a Fixed DHCP Lease ......49 6.1.5.4 Viewing Fixed DHCP Lease Table ....49 6.2 DNS .................50 6.2.1 About DNS ............... 50 6.2.2 Assigning DNS Addresses........
  • Page 6 9.1.3.1 Priority Order of ACL Rule ........ 62 9.1.3.2 Tracking Connection State ........ 62 9.1.4 Default ACL Rules ............ 63 9.2 NAT Overview ............63 9.2.1 NAPT (Network Address and Port Translation) or PAT (Port Address Translation) ......... 64 9.2.2 Reverse NAPT / Virtual Server ......... 66 9.3 Firewall Settings –...
  • Page 7 9.7.4 Virtual Server Example 3 – FTP Server with Access Control..............84 9.8 Configure Special Application ........86 9.8.1 Special Application Configuration Parameters ..86 9.8.2 Special Application Example ........88 10 USB Application ..........89 10.1 Configure USB Devices .........89 10.2 View the Status of Attached USB Storage Devices ..........91 10.3 Configure FTP Service ..........91 11 System Management .........94...
  • Page 8 11.7.3 Restore System Configuration ......104 11.8 Firmware Upgrade ..........106 11.9 Restart System ............108 11.10 Logout Web UI Management ......109 12 SIP IP-PBX ............110 12.1 Configuration ............111 12.1.1 General Setting .............112 12.1.2 Gateway ..............114 12.1.3 Extensions .............115 12.2 Dialing Plan ............118 12.2.1 General..............118 12.2.2 ITSP Server ............
  • Page 9 13.1.1 Structure of an IP address ........134 13.2 Network classes ..........135 13.3 Subnet masks ............136 14 Troubleshooting ..........139 14.1 Diagnosing Problem using IP Utilities ....142 14.1.1 ping............... 142 14.1.2 nslookup ............... 143 15 Index ..............145 List of Figures Figure 2.1 Front Panel LEDs ............8 Figure 2.2 Rear Panel Connectors ..........
  • Page 10 Figure 6.1 DHCP Server Configuration Page ....... 46 Figure 6.2 DHCP Lease Table ............48 Figure 6.3 Fixed DHCP Lease Configuration Page ...... 49 Figure 7.1 RIP Configuration Page ..........53 Figure 7.2 Static Route Configuration Page ........ 55 Figure 7.3 Static Route Configuration ......... 56 Figure 7.4 Sample Routing Table ..........
  • Page 11 Figure 11.21 Restart System Page ..........109 Figure 11.22 Web UI Management Logout Page ....... 109 Figure 11.23 Confirmation for Closing Browser (IE) ....109 Figure 12.1 iPBX30 application office scenario ......110 Figure 12.2 General setting page ..........112 Figure 12.3 Gateway page ............114...
  • Page 12 Figure 12.9 ITSP Status page ............ 123 Figure 12.10 Voice mail page ............. 125 Figure 12.11 Auto Provision page ..........129 Figure 12.12 Typical iPBX30 application set up ......130 Figure 12.13 Extension List page ..........131 Figure 12.14 Extension page............. 131 Figure 12.15 SIP page ..............
  • Page 13 Table 5.6 WAN Load Balancing and Line Back Up Configuration Parameters ..............42 Table 6.1 DHCP Configuration Parameters ........47 Table 6.2 Fixed DHCP Lease Configuration Parameters ..... 49 Table 7.1 Static Route Configuration Parameters ......53 Table 7.2 Static Route Configuration Parameters ......55 Table 8.1 DDNS Configuration Parameters ........

  • Page 14: Introduction

    ADSL or cable modem. At the same time, you can have a 30-user SIP-based IP PBX functionality. This User Manual guides you in setting up the iPBX30, and customizing its configuration to get the most out of this product.

  • Page 15: Using This Document

    Using this Document 1.3.1 Notational conventions • Acronyms are defined the first time they appear in the text. • The iPBX30 is sometimes referred to as the “router” or the ”gateway”. • The terms LAN and network are used interchangeably to refer to a group of Ethernet-connected computers at one site.

  • Page 16: Getting To Know Your Ipbx30

    User Manual Chapter 2 Chapter 2 Getting to Know your iPBX30 2.1 Parts List Your iPBX30 package include these items: • iPBX30 • AC adapter • Ethernet cable (“straight-through” type) 2.2 Hardware Features Your iPBX30 contains these hardware features: •...

  • Page 17: Software Features

    User Manual 2.3 Software Features 2.3.1 NAT Features iPBX30 provides Network Address Translation (NAT) to share a single high-speed Internet connection and to save the cost of multiple connections required for the hosts on the LAN segments connected to it. This feature conceals network address and prevents them from becoming public.

  • Page 18: Firewall Features

    User Manual Chapter 2 2.3.2 Firewall Features The firewall as implemented in iPBX30 provides the following features to protect your network from being attacked and to prevent your network from being used as the springboard for attacks. • Stateful Packet Inspection •...

  • Page 19: Defense Against Dos Attacks

    Firewall also provides protection from a variety of common Internet attacks such as IP Spoofing, Ping of Death, Land Attack, and Reassembly attacks. The type of attack protections provided by the iPBX30 is listed in the table below. Table 2.1. DoS Attacks...

  • Page 20: Application Level Gateway (Alg)

    In the absence of such rules, the packets will be dropped by the iPBX30 Firewall. As it is not feasible to create policies for numerous applications dynamically (at the same...

  • Page 21: Finding Your Way Around

    The front panel contains LED indicators that show the status of the unit. 1 2 3 Figure 2.1 Front Panel Label and LEDs Table 2.2 Front Panel Label and LEDs Color Status Indication iPBX30 is powered on. Power Green iPBX30 is powered off. Status Green I d e n t i f i e s t h e U S B p o r t LEDs.

  • Page 22: Rear Panel

    User Manual Chapter 2 2.4.2 Rear Panel The rear panel contains the ports for the unit’s data and power connections. Figure 2.2 Rear Panel Labels and Connectors Table 2.3 Rear Panel Labels and LEDs Connector Indication LAN Ports: connect to your PC's Ethernet...

  • Page 23: Bottom View

    Chapter 2 iPBX30 User Manual 2.4.3 Bottom View 12.Wall Mount Slots: Use these slots to mount iPBX30 on a wall. You can mount the iPBX30 in four orientations: front panel up, rear panel up, left side up or right side up.
  • Page 24 User Manual Chapter 2 2. Align the screws with the wall mount slots as shown below. The wall mount design supports four orientations: rear side up, rear side down, rear side to the left and rear side to the right.

  • Page 25: Quick Start Guide

    • Part 2 describes how to configure Internet properties on your computer(s). • Part 3 shows you how to configure basic settings on the iPBX30 to get your LAN connected to the Internet. This chapter assumes that you have already established ADSL or cable modem service with your Internet service provider (ISP).

  • Page 26: Step 2. Connecting Computers Or A Network

    Ethernet cable to a hub or a switch (probably an uplink port; refer to the hub or switch documentations for instructions) and the other to the Ethernet switch port (labeled 1 – 4) on the iPBX30. You can use either crossover or straight-through Ethernet cables to connect the built-in switch and computers, hubs or switches as the built-in switch allows connections with either type of cables.

  • Page 27: Part 2 - Configuring Your Computers

    See page 18 for instructions. • If you have connected your PC via Ethernet to the iPBX30, follow the instructions that correspond to the operating system installed on your PC.

  • Page 28: Windows® Xp Pc

    User Manual Chapter 3 3.2.2 Windows® XP PC: 1. In the Windows task bar, click the <Start> button, and then click Control Panel. 2. Double-click the Network Connections icon. 3. In the LAN or High-Speed Internet window, right-click on icon corresponding to your network interface card (NIC) and select Properties.

  • Page 29: Windows® 95, 98, And Me Pc

    Chapter 3 iPBX30 User Manual 6. Select Internet Protocol (TCP/IP) in the Network Protocols list, and then click <OK> button. You may be prompted to install files from your Windows 2000 installation CD or other media. Follow the instructions to install the files.

  • Page 30: Windows® Nt 4.0 Workstation

    10.In the TCP/IP Properties dialog box, click the “Default Gateway” tab. Enter 192.168.1.1 (the default LAN port IP address of the iPBX30) in the “New gateway” address field and click <Add> button to add the default gateway entry. 11. Click <OK> button twice to confirm and save your changes, and then close the Control Panel.

  • Page 31: Assigning Static Ip Addresses To Your Pc

    In some cases, you may want to assign IP addresses to some or all of your PCs directly (often called “statically”), rather than allowing the iPBX30 to assign them. This option may be desirable (but not required) if: • You have obtained one or more public IP addresses that...

  • Page 32: Part 3 - Quick Configuration Of The Ipbx30

    IP address in the 192.168.1.0 network for your PC, for example, 192.168.1.2, in order to establish connection between the iPBX30 and your PC as the default LAN IP on iPBX30 is pre- configured as 192.168.1.1. Enter 255.255.255.0 for the subnet mask and 192.168.1.1 for the default gateway.

  • Page 33: Figure 3.2 Login Screen

    Web browser, and type the following URL in the address/location box, and press <Enter>: http://192.168.1.1 This is the predefined IP address for the LAN port on the iPBX30. Figure 3.2 Login Screen If you encounter problems connecting to the iPBX30, check the following items: a.Check if your PC is configured to accept IP address assignment...

  • Page 34: Testing Your Setup

    After completing the basic configuration for iPBX30, read the following section to determine if you can access the Internet. 3.3.2 Testing Your Setup At this point, the iPBX30 should enable any computers on your LAN to use the iPBX30’s ADSL or cable modem connection to access the Internet.

  • Page 35: Default Router Settings

    Appendix 12 for troubleshooting suggestions. 3.3.3 Default Router Settings In addition to handling the DSL connection to your ISP, the iPBX30 can provide a variety of services to your network. The device is pre- configured with default settings for use with a typical home or small office network.

  • Page 36: Using The Web Ui Management

    4.1 Log into the Web UI Management To access the software, you need the following: • A computer connected to the LAN or WAN port on the iPBX30 as described in the chapter 3. • A web browser installed on the computer. The program is designed to work best with Microsoft Internet Explorer®...

  • Page 37: Functional Layout

    You can click on any menu item to expand/contract any menu groups or to access a specific configuration page. The configuration pane is where you interact with the software to configure the settings for iPBX30. Menu navigation tips show how the current configuration can be accessed via the menus.

  • Page 38: Menu Navigation

    User Manual chapter 4 Figure 4.2 Typical Web UI Management Page 4.2.1 Menu Navigation • To expand a group of related menus, double click the menu or the icon: • To contract a group of related menus, double click the menu or the icon: •...

  • Page 39: System Configuration Overview

    4 iPBX30 User Manual 4.3 System Configuration Overview To view the overall system configuration, log into the iPBX30 Web, or click the Status menu if you have already logged on. The figure below shows sample information available in the System Status page.

  • Page 40: Router Setup

    You must assign a unique IP address to each device residing on your LAN. The LAN IP address that identifies the iPBX30 as a node on your network must be in the same subnet as the PCs on your LAN. The default LAN IP address for the iPBX30 is 192.168.1.1.

  • Page 41: Configuring The Lan Ip Address

    2. (Optional) Enter the host name for iPBX30. Note that the host name is used for identification purpose only. 3. Enter the LAN IP address and subnet mask for the iPBX30 in the space provided. 4. Proceed to the WAN Configuration section for instructions on setting up the WAN port if you have not yet done so.

  • Page 42: Wan/Dmz Configuration

    5.2 WAN/DMZ Configuration This section describes how to configure WAN/DMZ settings for the WAN interface on the iPBX30 that communicates with your ISP. You’ll learn to configure the IP address, DHCP and DNS server for your WAN in this section. DMZ (short for demilitarized zone) is a host or a small network that sits between a trustful internal network, such as a corporate private LAN, and an untrusted external network, such as the Internet.

  • Page 43: Pppoe

    Chapter 5 iPBX30 User Manual Connection Mode drop- down list. Figure 5.2 Network Setup Configuration Page-WAN Configuration 5.2.2 PPPoE PPPoE connection is most often used by ADSL service providers. Connection Mode drop- down list. Figure 5.3. WAN – PPPoE Configuration...

  • Page 44: Wan Pppoe Configuration Parameters

    User Manual Chapter 5 5.2.2.1 WAN PPPoE Configuration Parameters The table below describes the configuration parameters available for the PPPoE connection mode. Table 5.2. WAN PPPoE Configuration Parameters Setting Description Link Select a port to configure. Available options are WAN1, WAN2 or DMZ.

  • Page 45: Configuring Pppoe For Wan

    Demand Status On: PPPoE connection is active. Off: No PPPoE connection is active. Connecting: iPBX30 is trying to connect to your ISP using PPPoE connection mode. Manual Click the Disconnect or Connect button to disconnect or connect using the PPPoE connection mode.

  • Page 46: Pppoe Unnumbered

    User Manual Chapter 5 connection mode, the range of MTU is from 546 to 1492. The default value is 1454. 10.Enter the appropriate connection settings for “Disconnect after Idle (min)” and “Connect on Demand”. 11.Click "Apply" to save the settings.

  • Page 47: Wan Pppoe Unnumbered Configuration Parameters

    Chapter 5 iPBX30 User Manual 5.2.3.1 WAN PPPoE Unnumbered Configuration Parameters The table below describes the configuration parameters available for PPPoE Unnumbered connection mode. Table 5.3. WAN PPPoE Unnumbered Configuration Parameters Setting Description Link Select a port to configure. Available options are WAN1, WAN2 or DMZ.

  • Page 48: Configuring Pppoe Unnumbered For Wan

    Demand Status On: PPPoE unnumbered connection is active. Off: No PPPoE unnumbered connection is active. Connecting: iPBX30 is trying to connect to your ISP using PPPoE unnumbered connection mode. Manual Click the Disconnect or Connect button to disconnect or connect using the PPPoE unnumbered connection mode.

  • Page 49: Dynamic Ip

    Chapter 5 iPBX30 User Manual 8. (Optional) Enter the IP addresses for the primary or secondary DNS servers, or both, if you want to use your preferred DNS servers; otherwise, skip this step. 9. (Optional) Change the MTU value if necessary. If you do not know what value to enter, leave it as is.

  • Page 50: Static Ip

    User Manual Chapter 5 ISP. 4. (Optional) Change the MTU value if necessary. If you do not know what value to enter, leave it as is. For dynamic IP connection mode, the range of MTU is from 576 to 1500. The default value is 1500.

  • Page 51: Configuring Static Ip For Wan Or Dmz

    Subnet Mask 255.255.255.0. Gateway IP address provided by your ISP. It must be in Gateway Address the same subnet as the WAN on the iPBX30. Primary/ Secondary You must at least enter the IP address of the primary DNS Server DNS server.

  • Page 52: Pptp

    User Manual Chapter 5 5.2.6 PPTP Some service providers require user to login using PPTP connection. 5.2.6.1 WAN PPTP Configuration Parameters The table below describes the configuration parameters available for PPTP connection mode. Table 5.5. WAN PPTP Configuration Parameters Setting Description Link Select a port to configure.

  • Page 53: Figure 5.7 Wan - Pptp Configuration

    Status On: PPTP connection is active. Off: No PPTP connection is active. Connecting: iPBX30 is trying to connect to your ISP using PPTP connection mode. Manual Click the Disconnect or Connect button to disconnect or connect using the PPTP connection mode.

  • Page 54: Configuring Pptp For Wan

    11.Click Apply to save the settings. WAN Load Balancing and Line Back Up iPBX30 supports load balancing and line back up on the WAN connection. This function is available only when “Dual-WAN” is selected in the Router Connection configuration page (accessible by clicking the Router Setup ->Connection menu).

  • Page 55: Wan Load Balancing And Line Back Up Configuration Parameters

    Chapter 5 iPBX30 User Manual the WAN ports. If one of the WAN links is down, iPBX30 will direct the traffic destined for the downed WAN port to the still active WAN port. The line back up function is another feature supported to ensure uninterrupted Internet access.

  • Page 56: Setting Up Wan Load Balancing

    C o n n e c t i v i t y The interval that iPBX30 will check for the WAN link Check Interval status. The allowable value is 1 to 60 seconds.

  • Page 57: Setting Up Wan Line Back Up

    Chapter 5 iPBX30 User Manual Follow the instructions below to set up WAN load balancing: 1. Click the Router Setup ->Load Balance menu to open the Load Balancing configuration page. 2. Select Auto Mode in the Load Balance field. 3. Enter the ratio of the traffic amount that you want to distribute between the two WANs.

  • Page 58: Dhcp Server Configuration

    When you enable DHCP on a network, you allow a device — such as the iPBX30 — to assign temporary IP addresses to your computers whenever they connect to your network. The assigning device is called a DHCP server, and the receiving device is a DHCP client.

  • Page 59: Configuring Dhcp Server

    Chapter 6 iPBX30 User Manual 6.1.3 Configuring DHCP Server Note: By default, the iPBX30 is configured as a DHCP server on the LAN side, with a predefined IP address pool of 192.168.1.100 through 192.168.1.149 (subnet mask 255.255.255.0). To change this range of addresses, follow the procedures described in this section.

  • Page 60: Table 6.1 Dhcp Configuration Parameters

    Address with your ISP. However, you may enter LAN IP address of the iPBX30 as it will serve as DNS proxy for the LAN computers and forward the DNS request from the LAN to DNS servers and relay the results back to the LAN computers.

  • Page 61: Viewing Current Dhcp Address Assignments

    6.1.4 Viewing Current DHCP Address Assignments When the iPBX30 functions as a DHCP server for your LAN, it keeps a record of any addresses it has leased to your computers. To view a table of all current IP address assignments, just open the DHCP Server Configuration page and click on the link “Current...

  • Page 62: Add A Fixed Dhcp Lease

    User Manual Chapter 6 Figure 6.3. Fixed DHCP Lease Configuration Page 6.1.5.2 Add a Fixed DHCP Lease To add a fixed DHCP lease, follow the instructions below: 1. Click Advanced ->DHCP Server menu to open the Fixed DHCP Lease configuration page.

  • Page 63: Dns

    In either case, you can specify the actual addresses of the ISP’s DNS servers (on the PC or in the DHCP Server configuration page), or you can specify the address of the LAN port on the iPBX30 (e.g., 192.168.1.1). When you specify the LAN port IP address, the device performs DNS relay, as described in the following section.

  • Page 64: Configuring Dns Relay

    PPPoE protocol. Using this option provides the advantage that you will not need to reconfigure the PCs or the iPBX30 if the ISP changes their DNS addresses. • Configured on the iPBX30: You can also specify the ISP’s DNS addresses in the WAN configuration page.

  • Page 65: Routing

    Internet. (Each of these processes is described in section 3.2.) • On the iPBX30 itself, a default gateway is defined to direct all outbound Internet traffic to a router at your ISP. This default gateway is assigned automatically by your ISP whenever the device negotiates an Internet connection.

  • Page 66: Dynamic Routing Using Rip (Routing Information Protocol)

    User Manual Chapter 7 Dynamic Routing using RIP (Routing Information Protocol) RIP enables routing information exchange between routers; thus, routes are updated automatically without human intervention. It is recommended that you enable RIP in the System Services Configuration Page.

  • Page 67: Configuring Rip

    Chapter 7 iPBX30 User Manual Field Description Passive Mode Enable this mode if RIP configured for this interface will only receive routing information from other routers and not send routing information to other routers. Disable this mode if you want this interface to send and receive routing information to/from other routers.

  • Page 68: Static Route

    User Manual Chapter 7 Enable or Disable radio button. 7. (Optional) If authentication is enabled, you must also select authentication mode and the desired authentication key. 8. Click Apply to save the settings. Static Route Figure 7.2. Static Route Configuration Page 7.3.1 Static Route Configuration Parameters...

  • Page 69: Adding Static Routes

    Chapter 7 iPBX30 User Manual Field Description Subnet Mask Indicates which parts of the destination address refer to the network and which parts refer to a computer on the network. Refer to Appendix 11 for an explanation of network masks.

  • Page 70: Deleting Static Routes

    This table is known as the device’s routing table. To view the iPBX30’s routing table, click the Advanced ->Static Route menu. The Routing Table displays at the upper half of the Static Route Configuration page.

  • Page 71: Configuring Ddns

    IP address changes from time to time (during reboot or when the ISP’s DHCP server resets IP leases). iPBX30 connects to a DDNS service provider whenever the WAN IP address changes. It supports setting up the web services such as Web server, FTP server using a domain name instead of the IP address.

  • Page 72: Ddns Configuration Parameters

    D o m a i n Enter the registered domain name into this field. For example, Name If the host name of your iPBX30 is “host1” and the domain name is “yourdomain.com”, The fully qualify domain name (FQDN) is “host1.yourdomain.com”.
  • Page 73 Chapter 8 iPBX30 User Manual Follow these instructions to configure the HTTP DDNS: 1. Make sure you have registered a domain name to the DDNS service provider, dyndns. If you have not done so, visit www. dyndns.org for more details.

  • Page 74: Configuring Firewall And Nat

    Firewall Overview 9.1.1 Stateful Packet Inspection The stateful packet inspection engine in the iPBX30 maintains a state table that is used to keep track of connection states of all the packets passing through the firewall. The firewall will open a “hole”...

  • Page 75: Dos (Denial Of Service) Protection

    No configuration is required for both protections on your network as long as firewall is enabled for the iPBX30. By default, the firewall is enabled at the factory. Please refer to section 9.3.1 “Firewall ” to enable or disable firewall service on the iPBX30.

  • Page 76: Default Acl Rules

    Chapter 9 request (i.e. a ping packet) to 192.168.2.1, 192.168.2.1 will send an ICMP echo reply to 192.168.1.1. In the iPBX30, you don’t need to create another inbound ACL rule because stateful packet inspection engine will remember the connection state and allows the ICMP echo reply to pass through the firewall.

  • Page 77: Napt (Network Address And Port Translation) Or Pat (Port Address Translation)

    Chapter 9 iPBX30 User Manual 9.2.1 NAPT (Network Address and Port Translation) or PAT (Port Address Translation) Also called IP Masquerading, this feature maps many internal hosts to one globally valid Internet address. The mapping contains a pool of network ports to be used for translation. Every packet...

  • Page 78: Figure 9.1 Napt - Map Any Internal Pcs To A Single Global Ip

    User Manual Chapter 9 Figure 9.1 NAPT – Map Any Internal PCs to a Single Global IP Address Figure 9.2 Reverse NAPT – Relayed Incoming Packets to the Internal Host Base on the Protocol, Port Number or IP Address...

  • Page 79: Reverse Napt / Virtual Server

    9.2.2 Reverse NAPT / Virtual Server Reverse NAPT is also called inbound mapping, port mapping, or virtual server. Any packet coming to the iPBX30 can be relayed to the internal host based on the protocol, port number and/or IP address specified in the ACL rule. This is useful when multiple services are hosted on different internal hosts.

  • Page 80: Dos Configuration

    User Manual Chapter 9 9.3.2 DoS Configuration The iPBX30 has an Attack Defense Engine that protects internal networks from Denial of Service (DoS) attacks such as SYN flooding, IP smurfing, LAND, Ping of Death and all re-assembly attacks. It can drop ICMP redirects and IP loose/strict source routing packets.
  • Page 81 SYN/ICMP/UDP flooding attacks. These attacks involve sending lots of TCP SYN/ICMP/UDP to a host in a very short period. iPBX30 will not drop the flooding packets to avoid affecting the normal traffic. T C P X M A S /...

  • Page 82: Configuring Dos Settings

    User Manual Chapter 9 9.3.2.2 Configuring DoS Settings To configure DoS settings, follow the instructions below: 1. Click on Firewall / NAT ->Settings menu to open the Firewall General configuration page. 2. Check or uncheck individual check box for each type DoS protection.

  • Page 83: Table 9.3 Acl Rule Configuration Parameters

    Move to This option allows you to set a priority for this rule. The iPBX30 Firewall acts on packets based on the priority of the rules. Set a priority by specifying a number for its position in the list of rules: 1 (First) This number marks the highest priority.
  • Page 84 Select this option to specify the source IP address for outgoing traffic. This option is called. Auto iPBX30 automatically uses the IP address of the interface as the source IP address for outgoing traffic. It is recommended that you select this option if NAT is to be used for outgoing traffic.

  • Page 85: Table 9.4 Service Configuration Parameters

    Chapter 9 iPBX30 User Manual IP Address, Select any of these options and enter details as Subnet described in the Source IP section above. Service Select a service, from the drop-down list, to which this rule should apply. If the desired service is not listed, click on the Edit button to create a new service.

  • Page 86: Configuring Acl Rules - (Firewall ->Acl)

    User Manual Chapter 9 Field Description This option allows you to select the ICMP message type for the service. The supported ICMP message types are: • Any (default) • 0: Echo reply • 1: Type 1 • 2: Type 2 •...

  • Page 87: Add An Acl Rule

    5. Select from the Route To drop-down list if you intend to direct the traffic to a specific interface. Choose AUTO if you want to have the iPBX30 to route the traffic automatically. 6. Choose NAT type and enter the required information for the...

  • Page 88: Figure 9.5 Acl Configuration Example

    User Manual Chapter 9 7. Make changes to any or all of the following fields: source/ destination IP, service, time and log. 8. Assign a priority for this rule by selecting a number from the Move to drop-down list. Note that the number indicates the priority of the rule with 1 being the highest.

  • Page 89: Modify An Acl Rule

    Traffic Direction drop-down list. 9.6 Configuring Self-Access ACL Rules –(Firewall/NAT ->Self-Access ACL) Self-Access rules control access to/from the iPBX30 itself. You may use Self-Access Rule Configuration page to: • Add a Self-Access rule • Modify an existing Self-Access rule • Delete an existing Self-Access rule...

  • Page 90: Add A Self-Access Rule

    User Manual Chapter 9 Figure 9.7. Self-Access ACL Configuration Page 9.6.1 Add a Self-Access Rule To add a Self-Access rule, follow the instructions below: 1. Click Firewall/NAT ->Self-Access ACL menu to open the Self- Access Rule Configuration page. 2. Select “Add New” from the “ID” drop-down list.

  • Page 91: Modify A Self-Access Rule

    User Manual Example The figure below shows a sample self-access ACL configuration to allow HTTP traffic from any one to iPBX30. Figure 9.8. Self-Access ACL Configuration Example 9.6.2 Modify a Self-Access Rule To modify a Self-Access rule, follow the instructions below: 1.

  • Page 92: View Configured Self-Access Rules

    Note: iPBX30 supports only one server of any particular type at a time. Figure 9.9. Virtual Server Configuration Page 9.7.1 Virtual Server Configuration Parameters...

  • Page 93: Table 9.5 Virtual Server Configuration Parameters

    Chapter 9 iPBX30 User Manual Table 9.5. Virtual Server Configuration Parameters Setting Description Add New Click on this option to add a new virtual server. Number Select the ID of a virtual server from the drop-down list to modify its settings.

  • Page 94: Table 9.6 Port Numbers For Popular Applications

    User Manual Chapter 9 Setting Description Redirect Select a service, from the drop-down list, to which this rule Service should apply. If the desired service is not listed, click on the "Edit" button to create a new service. Bypass ACL Check this option if you do not want firewall to perform access control on this virtual server.

  • Page 95: Virtual Server Example 1 - Web Server

    Chapter 9 iPBX30 User Manual Application Service Port Numbers Netmeeting or VoIP 1503-1503, 1720(ALG) NEWS TCP 119-119 PC Anywhere TCP 5631 PC Anywhere TCP 5631, UDP 5632 POP3 TCP 110-110 Powwow Chat 13233-13233 Red Alert II 1234-1237 SMTP TCP 25-25...

  • Page 96: Figure 9.11 Virtual Server Example 1 - Web Server

    User Manual Chapter 9 Figure 9.11. Virtual Server Example 1 – Web Server 3. Enter the IP address of the web server, which is 192.168.1.28, in Redirect IP field. 4. Since the web server is not using the standard TCP port, which is 80, for providing the http service, a new service type must be created for http service using TCP port 80.

  • Page 97: Virtual Server Example 2 - Ftp Server

    Chapter 9 iPBX30 User Manual 5. Select the service, HTTP_8080, from the Redirect Service drop- down list. 6. Click Add to save the virtual server settings. 9.7.3 Virtual Server Example 2 – FTP Server This FTP server provides FTP service using standard FTP port.

  • Page 98: Figure 9.14 Virtual Server Example 3 - Ftp Server

    User Manual Chapter 9 1. Create an FTP virtual server. a) Click the Firewall/NAT ->Virtual Server menu to open the Virtual Server Configuration. b) Enter the needed information. c) Make sure that Bypass ACL box is unchecked. d) Click Add to save the virtual server settings.

  • Page 99: Configure Special Application

    Chapter 9 iPBX30 User Manual will be examined prior to the lower priority rules by the firewall. i) Click on the Add button to create the new ACL rule. Figure 9.15. Firewall ACL for Virtual Server Example 3 – FTP Server 9.8...

  • Page 100: Table 9.7 Special Application Configuration Parameters

    User Manual Chapter 9 Table 9.7. Special Application Configuration Parameters Setting Description Enabled Check this box to activate the policy. Trigger Protocol Select the protocol type from the drop-down list. The available options are TCP, UDP and TCP/UDP. Outgoing (Trigger)

  • Page 101: Special Application Example

    Chapter 9 iPBX30 User Manual 9.8.2 Special Application Example Figure 9.16. Special Application Configuration Page Following describes the procedure to setup a special application for MSN Gaming Zone. 1. Click the Firewall/NAT ->Special Application menu to open the Special Application configuration page.

  • Page 102: Usb Application

    USB Application This chapter describes how to configure the USB network storage for sharing your data via FTP service. The iPBX30 supports two USB2.0 ports on board and provides two major functions for attached USB storage space - FTP server and Voicemail and CDR data storage.

  • Page 103: Figure 10.1 Network Storage - Ftp Server Setting

    Chapter 10 iPBX30 User Manual Figure 10.1. Network Storage – FTP Server Setting Table 10.1. Network Storage Configuration Setting Description Mount Options – Select appropriate language for accessing your USB stor- Character Set age device. If your USB storage device contains simplified Chinese characters, please choose simplified Chinese lan- guage.

  • Page 104: View The Status Of Attached Usb Storage Devices

    User Manual Chapter 10 10.2 View the Status of Attached USB Storage Devices To view the status of attached USB storage devices, follow the instructions below: 1. Open the Network Storage page by clicking USB Application -> Network Storage menu.

  • Page 105: Figure 10.2 Network Storage - Ftp Server Configuration

    Chapter 10 iPBX30 User Manual Figure 10.2. Network Storage – FTP Server Configuration Table 10.2. FTP Server Configuration Setting Description Status On: FTP server is activated. Off: FTP server is disabled. Enable FTP Server Check this box to activate the FTP service.

  • Page 106: Table 10.3 User Account Setting

    User Manual Chapter 10 Setting Description Allow User from Any- Select this if you don’t care about where the clients where come from. If you do not select this option, you need to configure Firewall/NAT-> Sef-Access ACL to control who can access the FTP service.

  • Page 107: System Management

    11.1 Configure System Services You can use the System Services configuration page to enable or disable services supported by the iPBX30. All services, except DDNS, SNTP, UPnP and RIP, are all enabled in the predefined configuration. To disable or enable individual service, follow the steps below: 1.

  • Page 108: Login Password And System Settings

    User Manual Chapter 11 11.2 Login Password and System Settings 11.2.1 Changing Password The first time you log into the configuration software, the default username and password (admin and admin) are used. For security reasons, it is advised that you change this password to avoid router configuration from unauthorized changes.

  • Page 109: Configure System Settings

    5. Click on Apply button to save the settings. 11.3 Viewing System Information System Information page displays whenever you log into iPBX30. You may also click on the Status menu to see the system information. This page shows information of the overall system...

  • Page 110: Setup Date And Time

    11.4 Setup Date and Time iPBX30 keeps a record of the current date and time, which it uses to calculate and report various data. Although there is a real time clock inside iPBX30; you may also rely on external time servers to maintain correct time.

  • Page 111: View The System Date And Time

    Chapter 11 iPBX30 User Manual Figure 11.4. Time Zone Configuration Page To manually change the time for the router: 1. Click the Management ->Time Zone menu to open the Time Zone configuration page. 2. Enter the current date and time in the proper fields.

  • Page 112: Snmp Setup

    User Manual Chapter 11 11.5 SNMP Setup SNMP (Simple Network Management Protocol) as its name suggests is used for network management. You may use the SNMP configuration page to enable or disable the SNMP support. 11.5.1 SNMP Configuration Parameters The table below describes the configuration parameters available for SNMP setup.

  • Page 113: Log Setup

    Log messages are stored in dynamic memory and will disappear after system is rebooted. To keep a copy of the log messages, you can setup a syslog server and have iPBX30 send out the log messages to the server. 11.6.1 Setting Up Remote Logging Using a Syslog Server...

  • Page 114: View The System Log

    User Manual Chapter 11 1 .C l i c k th e Managem ent - >Log me nu to o p en th e Lo g configuration page. 2. Click Enable Remote Log check box to enable remote logging.

  • Page 115: Figure 11.8 Factory Reset Page

    OK button to proceed; otherwise, click on the Cancel button to cancel the action. Figure 11.9 Factory Reset Confirmation 4. iPBX30 will then reboot thereafter to make the factory default configuration in effect. A count-down timer displays to indicate when the reboot process will be completed.

  • Page 116: Backup System Configuration

    Sometimes, you may find that you have no way to access the iPBX30, e.g. you forget your password or the IP address of iPBX30. The only way out in this scenario is to reset the system configuration to the factory default by pressing the reset button for at least 5 seconds.

  • Page 117: Restore System Configuration

    Chapter 11 iPBX30 User Manual 4. Click on button to backup the system configuration. 11.7.3 Restore System Configuration Follow the steps below to backup system configuration: 1. Click the Management ->Configuration ->Restore menu to open the System Configuration Restore page. Figure 11.12 Restore System Configuration Page 2.

  • Page 118: Figure 11.13 Selecting System Configuration From The File

    4. A system reboot count down timer will display. You’ll be reconnected back to iPBX30 when the counter returns to zero. You may need to manually connect back to the iPBX30 if you are not connected back to iPBX30 automatically.

  • Page 119: Firmware Upgrade

    Firmware Upgrade ASUSTeK may from time to time provide you with an update to the firmware running on the iPBX30. All system software is contained in a single file, called an image. Web UI Management provides an easy way to upload the new firmware image. To upgrade the image, follow this procedure: 1.

  • Page 120: Figure 11.17 Selecting Firmware From The File Manager

    User Manual Chapter 11 Figure 11.17 Selecting Firmware from the File Manager 3. Click on Apply button to update the firmware. A dialog window, such as the one below, will pop up to ask for confirmation of the firmware upgrade. Click the OK button to proceed; otherwise, click the Cancel button to cancel the action.

  • Page 121: Restart System

    You’ll be reconnected back to iPBX30 when the counter returns to zero. You may need to manually connect back to the iPBX30 if you are not connected back to iPBX30 automatically. Figure 11.20 System Reboot Count Down Timer for Firmware Upgrade 6.

  • Page 122: Logout Web Ui Management

    User Manual Chapter 11 Figure 11.21 Restart System Page 11.10 Logout from the Web UI Management To logout of the configuration software, open the Logout page by clicking the Logout menu and click on the Apply button. If you are using IE as your browser, a window will prompt for confirmation before closing your browser.

  • Page 123: Sip Ip-Pbx

    The iPBX30 can work with any RFC3261 compliant gateway, IP phone, ATA. iPBX30 can connect to legacy PBX by the FXS/FXO ports of gateway, and is able to handle up to10 concurrent calls. The following diagram shows a typical iPBX30 application scenario in office.

  • Page 124: Configuration

    User Manual Chapter 12 12.1 Configuration A basic IP-PBX system should have three major components including IP-PBX server, user clients and gateway working together to provide necessary PBX functions. A user client can be an embedded hardware device such as ATA, IP phone or software IP phone running on PC, PDA.

  • Page 125: General Setting

    • External IP address (Not configurable) This IP address is the same with the WAN IP address. It shows the same IP if the iPBX30 WAN port. The SIP server uses this IP to distinguish the incoming VoIP call location by checking if it is from external WAN or local LAN.
  • Page 126 • Start RTP port/ End RTP port The user can assign the starting RTP port number and End RTP port number for VoIP service to define the iPBX30 VoIP RTP port usage range. • SIP port The 5060 port is commonly used for SIP call signaling.

  • Page 127: Gateway

    Chapter 12 iPBX30 User Manual 12.1.2 Gateway The user can add an SIP gateway node for the iPBX30 IP-PBX server to provide inbound/outbound call capabilities from/to PSTN or PBX system. Assign the IP-PBX server IP to the SIP gateway, and the gateway can forward PSTN incoming calls to the IP-PBX.

  • Page 128: Extensions

    User Manual Chapter 12 • Port Defines the SIP port assigned for this gateway to communicate with.Use default 5060 port for SIP signaling. You can change SIP signaling port value, if necessary. Note: The server and gateway should use the same port number.
  • Page 129 DTMF code has received. Processing the DTMF tone needs very complex calculation. This makes iPBX30 CPU very busy and it will be incapable of processing many channels at the same time.
  • Page 130 User Manual Chapter 12 outbound call authorization level, in other words, the rights to call local city call, long distance call, international call or only office call. Note: Check the item “Recording” to assign this extension into greeting voice announcement recording function.

  • Page 131: Dialing Plan

    You can give the MAC address of the SIP client device (AX-112) for this extension number. It is for auto-provision function which AX-112 downloads the configuration file from iPBX30. iPBX30 will generate a configuration data file for each extension with the MAC address defined here.
  • Page 132 User Manual Chapter 12 • Operator access number Assign the code for accessing operator, for example “0” or “9”, so the extensions can dial this access code to call the operator. • Operator type Assign the operator type as a single extension or a group of extensions.

  • Page 133: Itsp Server

    The iPBX30 allows you to link with Internet Telephony Service Provider (ITSP) providing SIP service. You must have a valid ITSP user account and password for iPBX30. To link the iPBX30 to ITSP account, register the iPBX30 to ITSP and assign an extension number with Auto attendant or ITSP Operator type as the ITSP inbound call operator.

  • Page 134: Prefix Routing

    Enter the account name here, followed by password and authentication method. • Authentication The iPBX30 supports MD5 authentication method while registering to ITSP. Normally the SIP server registration is protected for preventing unauthorized user login. 12.2.3 Prefix Routing “Prefix routing”...

  • Page 135: Status

    • Destination type Select the destination type, either a gateway or ITSP service. • Destination protocol The iPBX30 supports SIP protocol . • Destination Select the available destination gateway or ITSP from the pull down menu. The available gateways must be predefined in Gateway configuration page.

  • Page 136: Channel Status

    If you have ITSP SIP account and it is properly setup, you can check the ITSP registration status here. The iPBX30 keeps trying to register to ITSP account until it is successful. The iPBX30 allows you to register to multiple ITSP accounts at the same time.

  • Page 137: Features

    User Manual 12.4 Features 12.4.1 Voicemail The iPBX30 supports voice mail feature, the caller party can leave a message to the called party when the call is not answered, and IPBX30 can send the user an e-mail notification when the voice message recording is done.

  • Page 138: Figure 12.10 Voice Mail Page

    G.711 (uLaw, aLaw) is 8K bytes per second, and G.729 is 1K bytes per second. If you have attached the USB device onto iPBX30 USB port and setup the USB storage device for CDR and voice mail, then the voice message recording time is limited by the USB stor- age size.
  • Page 139 In the above configuration example, follow the instructions below to access your voice message: 1. Dial “8500” from your IP phone to enter iPBX30 voicemail box function main menu. 2. Enter the extension number and password to access your message after entering voicemail box.
  • Page 140 User Manual Chapter 12 Press “1” to enter play back message menu,and refer to the following flowchart. To enter message option menu, press “3” in the message option menu after message played. You can select to reply message to...

  • Page 141: Auto-Provision (For Ax-112)

    The iPBX30 must have a copy of configuration data for client device so the client can download the configuration data when provisioning function is activated at client side. For this reason, the...

  • Page 142: Report

    User Manual Chapter 12 provision configuration of iPBX30 is basically the same with the GUI of AX-112. The configuration data here will be saved into a file together with the MAC address defined in ‘Extensions’ configuration page. Figure 12.11 Auto Provision page 12.5 Report...

  • Page 143: Service Restart

    12.7 Configuring Examples The diagram below shows a typical iPBX application scenario, and the iPBX30 plays the role of router and SIP server at the same time. Following sections describe how to setup 2 ATA in LAN, 1 ATA in internet and 1 SIP gateway in LAN. We have to give some assumption for these scenarios: •...

  • Page 144: Figure 12.13 Extension List Page

    User Manual Chapter 12 Create extensions You have to create extension accounts in iPBX30 for the registration from three SIP ATA devices. Click IP-PBX -> Configuration -> Extensions to open the page as shown below. Figure 12.13 Extension List page Click the Add button to open the extension configuration page.

  • Page 145: Figure 12.15 Sip Page

    1003), all settings are the same except that you should check the “NAT:” field as “Yes”. 7. After all setting are completed, click “Utility” item from the left side menu , and click “Hot reload” to make iPBX30 reload all the settings and take effective. Configure the SIP client devices After you have created these AX-112 accounts, you have to setup proper parameters for each AX-112 account.
  • Page 146 There are 3 steps to enable ITSP service. • Create an extension for ITSP It is necessary for iPBX30 to use an extension as an UA (User Agent) to register to ITSP SIP server, and also to accept the incoming call from ITSP. Select an extension number for ITSP registration and click the type as “ITSP operator”.

  • Page 147: Ip Addresses, Network Masks- And Subnets

    Chapter 13 iPBX30 User Manual IP Addresses, Network Masks, and Subnets 13.1 IP Addresses Note: This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered. This section assumes basic knowledge of binary numbers, bits, and bytes.

  • Page 148: Network Classes

    User Manual Chapter 13 Table 13.1. IP Address Structure Field 1 Field 2 Field 3 Field 4 Class A Network ID Host ID Class B Network ID Host ID Class C Network ID Host ID Here are some examples of valid IP addresses: Class A: 10.30.6.125 (network = 10, host = 30.6.125)

  • Page 149: Subnet Masks

    Chapter 13 iPBX30 User Manual • A host ID can have any value except all fields set to 0 or all fields set to 255, as those values are reserved for special uses. 13.3 Subnet masks Definition: mask: A mask looks like a regular IP...
  • Page 150 User Manual Chapter 13 Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 These are called default because they are used when a network is initially configured, at which time it has no subnets.

  • Page 152: Troubleshooting

    Chapter 14 Troubleshooting This appendix suggests solutions for problems you may encounter in installing or using the IPBX30, and provides instructions for using several IP utilities to diagnose problems. Contact Customer Support if these suggestions do not resolve the problem.
  • Page 153 PC to receive this information automatically. • Verify that a Network Address Translation rule has been defined on the IPBX30 to translate the private address to your public IP address. The assigned IP address must be within the range specified in the NAT rules.
  • Page 154 UI Management program tion, to check whether your PC can communicate from your browser. with the iPBX30’s LAN IP address (by default 192.168.1.1). If it cannot, check the Ethernet ca- bling. Verify that you are using Internet Explorer 6.0 or newer.

  • Page 155: Diagnosing Problem Using Ip Utilities

    “Request timed out.” Using the ping command, you can test whether the path to the iPBX30 is working (using the preconfigured default LAN IP address 192.168.1.1) or another address you assigned. You can also test whether access to the Internet is working by...

  • Page 156: Nslookup

    User Manual Chapter 14 typing an external address, such as that for www.yahoo.com (216.115.108.243). If you do not know the IP address of a particular Internet location, you can use the nslookup command, as explained in the following section.
  • Page 157 Chapter 14 iPBX30 User Manual There may be several addresses associated with an Internet name. This is common for web sites that receive heavy traffic; they use multiple, redundant servers to carry the same information. To exit from the nslookup utility, type exit and press <Enter> at the...

  • Page 158: Index

    User Manual Index Index ACL Configuration page, 74 relay, 51 Computers Domain Name System. See DNS configuring IP information, 14 Dynamically assigned IP addresses, 36 Web UI Management Eth-0 interface overview, 26 defined, 22 troubleshooting, 139 Ethernet cable, 12...
  • Page 159 User Manual Index Windows Me, 16 Netmask. See Network mask Windows NT 4.0, 17 Network classes, 135 IP Configuration Network ID, 135 Windows XP, 14 Network interface card, 1 IP information Network mask, 135 configuring on LAN computers, 14...
  • Page 160 User Manual Index changing, 97 Upgrading firmware, 106 default, 19, 24 User Password Configuration page, recovering, 101 Username PC configuration, 13 default, 19, 24 PC Configuration WAN DHCP, 29 static IP addresses, 17 WAN IP address, 29 Ping, 137...

Table of Contents