SmartRG™ Residential Gateways

P a g e

| 56

C o n f i d e n t i a l

S m a r t R G © 2 0 1 2

header by encapsulating it in an additional IP header. The outer IP header remains

unprotected.

5.

Enter the IP address of the tunnel’s remote IPSec gateway.

6.

Select either a single IP address or a subnet of IP addresses for the local end of the IPSec

tunnel.

7.

Enter either the single local IP address or the local subnet definition.

8.

Select either a single IP address or a subnet of IP addresses for the remote end of the

IPSec tunnel.

9.

Enter either the single remote IP address or the remote subnet definition.

10.

Select the Key Exchange Method. Keys can be exchanged manually (set identically on both

ends) or

automatically using “Internet Key Exchange” (IKE).

This example assumes the

selection of IKE.

11.

Select the Authentication Method. A

uthentication can be performed either with a “Pre

-

Shared Key” or a certificate.

This example assumes the selection of a Pre-Shared Key.

12.

Enter the Pre-Shared Key value. Both character and hexadecimal values are acceptable

(e.g. 0x123abc456def789 or VPN@tunnel_123)

13.

Enable/Disable Perfect Forward Secrecy. PFS ensures the same key will not be generated

again forcing a new Diffie-Hellman key exchange. This prohibits hackers from snooping a

present transmission to decipher a key and then use that key to observe future data

transmissions.

14.

Set the Phase 1 Advanced IKE Settings (establish a secure, authenticated channel):

a.

Select the Mode: “Main” mode is more secure but adds delay. “Aggressive” mode is

faster but less secure.

b.

Select the Encryption Algorithm: AES-256 is the most secure.

c.

Select the Integrity Algorithm: MD5 is a one way hash with a 128 bit digest. SHA1 is

a one way hash with a 160 bit digest.

d.

Select the Diffie-Hellman Group for Key Exchange. Diffie-Hellman is a cryptography

protocol enabling two devices to establish a shared secret via unsecured channels.

More bits provide greater security but come with increased time for key

computation.

e.

Specify the Key Life Time. Keys will be renewed after this interval.

15.

Set the Phase 2 Advanced IKE Settings (generate keys and negotiate the IPSec Security

Association):

a.

Repeat steps 14b-14e.

16.

Click

Apply/Save.

Managing Your SmartRG™ Gateway

S m a r t R G © 2 0 1 2

C o n f i d e n t i a l

P

a

g

e

| 57

Managing Your SmartRG

™

Gateway

Save, Restore or Default Configurations

To save the existing gateway configuration to your hard drive:

1.

Select

Management -> Settings -> Backup.

2.

Click Backup xxx Settings.

NOTE

Two types of settings are available for backup:

-

Running Settings: settings governing the gateway’s operation at the present time

-

Default Settings: settings restored at the time of a factory default

You have the ability to create your own custom default settings.

To restore a previously saved gateway configuration as the gateway’s

running

settings:

1.

Select

Management -> Settings -> Update.

2.

Click the Choose File

button (under the “Update working settings” section) and browse to

find the saved config file on your hard drive (e.g. mySmartRGRunningConfig.conf)

3.

Click Update Working Settings.

To restore a previously saved gateway configuration as the gateway’s

default

settings:

1.

Select

Management -> Settings -> Update.

2.

Click the Choose File

button (under the “Update Default Broadband Router settings”

section) and browse to find the saved config file on your hard drive (e.g.

mySmartRGDefaultConfig.conf)

3.

Click Update Settings.

To restore the gateway to default settings:

1.

Select

Management -> Settings -> Restore Defaults.

2.

Click Restore Default Settings.

SmartRG™ Residential Gateways

P a g e

| 58

C o n f i d e n t i a l

S m a r t R G © 2 0 1 2

Update Software

To update the gateway’s software:

1.

Select

Management -> Update Software.

2.

Browse to find the new gateway software on your hard drive (ex:

CA_2.4.3.7_24282_SR500N_fs_kernel

)

3.

Click Update Software.

NOTE

The software update process takes approximately 2 minutes to complete. Do NOT power

cycle the gateway until the software update process has completed.

Managing Y

our SmartRG™ Gateway

S m a r t R G © 2 0 1 2

C o n f i d e n t i a l

P

a

g

e

| 59

Configure Time Settings

To set the gateway’s time zone and NTP server settings:

1.

Select

Management -> Internet Time.

2.

Select your time zone from the drop down list.

3.

(Optional) Select the first, second … NTP servers from the drop down lists. (A custom NTP

server can be configured by selecting “Other” from the drop down list and entering the

custom URL.)

Figure 46 Time Zone and NTP Server Settings

4.

Click Apply/Save.

SmartRG™ Residential Gateways

P a g e

| 60

C o n f i d e n t i a l

S m a r t R G © 2 0 1 2

Configure Access Controls (HTTP, Telnet, SSH, etc.)

To enable/disable gateway management services such as HTTP, Telnet and SSH:

1.

Select

Management -> Access Control -> Services.

Figure 47 Enabling/Disabling HTTP, Telnet, SSH... Access

2.

Enable/disable LAN and/or WAN access to the various management services as desired .

3.

Click Save/Apply.

NOTE

For security reasons it is strongly recommended that WAN access to all services be

disabled accept during deployment or when troubleshooting.