ToughSAM (3G/4G Industrial Modem router) User Guide · ToughSAM User Guide V1.1 II Ver1.1 Using this Manual Thank you for purchasing the ToughSAM. The ToughSAM is an Industrial 3G/4G

ToughSAM User Guide V1.1

I Ver1.1

ToughSAM

(3G/4G Industrial Modem router)

User Guide


II Ver1.1

Revision History

Version Modified By Date Description

1.0 13/02/2014 Initial version

1.1 24/04/2014 Second release


II Ver1.1

Using this Manual

Thank you for purchasing the ToughSAM. The ToughSAM is an Industrial 3G/4G Ethernet router. It performs data

communication functions between a wired Local Area Network (LAN) and the WCDMA 3G/4G cellular network (Wide

Area Network WAN). It can access the World Wide Web through the 3G/4G network.

This manual provides information relating to the installation, operation, and application of ToughSAM device.

If you find the product to be broken or malfunctioning, please contact technical support for immediate service by

email at http://www.intercel.com.au/contact

For product updates, manual revisions, or software upgrades, please visit our website at www.intercel.com.au,

access our DOWNLOADS page.

Copyright Copyright @ 2014 Intercel. All rights reserved. This manual is protected under international copyright laws. No part of this manual may be reproduced, distributed, translated, or transmitted in any form or by any means, electronic or mechanical, including

photocopying, recording, or storing in any information storage and retrieval system, without the prior written permission of Intercel.

Cautions This product should be operated only from the type of power source indicated on the product label.

This product operated on 100-240Vac plug pack.

Do not open this product.

Do not operate this product near/under water.

Do not place or operate this product near or over a radiator or heat register.

Do not expose this product to dampness, dust or corrosive liquids.

This product should be kept 25cm or more away from the human body.

This product should not be carried by hand during operation.

This product should work in a good ventilation environment. Insufficient airflow may harm the product.

This product shall not be installed inside metal cases.

Unplug the product from the power supply when cleaning or assembly changing.

http://www.intercel.com.au/contacthttp://www.intercel.com.au/


1 Ver1.1

Contents

1 Introduction ..........................................................................................................................................................3

1.1 Overview............................................................................................................................................................3

1.2 Features ............................................................................................................................................................3

1.3 Packing List/Accessories ................................................................................................................................3

1.4 Optional Accessories .......................................................................................................................................3

2 Hardware Description ........................................................................................................................................4

2.1 Front Panel........................................................................................................................................................4

2.2 Right Side Panel ..............................................................................................................................................5

2.3 Back Panel ........................................................................................................................................................6

3 Installation Instructions ......................................................................................................................................7

3.1 SIM Card Installation .......................................................................................................................................7

4 Specification ........................................................................................................................................................8

4.1 Physical .............................................................................................................................................................8

4.2 Environment ......................................................................................................................................................8

4.3 Power supply input...........................................................................................................................................8

4.4 Interfaces ...........................................................................................................................................................8

5 Web Interface ....................................................................................................................................................10

5.1 Login User Interface ......................................................................................................................................11

5.2 Logout User Interface ....................................................................................................................................12

5.3 Quick start up configuration ..........................................................................................................................13

5.4 Expanded Index Menu(EIM) .........................................................................................................................14

5.5 Status Menu Page .........................................................................................................................................15

5.5.1 Hardware Configuration ........................................................................................................................15

5.5.2 LAN ...........................................................................................................................................................15

5.5.3 WWAN .....................................................................................................................................................15

5.5.4 PPPoE ......................................................................................................................................................15

5.5.5 IPsec ........................................................................................................................................................16

5.5.6 PPTP ........................................................................................................................................................16

5.5.7 Network Connection ...............................................................................................................................16

5.6 Internet Setting > Mobile Network Configuration .......................................................................................17

5.6.1 Network Setting ......................................................................................................................................17

5.6.2PPPoE .......................................................................................................................................................18

5.6.3 Mode/Operator ........................................................................................................................................19

5.6.4 SIM Management ...................................................................................................................................20

5.7 Internet Setting > LAN Configuration ..........................................................................................................21

5.7.1 Local IP Setting .......................................................................................................................................21


2 Ver1.1

5.7.2 DHCP .......................................................................................................................................................22

5.7.3 DDNS .......................................................................................................................................................23

5.7.4 NSUpdate ................................................................................................................................................24

5.8 Advanced Setting > Routing Configuration ................................................................................................25

5.8.1 Static ........................................................................................................................................................25

5.8.2 NAT ..........................................................................................................................................................26

5.8.3 RIP ............................................................................................................................................................27

5.8.4 VRRP .......................................................................................................................................................28

5.8.5 DMZ ..........................................................................................................................................................29

5.9 Advanced Setting > VPN Configuration ......................................................................................................30

5.9.1 PPTP ........................................................................................................................................................30

5.9.2 IPsec ........................................................................................................................................................32

5.9.3 OpenVPN.................................................................................................................................................35

5.10 Applications > NTP/DTS Configuration ....................................................................................................37

5.10.1 Network Time ........................................................................................................................................37

5.11 Applications > PAD Configuration .............................................................................................................38

5.11.1 PAD ........................................................................................................................................................38

5.12 Applications > SNMP Configuration ..........................................................................................................39

5.12.1 SNMP .....................................................................................................................................................39

5.13 Applications > SMS Configuration .............................................................................................................40

5.13.1 New Message .......................................................................................................................................40

5.13.2 Inbox ......................................................................................................................................................40

5.13.3 Outbox ...................................................................................................................................................41

5.13.4 Diagnostics ............................................................................................................................................41

5.13.5 Setup ......................................................................................................................................................42

5.14 Applications > GPS Configuration .............................................................................................................43

5.15 System > Periodic Management ...............................................................................................................44

5.15.1 Periodic Management Configuration .................................................................................................44

5.15.2 Periodic Ping Setting ..........................................................................................................................44

5.15.3 Periodic Reset .....................................................................................................................................44

5.16 System > Firewall Configuration ................................................................................................................45

5.16.1 Firewall Setup .......................................................................................................................................45

5.17 System > File Upload/Save Configuration ...............................................................................................46

5.17.1 Setting ....................................................................................................................................................46

5.17.2 Firmware Upgrade ...............................................................................................................................47

5.18 System > System Log Configuration ........................................................................................................48

5.18.1 Log ..........................................................................................................................................................48

5.19 System > Reboot Configuration .................................................................................................................48

6 Troubleshooting ................................................................................................................................................49

7 Appendix: Abbreviations and Acronyms .......................................................................................................50


3 Ver1.1

1 Introduction

1.1 Overview

The ToughSAM is an Industrial 3G/4G Ethernet Router designed to perform data communication functions between a wired Local Area Network (LAN) and the cellular network (Wide Area Network, WAN). Its environmental qualities, notably its wide temperature range of operation, its robustness and throughput performances, make it a perfect tool for industrial application like metering, telemetry or security monitoring.

1.2 Features

HSPA+/UMTS/4G/LTE Wireless Module

10/100Mbps Ethernet Port

External Antenna (Main Antenna and Aux Antenna)

Protocols and protocol settings: TCP/IP, DHCP server, DDNS, NAT, non-NAT, port forwarding, HTTP, ARP, PPP, APN, NTP, VPN – IPsec, VPN – PPTP, VPN – OpenVPN

Web Base Interface, Periodic Administration, Local/Remote Firmware Upgrade via HTTP, SIM Management, Time Configuration, NTP Time Synchronization.

1.3 Packing List/Accessories

The ToughSAM modem is delivered with:

IP67 RJ45 Ethernet Cable for PC Connection

Quick User Guide

220Vac Adapter with IP67 Connector

Mounting bracket with HEX screw and nut set.

1.4 Optional Accessories

External Multiband Antennas with N-male connector


4 Ver1.1

2 Hardware Description

2.1 Front Panel

Front Panel LEDs

3 LEDs indicate different modem’s status: Power LED Turns ON when power is applied and system initialization is successful. Blinking LED means SIM card not properly installed or system initialization failed. The modem will go into non-WAN mode (standby condition). Stays OFF when main power is off.

LAN Network LED Blinking when packet switched data is being transferred through the modem Stays OFF when there is no network activity.

WWAN LED Stays ON when connected to the 3G/4G network. Stays OFF when disconnected to from the 3G/4G network.

Power LED

LAN Network LED

WWAN LED


5 Ver1.1

2.2 Right Side Panel

A. DIV ANT. - Aux/DIV Antenna Connector (N-Female) Auxiliary antenna connection, RX antenna, improve the radio sensitivity (Caution: DIV Antenna, should point at a different direction compared to Main Antenna to improve Diversity Gain, Isolation and reduce mutual interaction.)

B. MAIN ANT - Main Antenna Connector (N-Female)

C. LAN - Ethernet Port

Plug the supplied Ethernet Cable into this port and plug the other end of the cable to your PC before using the ToughSAM modem

D. DC - DC Power Supply Port

Power supply socket pin assignment

A

B

D

C


6 Ver1.1

2.3 Back Panel

Product Label Model Name, Serial Number, IMEI, MAC address and input power information.


7 Ver1.1

3 Installation Instructions

3.1 SIM Card Installation

A. SIM Card Holder B. Button to extract the SIM Holder from the ToughSAM Modem (when inserted) C. SIM Card

Extract the SIM Card Holder (A) from the modem by pushing the button (B) on the Left Side Panel. Insert your SIM Card (C) to the SIM Card Holder (A), as shown in the picture. Re-insert the SIM Card Holder with SIM Card into the SIM card slot in the appropriate direction. Be sure as well that SIM card is properly inserted before switching on the modem.

B

A


8 Ver1.1

4 Specification

4.1 Physical

Size (Casing) 120 mm x 120 mm x 80 mm (LxWxH)

Size (Including connectors) 165 mm x 135 mm x 80 mm (LxWxH)

4.2 Environment

Storage Temperature -40°C to 85°C

Operating Temperature -40°C to 85°C

Relative humidity (operational) < 95% non-condensing

Maximum supported Air Discharge (IEC 61000-4-2)

±15kV

Maximum supported Contact Discharge (IEC 61000-4-2)

±8kV

4.3 Power supply input

Working supply voltage 9-32Vdc ; 1.5A

Power supply connector UTS6JC103S Souriau IP67 connector

4.4 Interfaces

Supported SIM card voltage 1.8V / 3V

Ethernet speed, link 10-100 Mb/s, Auto-MDIX

Ethernet line isolation 2kV


9 Ver1.1

3G/4G/GPRS Radio Network Band Support

GSM/GPRS/EDGE

850/900/1800/1900MHz

UMTS WCDMA/HSDPA/HSUPA/HSPA+ Band I 2100MHz

Band II 1900MHz

Band V 850MHz

Band VI 800MHz

Band VIII

900MHz

4G/LTE Band I 2100MHz

Band III 1800MHz

Band VII 2600MHz

Band VIII 900MHz

Band XX 800MHz


10 Ver1.1

5 Web Interface

The ToughSAM is configured through its web interface. To launch the web interface, connect the ToughSAM modem to a PC with the supplied Ethernet cable. Web interface could be accessed by browsing the webpage with IP address 192.168.1.1. Username: admin and password: admin On your PC, the configuration of the “connection to the local network” must be checked so that it has a good IP Address:

Either the PC gets the IP address automatically from the ToughSAM modem (DHCP). Or set the IP address to 192.168.1.X where X is from 2 to 254.

Suggested Web Browser for the configuration of the ToughSAM are as follow: Internet Explorer 8.0 or later, Mozilla Firefox 22.0 or later. Open a web browser. Power on the module, wait until the IP address of the PC is well distributed by the ToughSAM modem, then type in the address bar 192.168.1.1, which is the default IP address of the modem. You will be forwarded to login page for entering Username and Password. By default, the Username and Password are both “admin”. They could be changed through the web interface later.


11 Ver1.1

5.1 Login User Interface

User can access ToughSAM configuration menu by login web browser system. Please follows below instructions for the access

1. Open web browser and navigate address http://192.168.1.1 2. Enter username and password 3. Click Submit to login.

Two default user accounts are preset in the system: Root Account and Admin Account

Root Account

Username root

Password root

Admin Account

Username admin

Password admin

Root Account allows full control and access to all settings. Admin Account allows lower level of authorization on the configuration. Only Root Account allows firmware upgrade, configuration backup, restoring and factory reset function. Once the Username and Password are confirmed, the status page of the web interface with basic information of the LAN and WAN connection will show up.

http://192.168.1.1/


12 Ver1.1

5.2 Logout User Interface

For security reasons, make sure to logout from the web interface after configuring the ToughSAM

modem

by clicking

Logout on the top manual bar. After a successful logout, the system will re-direct to Login Menu.


13 Ver1.1

5.3 Quick start up configuration

For a quick start up when you first use the ToughSAM modem, you just need to configure some basic parameters. For advanced settings and detailed explanations, please refer to the configuration section. To configure a simple setting and make your ToughSAM modem work, the two parameters you may need to specify are the APN (Access Point Name) and SIM PIN code. Quick Startup Parameter Setting: 1. SIM PIN Setting

If your SIM card needs a PIN code, select Internet Setting -> Mobile Network -> SIM Management, Fill the PIN code in the bar and check the Enable box.

2. APN Setting

Select Internet Setting -> Mobile Network -> Network Setting; fill in the APN in the first line: the APN depends on your 3G/4G operator.

After these modifications, your ToughSAM modem should work properly.


14 Ver1.1

5.4 Expanded Index Menu(EIM)

EIM provides users with easier access to all function controls. User could expand all the function features by clicking the top left PLUS symbol. This helps user to find any feature within the modem control.


15 Ver1.1

5.5 Status Menu Page

Status Menu Page lists out the current condition on the whole ToughSAM modem which include Basic hardware information, LAN connection setting, Mobile Network condition, PPPoE setting and IPsec / PPTP OpenVPN Setting.

5.5.1 Hardware Configuration

System Time

Firmware Version ToughSAM’s Firmware Version

Modem Module RF Mobile Module’s Information

MAC Address ToughSAM’s MAC Address

5.5.2 LAN

IP Local IP Address Setting; Default: 192.168.1.1

5.5.3 WWAN

Profile Name Setting Profile Name

Status Connection Status

5.5.4 PPPoE

PPPoE Status Setting Status, Enable/Disable

PPPoE IP Address PPPoE IP Address


16 Ver1.1

5.5.5 IPsec

Profile Name IPsec Profile Name

Local LAN Local LAN IP Address

Remote Gateway Gateway IP Address

Remote LAN Remote LAN IP Address

Status IPsec Connection Status

5.5.6 PPTP

PPTP Satus PPTP connection status

PPTP IP Address PPTP connection IP Address

PPTP P-t-P PPTP Remote Gateway Address

5.5.7 Network Connection

Provider Operator Name

Coverage Mobile Network Connection

IMEI IMEI (International Mobile Equipment Identity)

Signal Strength (dBm) Signal Strength Level in dBm

SIM Status SIM Card Status


17 Ver1.1

5.6 Internet Setting > Mobile Network Configuration

5.6.1 Network Setting Allow users to setup their own pre-defined settings to access the WWAN. APN should be entered with reference to operator’s requirement.

Profile Name User can setup their own Profiles which suit for different operators’ services

APN Name APN, Access Point Name which provided by the 3G/4G operator

Mobile Broadband Connection Default Enable to turn on the data traffic for the mobile service

Username/Password The User Account information can be setup through Account and Password if needed. Most of the cellular operators do not require a username / password to access internet but it may happen in some countries


18 Ver1.1

5.6.2PPPoE

PPPoE PPPoE connection control (Enable / Disable)

APN Name PPPoE connection APN Name

If PC connection, Username & Password set to be same as APN Name defined

Service Name Service Name (Optional)


19 Ver1.1

5.6.3 Mode/Operator

Change Band Selection of the mobile network, User could choose 2G/3G/4G/Auto

Operator Settings Customer could select operator by manual or automatic

To enable this feature, user should disable the network


20 Ver1.1

5.6.4 SIM Management The ToughSAM modem is able to manage the SIM pin code when required. ToughSAM will automatically enter the PIN code for the corresponding SIM card if the “Remember PIN” field is enabled.

SIM Status SIM card condition

PIN Protection Status Showing SIM Card PIN Protection Status

PIN Unlock Remain Unlock time remain. if remain is zero, SIM card will be locked permanently. Need to use PUK code to unlock the card

PIN / PIN Verify User PIN code Entry

Remember PIN Enable to store the PIN inside system. System will automatically enter the PIN which startup

Action Providing SIM Lock / SIM unlock Action


21 Ver1.1

5.7 Internet Setting > LAN Configuration

This page allows users to configure the parameters of LAN, such as local IP address of your ToughSAM modem subnet mask and DNS servers.

5.7.1 Local IP Setting

Ethernet IP Mode Modes of IP configure. Static IP or DHCP Client mode

Ethernet IP Address Current Ethernet connection IP Address

(Auto disable when DHCP client mode selected)

Ethernet Subnet Mask Current Ethernet connection Subnet Mask

(Auto disable when DHCP client mode selected)

DNS Masquerade

Attention: If the IP address is changed, you must use the new IP address to enter the web interface. Remark: your PC must change its IP address also if the network sub-address (third number of IP address) is changed: either your PC gets the IP address from the ToughSAM modem automatically after a new DHCP allocation (may take a while on Windows, it is better to disconnect and reconnect the Ethernet cable) or manually by changing it in the PC’s configuration.


22 Ver1.1

5.7.2 DHCP The DHCP protocol (Dynamic Host Configuration Protocol) is a communication protocol that makes automatic assignment of IP addresses in an organization’s network. This page allows users to configure the DHCP range and lease time. By default, the first PC connected to your ToughSAM modem will be assigned 192.168.1.100 as an IP address, the second PC will obtain 192.168.1.101, etc.

DHCP Status DHCP setting status (Enable / Disable)

DHCP Start Range DHCP allocated IP address (Start Range)

DHCP End Range DHCP allocated IP address (End Range)

DHCP Lease Time Time period for the address is leased

DHCP Relay DHCP Relay status (Enable / Disable)

DHCP Server Address DHCP server IP address

Address Reservation List Administrator can reserve IP address for dedicate PC device

Information could be Clone from Dynamic DHCP Client List

DHCP lease time specifies the time period during which a given IP address will be valid.


23 Ver1.1

5.7.3 DDNS DDNS (Dynamic Domain Name Server) enables your PC to associate its current IP address, received from public network, with a domain name automatically. Thus, a remote user can obtain the current IP address of the home computer through a DNS query and connect to the home computer.

DDNS Status Status for DDNS (Enable / Disable)

Server Address DDNS Server address

Host Name DDNS Hostname Information

Username DDNS Username information

Password DDNS Account’s Password

Verify Password DDNS Account’s Password Verification


24 Ver1.1

5.7.4 NSUpdate ToughSAM modem provide utility (NSUpdate) used by network administrators to request the name server of a DNS zone to update its database.

NSUPDATE Status Status of NSUPDATE (Enable / Disable)

Server Address Primary Name Server Address to update the DNS entry

Secondary Server Address Secondary Name Server Address to update the DNS entry

DNS Zone Domain name space which DNS entry is contained with

Host Name Hostname of the rounter to put in the DNS entry

Expiry Time Time period for DNS entry will remain valid


25 Ver1.1

5.8 Advanced Setting > Routing Configuration

5.8.1 Static Customer could define some routes out of the other route method (NAT / Port forwarding).

Route Name Customer defined Route Name

Destination IP Address The IP address want to forward to

IP Subnet Mask Subnet Mask of destination IP

Gateway IP Address Gateway of the destination network

Network Interface Routing network interface (auto / eth0 / ppp0)

Metric Priority of the routes. The lower the metric value, the higher priority.


26 Ver1.1

5.8.2 NAT NAT (Network Address Translation) protocol translates a public IP address in the WAN to several private IP addresses within the LAN. This page allows users to enable or disable NAT.

Protocol TCP / UDP / ALL protocol selection

Source IP Address Defined IP address that would like to take routing action

IP address is 0.0.0.0, which defined to be all external IP information will be routed.

Incoming Port Range Network Port (s) Range of the network that would like to take routing action

Destination IP Address Local Area Network Address of the device which forward to

Destination Port Range Local Area Network Port (s) to forward to

Commonly used port numbers include:

Application Port number Protocol

FTP (data) 20 TCP

FTP (command) 21 TCP

SSH 22 TCP, UDP

HTTP 80 TCP, UDP

POP3 110 TCP

SMTP 25 TCP, UDP


27 Ver1.1

5.8.3 RIP RIP (Routing Information Protocol) which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination.

RIP Status Status of RIP (Enable / Disable)

Version Version of RIP protocol support


28 Ver1.1

5.8.4 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP sub-network.

VRRP Status Status of VRRP (Enable / Disable)

Virtual Device ID ID of the route. This ID is different for each virtual router on the network

Router Priority Master routers have a priority of 255 and backup router(s) can have priority between 1 and 254.

Virtual IP Address The virtual IP address that both virtual routers share. A virtual router must use 00-00-5E-00-01-XX as its (MAC) address. The last byte of the address (XX) is the Virtual Router Identifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and is the only way that other physical routers can identify the master router within a virtual router.


29 Ver1.1

5.8.5 DMZ The ToughSAM modem can help you add an additional layer of security to your LAN by setting up a DMZ (demilitarized zone) through a PC that contains and exposes your organization’s services to the unsecured WAN for external client visit. An external hacker can only access this particular PC in the DMZ but the other part of your network will be protected.

DMZ Status Status of DMZ (Enable / Disable)

DMZ IP Address DMZ Host IP Address

Fill in the IP address of the PC that you want to assign it in DMZ. Check the “Enable” to activate the DMZ function. Note: This function only works when NAT mode is enabled.


30 Ver1.1

5.9 Advanced Setting > VPN Configuration

5.9.1 PPTP PPTP (Point-to-Point Tunneling Protocol) enables user to set up a virtual point-to-point tunnel over the Internet between ToughSAM and PPTP server. All the data are encrypted during the transmission so that the security of data transmission is guaranteed. To create a new profile, please click Add button.

Enable VPN Enable / Disable PPTP service

Profile Name User defined PPTP profile name

VPN Server Address IP address of VPN server which ToughSAM connect to

Username Username for PPTP service

Password Password for the PPTP service

Authentication Type Authentication method in a PPTP

Metric Priority of the PPTP setting profile

The lower the metric value, the higher the priority

Fill in the username, password and IP address of the remote server that you want to connect to through PPTP. After fill in the information, click Save to activate the function. TEMPLATE:


31 Ver1.1

1. Access ToughSAM Main Page, Enter APN/PIN and achieved Public IP condition. 2. Internet Setting -> VPN -> PPTP 3. Click Add button to create a new profile 4. Fill in the parameter

Profile Name Customer defined name VPN Server Address PPTP Server IP Address Username corresponding PPTP’s account username Password corresponding PPTP’s account password Authentication Type Type of authentication (eg. MS-CHAP-V2) Metric 10

5. Click Save to store the setting


32 Ver1.1

5.9.2 IPsec The ToughSAM modem can help you set up a VPN (Virtual Private Network) over a public telecommunication infrastructure such as the Internet, providing remote offices or individual users secure access to your organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization. To create a new profile, please click Add button.

Enable VPN Enable / Disable IPsec service

Profile Name User defined IPsec profile name

Remote Gateway Remote IPsec Gateway

- Public IP address of the IPsec server

Remote Address/Net to Join

- IP address of Remote server on the VPN connection (eg. 192.168.1.1)

Remote Address/Net Mask

- Network Mask of Remote server on the remote network

Road Warrior Click this to configure the VPN connection for Road Warrior (connection from a dynamic IP Address) use.

Local LAN Local Address/Net to Join

- Local IP address of the VPN connection


33 Ver1.1

Local Address/Net Mask

- Local IP Network Netmask of the VPN connection

Negotiation Encap Protocol

- Encapsulation protocol used in the VPN connection

IKE Mode

- IKE mode used in the VPN connection

PFS

- PFS On/Off Selection

IKE Encryption

- IKE encryption type used in the VPN connection

IKE Hash

- IKE Hash type used in the VPN connection

IPsec Encryption

- IPSec encryption type used in the VPN connection

IPsec Hash

- IPSec Hash type used in the VPN connection

DH Group

- DH Group used in the VPN connection

DPD Action

- DPD Action used in the VPN connection

DPD Keep Alive Time

- Time in seconds for DPD to keep alive

DPD Timeout

- Time in seconds for DPD to timeout

IKE Rekey Time

- IKE Rekey time used in the VPN connection

SA Life Time

- SA Life time used in the VPN connection

Key Mode

- Type of key mode used in the VPN connection. User can choose: Pre Shared Key RSA Keys Certificates

Key mode requires different configuration options


34 Ver1.1

TEMPLATE:

1. Access ToughSAM Main Page, Enter APN/PIN and achieved Public IP condition. 2. Internet Setting -> VPN -> IPsec 3. Click Add button to create a new profile 4. Fill in parameter

Remote IPsec Gateway Remote Gateway Public IP Address Remote Address/Net to Join Remote Gateway Local IP Address

(the 4th group set to be “0” represent 1~255, 192.168.1.0 represent 192.168.1.1 ~ 192.168.1.255)

Remote Address/Net Mask Remote Gateway Local IP Address Net Mask Local Address/Net to Join Local Address IP Address

(the 4th group set to be “0” represent 1~255, 192.168.2.0 represent 192.168.2.1 ~ 192.168.2.255)

Local Address/Net Mask Local Address Net Mask Encap Protocol ESP IKE Mode Main Pfs On IKE Encryption AES IPsec Hash MD5 DH Group Group2 (1024) DPD Action None DPD Keep Alive Time 10 DPD Timeout 60 IKE Rekey Time 3600 SA Life Time 28800 Key Mode Pre Shared Key Pre Shared Key customer defined (example: 123456) Remote ID customer defined Local ID customer defined

5. After parameters entry, click Save to store & activate the IPsec feature

6. If using another ToughSAM for another side, all parameters should be similar except the Addressing


35 Ver1.1

5.9.3 OpenVPN OpenVPN is an open source software application that implements virtual private network (VPN) techniques for

creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access

facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.

To create a new profile, please click Add button.

Enable VPN Enable / Disable OpenVPN service

Profile Name User defined OpenVPN profile name

OpenVPN Type Server, Client or Peer-to-peer Setting of OpenVPN

Server Port Server setting: Port definition, UDP or TCP

VPN Network Address VPN services Network IP Address

VPN Network Mask VPN services Network Mask

Generate DH. DH. Difie-Hellman parameter. Generate the server and client keys used by the VPN service.

Server Certificates The applicable details to identify the OpenPVN server and create a CA certificate based on the information entered.

Authentication Type Authentication type used on the VPN connection.

Certificate

Username / Password

Certification Management Certification Generate/Download/Revoke Management

TEMPLATE:

ToughSAM Server

http://en.wikipedia.org/wiki/Virtual_private_networkhttp://en.wikipedia.org/wiki/Transport_Layer_Security


36 Ver1.1

1. Access ToughSAM Main Page, Enter APN/PIN and achieved Public IP condition. 2. Internet Setting -> VPN -> OpenVPN 3. Click Add button to create a new profile 4. VPN Edit

Profile Type OpenVPN

Enable VPN Enable

Profile Name Any profile name is fine

OpenVPN Type Server

Server Port 1194 (any port which is not being used) UDP/TCP

VPN Network Address 10.0.0.0（Private Network）

VPN Network Mask 255.255.255.0

Click Generate DH

If first time using, Generate DH will take over 30mins to complete

5. After finishing step 3, fill in Server Certificates’ information & click Generate CA certificate 6. Authentication Type, choose Certificate 7. Certificate Management, adding certificate name and fill in the corresponding information 8. Finished Step 6, click Generate, this action should waiting around 3~5 seconds, and click Download to download

the certificate to PC terminal 9. Repeat Step 6~7 for multi-certificate generation 10. Click Save TEMPLATE:

ToughSAM Client

1. Access ToughSAM Main Page, Enter APN/PIN and achieved Public IP condition.

2. Internet Setting -> VPN，Select OpenVPN with type Client Server IP Address Fill in the Server Public IP Address

Server Port Server’s Port number & connection type UDP/TCP

3. Click Upload to upload the Certificate generate by the server


37 Ver1.1

5.10 Applications > NTP/DTS Configuration

5.10.1 Network Time

NTP Synchronization Status Status of NTP Synchronization (Enable / Disable)

Enable DST Enable DST function

Time Zone Time Zone Selection

NTP Server Address Customer defined NTP server IP address

This page enables the ToughSAM modem to synchronize its time with a server in the internet in using TIME protocol. Users can indicate the server in the server address bar. Time zone can be chosen from the Time Zone list, and if the Enable DST is checked, the Daylight saving time will be used.


38 Ver1.1

5.11 Applications > PAD Configuration

5.11.1 PAD

Host Name User defined Host Name

Port Communication Port, beware some port no. used in the system.

Baud Rate UART communication Baud Rate

Inter-character timeout Timeout if longer then defined value

Local Encoding Encoding Activate (Enable / Disable)

PAD Mode Mode of communication protocol (TCP / UDP / GMTP)

PAD Auto Answer PAD Auto Answer (default Disable)


39 Ver1.1

5.12 Applications > SNMP Configuration

5.12.1 SNMP SNMP (Simple Network Management Protocol) enables one or more PCs in the LAN to monitor and manage a group of hosts and devices in the computer network.

SNMP Status Status of SNMP (Enable / Disable)

Read-Only Community Name Allows a managed device for read-only access to node-specific information

Read-Write Community Name Allows a managed device for read-write access to node-specific information


40 Ver1.1

5.13 Applications > SMS Configuration

5.13.1 New Message

Destination Number Phone Destination Number, default to be 5 entry.

Customers could add or reduce the destination number by themselves.

Message Body Maximum number of characters can vary depending on coding scheme. In GSM7 bit mode 160 characters can be sent within a message but the limit changes to 50 characters if the message includes special characters. The Mobile Phone column should contain the entire phone number information with country code (e.g. +61 for Australia), area code and phone number.

5.13.2 Inbox

From Source of the Message sent from

Time Time of SMS message received


41 Ver1.1

Message Message Body Content

5.13.3 Outbox

To Destination of the Message sent to

Time Time of SMS message sent out

Message Message Body Content

5.13.4 Diagnostics SMS Diagnostic providing channel to execute command through an authorized mobile device (white list device).

Device could be added to the white list on Inbox / Outbox page.


42 Ver1.1

5.13.5 Setup

General SMS Configuration Status of SMS (Enable / Disable)

Message per Page setting

SMS Encoding Scheme

SMSC Address

SMS Configuration for Redirection

Setting for Redirecting SMS message

Administrator could set to Redirect SMS to another mobile device or PC device through TCP / UDP connection

SMS Configuration for Remote Diagnostics

Status of Remote Diagnostic feature (Enable / Disable)


43 Ver1.1

5.14 Applications > GPS Configuration

Applies to ToughSAM modem equipped with GPS feature which assist users to have GPS tracking function.

By using the web browser interface, administrator could get the modem installation location. Please ensure that GPS

antenna is properly connected and is located outdoor.

GPS Operation Status of GPS (Enable / Disable)

GPS Status GPS Information Status, including location update and satellites information


44 Ver1.1

5.15 System > Periodic Management

5.15.1 Periodic Management Configuration

5.15.2 Periodic Ping Setting ToughSAM providing periodic ping function which transmit controlled ping packets to Destination Address or

Redundant Address. If ToughSAM not receives responses to ping command, ToughSAM will automatically reboot after

“Failure Before Reset” retry.

Destination Address IP Address for ping packets to transmit to

Redundant Address Secondary IP Address for ping packets to transmit to

Retry Period Time period for sending Ping packets

Default 0 means Disable

Failure Retry Period Time for retry if previous trial failed


Failure Before Reset Time of failure to reset the modem unit


5.15.3 Periodic Reset ToughSAM providing automatically reboot function after a defined time period (minutes). Administrator could

configure this feature with adapted to their network.

Force Reset Every Self-defined Periodic reset time (min)



45 Ver1.1

5.16 System > Firewall Configuration

5.16.1 Firewall Setup ToughSAM providing automatically reboot function after a defined time period (minutes). Administrator could

configure this feature to adapt to their network. Also, Administrator could change the root password.

Firewall Status of Internal Firewall setting(Enable / Disable)

Enable HTTP Enable or Disable for remote HTTP access

Enable SSH Enable or Disable for remote Telnet SSH access

Enable Ping Enable or Disable for ping responses on the WWAN connection

Username Web Browser UI Root Account

Password New Web Browser UI’s Password

Confirm Password Reconfirmation of New Web Browser UI’s Password


46 Ver1.1

5.17 System > File Upload/Save Configuration

5.17.1 Setting Administrator need to re-enter the root account password to get the right of save, restore ToughSAM setting file or

even Restore ToughSAM device to factory default setting.

Enter password of root Root account’s password to get authority to save setting to local PC, restore setting from PC file and Factory Reset

Save a copy of current settings Click Save button to read the ToughSAM setting file

Restored saved setting Select the setting file by click browse button, click Restore to process

Restore Factory Default Click Restore to process factory reset


47 Ver1.1

5.17.2 Firmware Upgrade Firmware Upgrade page allows administrator to upgrade the ToughSAM with a new firmware which stored in local disk. Only root account has the authority to perform the upgrade process. After upgrade process, the ToughSAM will restart automatically.

File Browse the upgrade firmware in Local PC

Upgrade Upgrade button to start the upgrade process

Caution: DO NOT interrupt the power, network connection or press the reset button during firmware upgrade. Latest firmware can be access through Intercel’s webpage: www.Intercel.com.au

http://www.intercel.com.au/


48 Ver1.1

5.18 System > System Log Configuration

5.18.1 Log The log page shows the most recent log record of the system. It shows some important data during the set-up of the 3G connection. It is only useful for customer support.

5.19 System > Reboot Configuration

To perform the reboot, click on the Reboot button. User will be asked to confirm the decision. The reset will take about 90 seconds to be finished.


49 Ver1.1

6 Troubleshooting

The modem is switched on but it cannot connect to the network (internet LED is OFF). Please check:

That the antenna is properly connected and the value of the signal strength, please refer to status summary. If the signal is too weak, the modem might have difficulties to connect.

That SIM card has a valid subscription and is not locked due to a pin code (see the configuration instructions to take care of the pin code). Put the SIM card in a mobile phone to check it if necessary.

That the SIM card is properly inserted in the ToughSAM modem. Remove it from the modem and plug it again. Your firmware configuration: APN and PPP username/password, SIM pin code management.

If you do not see any improvement, please use the “Reset to Default” function (either use the Reset Button or the HTTP interface): it is going to reset the ToughSAM modem to its factory default configuration. You will need to configure again the ToughSAM modem.

The modem is connected to the network (Internet LED is ON) but the PC, that is connected to the ToughSAM modem through an Ethernet cable, cannot browse internet. Please check:

That the Ethernet cable is properly connected between the ToughSAM modem and the PC. The IP configuration of PC. The Ethernet connection can be set to have either a “static” IP address or

configuration or to use the “automatic” mode (DHCP). It is preferable to use the automatic mode to get the IP and DNS addresses from the ToughSAM modem.

There is no DNS addresses discrepancy between the ToughSAM modem and the PC. Check the DNS addresses on the “Summary” page of the HTTP interface of ToughSAM and on your PC Ethernet connection status.

If you do not see any improvement, please use the “Reset to Default” function (either use the Reset Button or the HTTP interface): it is going to reset the ToughSAM modem to its factory default configuration. You will need to configure again the ToughSAM modem. To disable and re-enable the Ethernet connection of your PC can also help to reset the IP configuration.


50 Ver1.1

7 Appendix: Abbreviations and Acronyms

APN Access Point Name DHCP Dynamic Host Configuration Protocol DNS Domain Name Service HTTP Hypertext Transfer Protocol IMEI International Mobile Equipment Identity LAN Local Area Network NAT Network Address Translation PPP Point-to-Point Protocol PUK PIN UnBlock WAN Wide Area Network WWW World Wide Web


51 Ver1.1

Notes


52 Ver1.1

Contact Information

Australia (Headquarters)

33 Glenvale Crescent

Mulgrave 3170

Victoria, Australia

Ph: +61 (0)3 9239 2000

Fx: +61 (0)3 9561 2614

Email: [email protected]

Internet: www.Intercel.com.au

New Zealand

For New Zealand Customers

Toll Free No: 0800 742 600

United Kingdom

5 Elstree Gate

Elstree Way

Borehamwood

Hertfordshire

WD6 1JD

Email: [email protected]

Hong Kong

Unit 6, 17th

Floor

Vanta Industrial Centre

21-33 Tai Lin Pai Road

Kwai Chung, New Territories

HKSAR of the PRC

Ph: +852 2362 9018

Fx: +852 2648 8806

Shenzhen

Room 1303, 13/F, West Wing

Tian’an High-Tech Plaza Phase II

Tian’an Cyber Park

Futian, Shenzhen

China

Ph: +86 755 8835 3778

Fx: +86 755 8835 2489

The information in this document is believed to be accurate in all respects at the time of publication but is subject to

change without notice. intercelTM

assumes no responsibility for errors and omissions, and disclaims responsibility for

any consequences resulting from the use of information included herein. Additionally, intercelTM

assumes no

responsibility for the functioning of undescribed features or parameters. intercelTM

reserves the right to make changes

without further notice. intercelTM

makes no warranty, representation or guarantee regarding the suitability of its

products for any particular purpose, nor does intercelTM

assume any liability arising out of the application or use of any

product or circuit, and specifically disclaims any and all liability, including without limitation consequential or

incidental damages. intercelTM

products are not designed, intended, or authorized for use in applications intended to

support or sustain life, or for any other application in which the failure of the intercelTM

product could create a

situation where personal injury or death may occur. Should Buyer purchase or use intercelTM

products for any such

unintended or unauthorized application, Buyer shall indemnify and hold intercelTM

harmless against all claims and

damages.
mailto:[email protected]:[email protected]

Documents

ToughSAM (3G/4G Industrial Modem router) User Guide · ToughSAM User Guide V1.1 II Ver1.1 Using this Manual Thank you for purchasing the ToughSAM. The ToughSAM is an Industrial 3G/4G