MPVPN
Overview  |  White Papers  |  Brochure  |  In Use  |  FAQ  |  Key Features  |

FAQ

  1. I have one DSL and one ISDN line. Can FatPipe Multi-Path VPN balance load over these two lines even though they are of different speeds?
    2. Yes, FatPipe Multi-Path VPN balances load over lines of similar or dissimilar speeds. Multi-Path VPN provides three methods for load balancing: Round Robin, Response Time, and Metered. Response Time configures FatPipe Multi-Path VPN to balance your network's Internet traffic based on each line's average response time for the Internet request. This method is recommended for eXTREMEly unequal speed connections. The Response Time method utilizes the faster connection more.
  2. Can I use MP-VPN with any VPN product?
    3. Yes. MPVPN is IPsec compatible. You can use it with any IPsec compatible VPN.
  3. Do I have to let each box know the IP addresses of the other VPN boxes?
    4. Yes. Go to the console, and click on VPN to set up the VPN configuration that would include entering the IP addresses of other VPN boxes.
  4. Do I need an MP-VPN box at every location?
    5. Yes. MP-VPN is only executable with a unit at each location.
  5. How does it improve data security?
    6. MPVPN sends data over multiple ISPs and multiple backbones. Each data transmission contains only part of the data packets. The order the packets are sent is not exactly known, and depends on the bandwidth of each line. Thus, it is difficult to sequentially assemble all the data packets in the correct sequence. If there are three Internet connections at each end, then it is possible to have nine combinations of data connections resulting in nine possible ways to send data. The improvement in data security is significantly improved.
  6. What happens to the data when one line fails?
    7. All FatPipe technology provides automatic failover to available lines. However, a line failure can occur in the middle of a session. Depending on the client software being used, a request to reload may be required or the client will automatically reconnect.
  7. Does MP-VPN do incoming data load balancing?
    8. Yes. MP-VPN balances incoming data too. Servers can be hosted on the inside the LAN by using FatPipe's SmartDNS™. For more information about SmartDNS, please refer to the manual. Smart DNS feature
    • To be used as an inbound DNS server only.
    • Simple to use user interface to configure.
    • Ability to adjust time to lives.
  8. What is DNS?
    9. The Domain Naming System (DNS) is a mechanism used in the Internet for translating names of host computers into addresses. DNS changes a computer name such as www.fatpipeinc.com to a machine’s actual numeric IP address, which is in the format xxx.xxx.xxx.xxx. The DNS makes it easier to remember where you want information to go (using names instead of numbers).
  9. How does Smart DNS Work?
    10. Smart DNS gives hosts on a network multiple IP addresses. It also allows the DNS server on the MP-VPN to resolve the IP address for a given host using round robin.
    • The DNS server will test the different connections coming into the MP-VPN. If the DNS server detects a connection coming into the MP-VPN that is down, it makes adjustments to the DNS records so that it will not resolve host names to IP addresses that are associated with the connection that is down.
    • The MPVPN uses a short time to live (TTL) to insure that information about the IP addresses for the hosts that is serves is accurate.
  10. What is time to live (TTL)?
    11. DNS records are cached on the Internet DNS servers after the IP address is found. TTL is the amount of time that a DNS record for a host will remain in the cache of a DNS server after it has found the IP address of that host or server. The TTL on the Smart DNS server can be adjusted through the user interface.
  11. What does Smart DNS accomplish?
    12. The MPVPN accomplishes load balancing through round robin because the host will appear to be at different IPs at different times so the host will be accessed through different connections. Smart DNS accomplishes redundancy by allowing the host on the network to be accessible through multiple connections.
    When the DNS server makes the adjustment for a downed connection, this will help machines on the Internet connect to the host using a route that is open instead of trying to access the host using an IP that is not accessible.
  12. What is needed to setup DNS on MPVPN?
    • A registered domain name with Internic.
    • The DNS server names registered with Internic will need to be IP addresses that reside on the MPVPN box.
    • For redundancy, the IP addresses should be from different providers.
  13. How Do Server Names Get Resolved on the Internet?

    14. There are multiple DNS servers on the Internet that share information with each other to resolve the IP names into IP addresses.
    DNS servers query other DNS servers to find out the IP address of a given host or web server. Once the host name is resolved into an IP address, the routers and machines on the Internet can use the IP address number to communicate with the chosen server or host.

  14. What are the benefits of Reverse Port Mapping?
    15. Conservation of public IP space. A single public IP address can be mapped to multiple internal servers based on the port number. Multiple public IP addresses can be mapped to single / multiple public / private IP addresses. Reverse port mapping will map incoming traffic into the MPVPN that is destined for a given public IP and port number to a particular machine on the LAN side of the MPVPN. The machine on the LAN side of the MPVPN will have an internal private IP address.
  15. What is Reverse Port Mapping?
    16. Reverse Port Mapping will map traffic coming into the unit that is destined for a given public IP and port number to a particular machine on the LAN side of the Multi-Path VPN unit. The machine on the LAN side of MPVPN will have an internal private IP address. The machine on the LAN side of the MP VPN unit will be accessible from machines on the Internet through the translation of a public IP and map it to its private IP address.
    (Reverse mapping is a static 1-to-1 NAT translation for inbound traffic. This will allow you to change the destination address in the packets coming in on your secondary line to match the addresses from your primary line. This “tricks” your firewall into thinking that it’s all coming from the same place. The benefit of this is that in a typical installation, no changes are required to the firewall configuration.)
  16. Why does MPVPN conserve IP addresses?
    17. The machine on the LAN side of the Warp will be accessible from machines on the Internet through the translation of a public IP and address to it’s private IP address.
    In order for a server to be visible over multiple ISPs, it has to have IP addresses in the range of IP addresses provided by each ISP. For example, if there are 3 ISPs, 3 IP addresses per server are required. If one ISP fails, the data is routed over the other two. Without reverse port mapping, each server that needs to be accessed from the outside will need 3 IP addresses. If there are ten servers, 3 x 10 = 30 IP addresses will be required. With reverse port mapping, only 3 IP addresses are required. Here is how it works:
    Each application (e.g. mail server), web server is commonly assigned a port number which is universally known in the LAN world. For example, FTP servers are generally port 20 or 21 and email is port 25. Thus, port numbers are assigned to each server based on its application. Three IP addresses are assigned to MP-VPN, one from each ISP, so that inbound traffic comes from all three ISPs.
    When a FTP request comes in, MP-VPN sends all requests to port 21, which hosts the FTP server. Similarly, emails are sent to the port that handles the email server. Thus, three IP addresses handle ALL servers.

     When a firewall is placed on the outside of WARP, the data traffic passed through the firewall is already load balanced, based on the bandwidth and response time, or round robin depending the selection made by the User. By placing the firewall on the outside, redundancy and load balancing is obtained for firewalls too.
    This arrangement eliminates the need for a separate firewall load-balancing product.
  17. Will Multi-Path VPN speed up a single connection to the Internet?
    18. No, Multi-Path VPN provides increased speed to the user only by aggregating multiple lines.
  18. I want to enter IP information on the Multi-Path VPN locally. Where do I input the information?
    19. You may only input or change TCP/IP information by using Multi-Path VPN's web-based configuration page. Type the default address: http://192.168.0.1 into Internet Explorer's address field, or whichever LAN IP address you assigned to the Multi-Path VPN unit.
  19. How can I enter IP information on the Multi-Path VPN from a remote location?
    20. You can access FatPipe Multi-Path VPN's Management Tools by accessing its web-based configuration page from any location that has an Internet connection by putting a WAN interface IP into the browser and logging in with the username and password that was set. You can view router speeds, the user access log, change user access rights, and even reboot Multi-Path VPN from any remote location with Internet access.
  20. I cannot open the Multi-Path VPN Configuration Page.
    21. If you cannot open MPVPN’s web-based Remote Configuration page, please check the following: From Remote: Make sure you have typed your user name and password correctly. If you're trying to access it from the LAN side, make sure the computer on the LAN is on the same IP subnet as the MPVPN. Double-check the IP address and subnet on the LAN interface of the MPVPN and the IP address and subnet on the client computer. Make sure the LAN line is completely inserted into the LAN port and that you have a link light. And also make sure the Firewall is set to pass port 5001 as this is the port the Fatpipe GUI uses.
  21. I cannot access the Multi-Path VPN web-based configuration page from my LAN.
    22. If you cannot access Multi-Path VPN's configuration page, it is most likely that you do not have the client machine on the same Subnet as the Multi-Path VPN unit. Your client machine must be the same Subnet as the Multi-Path VPN to access the configuration page from your LAN.
  22. The WAN ports shows up on the configuration page, but the router is down.
    23. Make sure the router is functional. Check to see that you have a good physical connection to the router. Double-check that the IP address, subnet mask, and gateway are entered correctly. If the router is plugged directly into the Fatpipe, make sure you are using a working crossover cable.
  23. The Dual Multi-Path VPN setup for failover requires two units at each site, and that each unit have different IPs. If one unit fails, how does the second unit takeover?
    24. The two MPVPN units are setup in a Primary - Standby configuration. The second unit (standby) ARPs the LAN address of the first (Primary) unit in order to reestablish WAN connectivity. The Two boxes are verifying connectivity with the other every 5 seconds to verify the status of the box. If the Primary box does not reply within a specifed time, the Standby box will become Primary.
  24. How do I reestablish the original master-slave configuration?
    25. Simply reboot both machines, bringing up the master first.
  25. We have a Dual Multi-Path VPN setup for maximum failover capability, in case the master Multi-Path VPN unit fails. We tested the failover function, and it is not working.
    26. There are several easy points to check to ensure failover of the Primary Multi-Path VPN unit to the Stand-by Multi-Path VPN unit. Next, please check that the IP addresses are correctly listed in the Multi-Path VPN Configuration Failover. Also, allow the Primary Multi-Path VPN unit to completely boot up before booting the Stand-by Multi-Path VPN unit.
  26. How does Multi-Path VPN work with DHCP enabled on the routers?
    27. Multi-Path VPN gives you the option of setting static address or of obtaining an IP address automatically, using DHCP, for all WAN ports. Simply select Obtain IP Address from DHCP from the WAN's Port page of the Multi-Path VPN Configuration Page.
  27. Can the LAN IP address be on the same Subnet as the WAN?
    28. No, the LAN and WAN IP addresses must be on different networks for routing of packets to take place (refer to the Proxy ARP section).
  28. How does inbound traffic get past the Multi-Path VPN box to my internal servers, such as web and e-mail servers?
    29. The Administrator has a choice of methods when setting up access to internal servers. The preferred method is to use Reverse Port Mapping. Alternatively, the Administrator can set up access to servers sitting inside the LAN to the outside world by assigning a static public IP address to them, which allows Multi-Path VPN to pass IP packets from requests outside of the LAN. You can open a connection from the Internet to each server by using the tunneling feature. In the example below, tunneling must be set for 204.246.133.3 and 204.246.133.6 to access the web server and the e-mail server from the outside. A static route would also have to be set on Multi-Path VPN pointing packets bound for 204.246.133.3 and 6 to the WAN interface of the firewall.
  29. How do I configure Multi-Path VPN to work with internal routers?
    30. The router's gateway must point to Multi-Path VPN's LAN address for Multi-Path VPN to work with internal routers. Tunnels will have to be configured for all nodes that have to be accessed from the outside. Static routes will have to be configured on Multi-Path VPN for all nodes that must be accessed from the outside, pointing to the external interface of the router. (The alternative method of accessing internal servers is by using Reverse Port Mapping). See below.
  30. What is Proxy ARP and how does it help in Multi-Path VPN setup?
    31. Proxy ARP is a new feature of Fatpipe Multi-Path VPN. It allows you to integrate Multi-Path VPN into a network with very little change to existing LAN/WAN IP configuration. By Subneting the existing IP range into a smaller network, Proxy ARP allows you to "fake" out the Multi-Path VPN into thinking all of its interfaces (WAN/LAN) are on different networks (Subnets). Multi-Path VPN will take the traffic intended for the routers' IP address.

    Example
    If you purchased a block of IP addresses from your ISP and your network was set up with a /27 bit Subnet, you would have 16 IP addresses and 14 usable hosts on your network. You could assume that the router is one of the first IP addresses in the block of 14 xxx.xxx.xxx.1. Using Proxy ARP, you would proceed to take the next IP xxx.xxx.xxx.2, and put that on the WAN port of Multi-Path VPN with a Subnet of /30 bits. When you break the Subnet down please be careful that you do not use the network and broadcast IP addresses that are associated with the new Subnet (you can create any size of Subnet you need as long as there are enough IP addresses).
    Existing IP range xxx.xxx.xxx.0 to xxx.xxx.xxx.16 Subnet 255.255.255.240
    This would be the configuration using Multi-Path VPN's Proxy ARP, using one line (T1, DSL, etc.) with a /27 Subnet assuming that the routers address is .1
    Network not usable xxx.xxx.xxx.0
    Router xxx.xxx.xxx.1
    255.255.255.240
    Multi-Path VPN WAN xxx.xxx.xxx.2
    255.255.255.252
    Broadcast not usable xxx.xxx.xxx.3

    All other IP addresses can be used for the network as needed i.e.: firewall, web servers, etc.
  31. No Adapter Cards are listed when I go to the user interface.
    32. If you cannot see the adapter cards listed in Multi-Path VPN's user interface, please reboot the machine after making sure that the WAN and LAN ports are connected to the routers or hubs. The Multi-Path VPN unit will not detect the network card and they will not show up in the configuration page if the parts are not connected. Simply make sure that they are connected and reboot the Multi-Path VPN.
  32. Does Multi-Path VPN work with SMDS T1 service?
    33. Yes, Multi-Path VPN works perfectly fine with Switched Multimegabit Data Service (SMDS) because the data encryption and compression of its IP traffic occurs on the outside of the Multi-Path VPN.
  33. I have a firewall on my LAN. Where do I place the Multi-Path VPN unit -- in front or in back of the firewall(s) and what is the initial setup procedure?
    34. The Multi-Path VPN unit sits on the edge of the LAN, in front of all internal servers, including firewalls. The Multi-Path VPN box would be placed between your routers and your firewall. As part of the configuration process, the firewall's gateway must point to the IP address of Multi-Path VPN's LAN interface.
    For inbound IP traffic, a tunnel must be set to the IP addresses of the servers behind the firewall so they can be accessed from the outside. Static routes also need to be set on Multi-Path VPN to direct incoming IP traffic to the external interface of the firewall.
  34. What is SNMP and will Multi-Path VPN work with it?
    35. SNMP stands for Simple Network Management Protocol. It is used for monitoring network applications. Windows® NT operating system uses SNMP to get status information about a host on a TCP/IP network. Multi-Path VPN can be configured to send SNMP (traps information) to a SNMP monitor if the application has been installed on a computer inside your network.
  35. SNMP is not functioning.
    36. Check the Community name entry located on Multi-Path VPN's configuration page, under SNMP. Also check the Trap IP address at the same location. Lastly, check the configuration of your SNMP manager on client/server PC.
  36. I have just installed the Multi-Path VPN unit, yet routing does not seem to be occurring behind the firewall. Routing does seem to work if connected outside of the firewall directly into the Multi-Path VPN. The firewall or routers' ARP tables do not refresh.
    37. If you are not seeing packets routed behind the firewall, it is likely that the Multi-Path VPN unit ARPed the address of the router. Network hardware will not respond because it is not the correct Mac address. The best thing to do would be to go to the offending network hardware firewall/router and clear its ARP table at the command prompt with the command c: arp -d.
  37. Will Citrix® Thin Client Server (MetaFrame™) work with the FatPipe Multi-Path VPN? How do I configure Multi-Path VPN for this?
    38. Yes, the Citrix Thin Client server will work with the Multi-Path VPN. FatPipe Networks is a Premier Citrix Business Alliance Member (CBA), and has thoroughly tested our products with MetaFrame. The Citrix server will need to have an IP address that is accessible to the client PC's. If the Citrix server needs to be accessed from the Internet, then the Citrix server will need to have a public IP address and tunneling will be need to enabled on the Multi-Path VPN for that IP address.
  38. My Citrix Server is at my ISP. How do I configure my local printer?
    39. If the printer is on the local LAN and the Citrix server is the machine that will be doing the actual printing to the server, then the printer will need to be accessible to the Citrix server. This is accomplished by assigning a public IP address to the Citrix server and enabling tunneling to the printer that the server will be accessing. The following diagram shows this type of setup:

Como Comprar
Ligue para a KOLLING: 11 - 3813.7266

  
   Products FatPipe:
  IPVPN  
  MPVPN  
  WARP  
  XTREME  
  SUPERSTREAM  
  KOMPRESSOR  
  SPAM POLICE