Home

Setup Wizard
The Setup Wizard is a useful and easy utility to help setup the DI-804HV to quickly connect to your ISP (Internet Service Provider) with only a few steps required. It will guide you step by step to configure the password, time, and WAN settings of your DI-804HV. The Setup Wizard is a helpful guide for first time users to the DI-804HV.

WAN Settings
WAN (Wide Area Network) Settings are settings that are used to connect to your ISP (Internet Service Provider). The WAN settings are provided to you by your ISP and often times referred to as "public settings". Please select the appropriate option for your specific ISP.

WAN - Dynamic IP Address
Select this option if your ISP (Internet Service Provider) provides you an IP address automatically. Cable modem providers typically use dynamic assignment of IP Address.

    Host Name : (optional) The Host Name field is optional but may be required by some Internet Service Providers. The default host name is the model number of the device.
    MAC Address : (optional) The MAC (Media Access Control) Address field is required by some Internet Service Providers (ISP). The default MAC address is set to the MAC address of the WAN interface in the device. You can use the " Clone MAC Address" button to automatically copy the MAC address of the Ethernet Card installed in the computer used to configure the device. It is only necessary to fill the field if required by your ISP.
    Primary DNS address : (optional) Enter in a Domain Name Server to use. Leave blank to receive a DNS address from your ISP.
    Secondary DNS address : (optional)
    Auto-reconnect : Enable this feature to allow the DI-804HV to reconnect to the ISP automatically if the connection is disconnected.

WAN - Static IP Address
If required by your ISP, select this option to configure the device with the static IP Address information. Enter in the IP address, subnet mask, gateway address, and DNS (domain name server) address(es) provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form, which are four IP octets separated by a dot (x.x. x.x). The Router will not accept the IP address if it is not in this format.

Example:192.168.1.100

WAN - PPPoE
Select this option if your ISP requires you to use a PPPoE (Point-to-Point Protocol over Ethernet) connection. DSL providers typically use this option. Select Dynamic PPPoE to obtain an IP address automatically for your PPPoE connection (used by majority of PPPoE connections). Select Static PPPoE to use a static IP address for your PPPoE connection.

    User Name : Enter your PPPoE username.
    Password : Enter your PPPoE password.
    Service Name : (optional) If your ISP uses a service name for the PPPoE connection, enter the service name here.
    Example: @earthlink.net
    IP Address : (optional) This option is only available for Static PPPoE. Enter in the static IP address for the PPPoE connection.
    Primary DNS Address : (optional) Enter in a Domain Name Server to use. Leave blank to receive a DNS address from your ISP.
    Secondary DNS Address : (optional)
    Maximum Idle time : The amount of time of inactivity before the device will disconnect your PPPoE session. Enter a Maximum Idle Time (in minutes) to define a maximum period of time for which the Internet connection is maintained during inactivity. If the connection is inactive for longer than the defined Maximum Idle Time, then the connect ion will be dropped. Either set the value for idle time to zero or enable Auto-reconnect to disable this feature.
    Auto-reconnect : If enabled, the device will automatically connect to your ISP after your unit is restarted or when the connection is dropped.
    MTU (Maximum Transmission Unit) : You may need to change the MTU setting to conform to your ISP. The default setting is 1492.

WAN - Others-PPTP
Point-to-Point Tunneling Protocol (PPTP) is a WAN connection used in Europe.

    My IP Address and My Subnet Mask : The private IP address and subnet mask your ISP assigned to you.
    Server IP Address : The IP address of the PPTP server.
    PPTP Account and Password : The account and password your ISP assigned to you.
    Connection ID : (optional) Input the connection ID if your ISP requires it.
    Maximum Idle Time : The amount of time of inactivity to disconnect your PPTP session. Set it to zero or enable Auto-reconnect to disable this feature. If Auto-reconnect is enabled, this product will automatically connect to the ISP after the router is restarted or connection is dropped.

WAN - Others - L2TP
Layer2 Tunneling protocol (L2TP) is a WAN connection used for specific ISPs.

    IP Address, Subnet Mask and Gateway: The private IP address, subnet mask and Gateway your ISP assigned to you.
    Server IP Address : The IP address of the L2TP server.
    L2TP Account and Password : The account and password your ISP assigned to you.
    Maximum Idle Time : The amount of time of inactivity to disconnect your L2TP session. Set it to zero or enable Auto-reconnect to disable this feature. If Auto-reconnect is enabled, this product will automatically connect to the ISP after the router is restarted or connection is dropped.

WAN - Others-BigPond
Dynamic IP Address for BigPond is a WAN connection used in Australia.

    User Name : Enter in the username for the BigPond account.
    Password : Enter in the password for the BigPond account.
    Login Server IP : (optional) Enter in the login server if required.
    MAC Address : (optional) The MAC (Media Access Control) Address field is required by some Internet Service Providers (ISP). The default MAC address is set to the MAC address of the WAN interface in the device. You can use the " Clone MAC Address" button to automatically copy the MAC address of the Ethernet Card installed in the computer used to configure the device. It is only necessary to fill the field if required by your ISP.
    Auto-reconnect : If enabled, the device will automatically connect to your ISP after your unit is restarted or when the connection is dropped.

LAN Settings
These are the IP settings of the LAN (Local Area Network) interface for the device. These settings may be referred to as "private settings". You may change the LAN IP address if needed. The LAN IP address is private to your internal network and cannot be seen on the Internet. The default IP address is 192.168.0.1 with a subnet mask of 255.255.255.0.

    IP Address : IP address of the DI-804HV, default is 192.168.0.1.
    Subnet Mask : Subnet Mask of DI-804HV, default is 255.255.255.0.
    Domain Name : (optional) Enter in the local domain name for the network.

DHCP Server
DHCP stands for Dynamic Host Control Protocol. The DHCP server gives out IP addresses when a device is starting up and request an IP address to be logged on to the network. The device must be set as a DHCP client to "Obtain the IP address automatically". By default, the DHCP Server is enabled in the unit. The DHCP address pool contains the range of the IP address that will automatically be assigned to the clients on the network.

    IP Starting Address : The starting IP address for the DHCP server's IP assignment.
    IP Ending Address : The ending IP address for the DHCP server's IP assignment.
    Lease Time : The length of time for the IP lease.

Static DHCP is used to allow DHCP server to assign the same IP to specific MAC address. This is useful when you setup public servers(Web Server, FTP Server, for instance) inside LAN.

    Name: The name referencing the static IP assignment.
    IP Address: The IP address for the specific node in LAN.
    MAC Address: The MAC address of the specific node in LAN.
    DHCP Client: You can select from this list to choose the node you want to assign static IP to.

The Static DHCP Clients List will display all the IP-MAC mappings you want to assign to specific nodes. DHCP client computers connected to the unit will have their information displayed in the Dynamic DHCP Clients List. The table will show the Host Name, IP Address, and MAC Address of the DHCP client computer.

VPN Settings
VPN Settings are settings that are used to create virtual private tunnels to remote VPN gateways. The tunnel technology supports data confidentiality, data origin authentication and data integrity of network information by utilizing encapsulation protocols, encryption algorithms, and hashing algorithms.

    VPN enable item:VPN protects network information from ill network inspectors. But it greatly degrades network throughput. Enable it when you really need a security tunnel. It is disabled for default.
    VPN enable item:Computers running Microsoft Windows can communicate with one another using NetBIOS. Users can access remote network resources by browsing the Window Network Neighborhood.
    Max. number of tunnels item:Since VPN greatly degrades network throughput, the allowable maximum number of tunnels is limited. Be careful to set the value for allowing the number of tunnels can be created simultaneously. Its value ranges from 1 to 39.
    Tunnel name:Indicate which tunnel that is focused now.
    Method:IPSec VPN supports two kinds of key-obtained methods: manual key and automatic key exchange. Manual key approach indicates that two end VPN gateways setup authenticator and encryption key by system managers manually. However, IKE approach will perform automatic Internet key exchange. System managers of both end gateways only need set the same pre-shared key.
    Dynamic VPN settings:VPN gateway allows users to build VPN tunnel from remote mobile host. Click this button to finish detailer configuration.
    More...:To setup detailer configuration for manual key or IKE approaches by clicking the "More" button.
    View VPN Status:Click this button and you will get more detailed information about IPSec tunnel of VPN gateway. You can also terminate certain IPSec tunnel manually by pressing drop button.

Dynamic VPN Settings
VPN gateway can ignore IP information of client when using Dynamic VPN, so it is suitable for users to build VPN tunnel with VPN gateway from remote mobile host.

    Dynamic VPN enable item:Enable it when you need remote mobile hosts build security tunnel with DI-804HV. It is disabled for default.
    Local subnet:The subnet of LAN site of local VPN gateway. It can be a host, a partial subnet, and the whole subnet of LAN site of local gateway.
    Local netmask:Local netmask combined with local subnet to form a subnet domain. Pre-shared key:The first key that supports IKE mechanism of both VPN gateway and VPN client host for negotiating further security keys. The pre-shared key must be same for both VPN gateways and clients.
    Select IKE proposal:Click the button to setup a set of frequent-used IKE proposals and select from the set of IKE proposals for the dedicated tunnel.
    Select IPSec proposal:Click the button to setup a set of frequent-used IPSec proposals and select from the set of IKE proposals for the dedicated tunnel.

L2TP Server Setting
The VPN gateway can behave as a L2TP server, and allows remote hosts to access LAN servers after establishing L2TP connection with it. The device can support three authentication methods: PAP, CHAP, and MSCHAP(v1). Users can also enable MPPE encryption when using MSCHAP.

    L2TP Server:Check this checkbox to enable function of L2TP server.
    Virtual IP of L2TP Server:The IP address of L2TP server. This IP address should be different from IP address of PPTP server and LAN subnet of VPN gateway.
    Authentication Protocol:Users can choose authentication protocol as PAP, CHAP, or MSCHAP(v1).
    MPPE Encryption Mode:Check this checkbox to enable MPPE encryption. Please note that MPPE needs to work with MSCHAP authentication method.

Tunnel Setting
Users can input five different user accounts for L2TP server.

    Tunnel Name:Input the name for tunnel.
    User Name:Input a user name that is allowed to establish L2TP connection with VPN gateway.
    Password:Input the password for the user.

PPTP Server Setting
The VPN gateway can behave as a PPTP server, and allows remote hosts to access LAN servers after establishing PPTP connection with it. The device can support three authentication methods: PAP, CHAP, and MSCHAP(v1). Users can also enable MPPE encryption when using MSCHAP.

    PPTP Server:Check this checkbox to enable function of PPTP server.
    Virtual IP of PPTP Server:The IP address of PPTP server. This IP address should be different from IP address of PPTP server and LAN subnet of VPN gateway.
    Authentication Protocol:Users can choose authentication protocol as PAP, CHAP, or MSCHAP(v1).
    MPPE Encryption Mode:Check this checkbox to enable MPPE encryption. Please note that MPPE needs to work with MSCHAP authentication method.

Tunnel Setting
Users can input five different user accounts for PPTP server.

    Tunnel Name:Input the name for tunnel.
    User Name:Input a user name that is allowed to establish PPTP connection with VPN gateway.
    Password:Input the password for the user.

VPN Settings - IKE
There are three parts that are necessary to setup the configuration of IKE for the dedicated tunnel: basic setup, IKE proposal setup, and IPSec proposal setup. Basic setup includes the setting of following items: local subnet, local netmask, remote subnet, remote netmask, remote gateway, and pre-shared key. The tunnel name is derived from previous page of VPN setting. IKE proposal setup includes the setting of a set of frequent-used IKE proposals and the selecting from the set of IKE proposals. Similarly, IPSec proposal setup includes the setting of a set of frequent-used IPSec proposals and the selecting from the set of IPSec proposals.
Basic setup:

    Aggressive Mode:Enabling this mode will accelerate establishing tunnel, but the devicewill suffer from less security in the meanwhile. Hosts in both ends of the tunnel must support this mode so as to establish the tunnelproperly.
    Local subnet:The subnet of LAN site of local VPN gateway. It can be a host, a partial subnet, and the whole subnet of LAN site of local gateway.
    Local netmask:Local netmask combined with local subnet to form a subnet domain.
    Remote subnet:The subnet of LAN site of remote VPN gateway, it can be a host, a partial subnet, and the whole subnet of LAN site of remote gateway.
    Remote netmask:Remote netmask combined with remote subnet to form a subnet domain of remote end.
    Remote gateway:The IP address of remote VPN gateway.
    IKE Keep Alive(Ping IP Address):Input the IP address of remote host that exist in the opposite side of the VPN tunnel (Ex. You can input the LAN IP address of remote VPN gateway). The device will start to Ping remote host when there is no traffic within the VPN tunnel. If the device can't get ICMP response from remote host anymore, then it will terminate the VPN tunnel automatically.
    Pre-shared key:The first key that supports IKE mechanism of both VPN gateways for negotiating further security keys. The pre-shared key must be same for both end gateways.
    Extended Authentication (xAuth):With xAuth feature, the VPN client (or initiator) needs to provide additional user information to remote VPN server (or VPN gateway) for extended authentication. The VPN server would reject the connect request from VPN clients because of the unknown user, even though the pre-shared key is correct. Thisfunction is suitable to remote mobile VPN clients. You can not only configure a VPN rule with a pre-shared key for all remote users using, but you can also designate only someone is permitted to establish VPN connection with VPN server.
    Enable:Check this checkbox to enable extended authentication with this rule.
    IPSec NAT Traversal: IPsec NAT-T automatically determine during the IPsec negotiation process:1. Whether both the initiating IPsec (typically a client computer) and responding IPsec (typically a server) can perform IPsec NAT-T. 2. If there are any NATs in the path between them. If both of these conditions are true, each of the initiating IPsec and the responding IPsec will automatically use IPsec NAT-T to send IPsec-protected traffic across a NAT. If either them does not support IPsec NAT-T, then normal IPsec negotiations (beyond the first two messages) and IPsec protection is performed. If both them support IPsec NAT-T and there are no NATs between them, normal IPsec protection is performed.
    Remote ID: The Type and the Value are must same as the Type and the Value of the Local ID of the remote VPN gateway.
    Local ID: The Type and the Value are must same as the Type and the Value of the Remote ID of the remote VPN gateway.
    Server mode:Check this checkbox if the device behaves as a VPN server, and will verify the legality of user information from VPN client. The user information that is provided by VPN client needs to match to user information that is in local user database of VPN server. You can press "Set local user" button to edit local user database. Please note that only VPN clients with xAuth can establish VPN connection with the device if you have checked this checkbox.
    Client mode:Check this checkbox if the device behaves as a VPN server, and will send user information to remote VPN server for extended authentication. You need to input correct user name and password to pass authentication. Please note that remote VPN server which is without xAuth will reject your connect request if you have checkedthis checkbox.
    User Name:Input user name that is provided by remote VPN server. This field is for xAUTH client mode use only.
    Password:Input password that is corresponded to the user name above. This field is for xAUTH client mode use only.
    Select IKE proposal...:Click the button to setup a set of frequent-used IKE proposals and select from the set of IKE proposals for the dedicated tunnel.
    Select IPSec proposal...:Click the button to setup a set of frequent-used IPSec proposals and select from the set of IKE proposals for the dedicated tunnel..

VPN Settings - xAuth - Set Local User
You can edit user information with this configuration page. These user information is for xAuth server mode use only.

VPN Settings - Manual key

    Tunnel name :Indicate which tunnel that is focused now.
    Local subnet :The subnet of LAN site of local VPN gateway. It can be a host, a partial subnet, or the whole subnet of LAN site of local gateway.
    Local netmask :Local netmask combined with local subnet to form a subnet domain.
    Remote subnet :The subnet of LAN site of remote VPN gateway, it can be a host, a partial subnet, or the whole subnet of LAN site of remote gateway.
    Remote netmask :Remote netmask combined with remote subnet to form a subnet domain of remote end.
    Remote gateway :The IP address of remote VPN gateway.
    Local SPI :SPI is an important parameter during hashing. Local SPI will be included in the outbound packet transmitted from WAN site of local gateway. The value of local SPI should be set in hex formatted.
    Remote SPI :Remote SPI will be included in the inbound packet transmitted from WAN site of remote gateway. It will be used to de-hash the coming packet and check its integrity. The value of remote SPI should be set in hex formatted.
    Encapsulation protocol : There are two protocols can be selected: ESP and AH.
    Encryption algorithm : There are two algorithms can be selected: 3DES and DES. But when the encapsulation protocol is AH, encryption algorithm is unnecessarily set.
    Encryption key :Encryption key is used by the encryption algorithm. Its length is 8 bytes if encryption algorithm is DES or 24 bytes if 3DES. The key value should be set in hex formatted.
    Authentication algorithm : There are two algorithms can be selected: SHA1 and MD5. But none also can be selected here for no hashing operation.
    Authentication key : Authentication key is used by the authentication algorithm. Its length is 16 bytes if authentication algorithm is MD5 or 20 bytes if SHA1. Certainly, its length will be 0 if no authentication algorithm is chosen. The key value should be set in hex formatted.
    Life time : The unit of life time is based on the value of Life Time Unit. If the value of unit is second, the value of life time represents the life time of dedicated VPN tunnel between both end gateways. Its value ranges from 300 seconds to 172,800 seconds. If the value of unit is KB, the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways. Its value ranges from 20,480 KBs to 2,147,483,647 KBs.
    Life time unit :There are two units can be selected: second and KB.

VPN Settings - Set IKE Proposal

    IKE Proposal index :A list of selected proposal indexes from the IKE proposal pool listed below. The selecting activity is performed by selecting a proposal ID and clicking "add to" button in the bottom of the page. There are only four indexes can be chosen from the proposal pool for the dedicated tunnel. Remove button beside the index list can remove selected proposal index before.
    Proposal name :It indicates which IKE proposal to be focused. First char of the name with 0x00 value stands for the IKE proposal is not available.
    DH group :There are three groups can be selected: group 1 (MODP768), group 2 (MODP1024), group 5 (MODP1536).
    Encryption algorithm :There are two algorithms can be selected: 3DES and DES.
    Authentication algorithm :There are two algorithms can be selected: SHA1 and MD5.
    Life time :The unit of life time is based on the value of Life Time Unit. If the value of unit is second, the value of life time represents the life time of dedicated VPN tunnel between both end gateways. Its value ranges from 300 seconds to 172,800 seconds. If the value of unit is KB, the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways. Its value ranges from 20,480 KBs to 2,147,483,647 KBs.
    Life time unit :There are two units can be selected: second and KB.
    Proposal ID :The identifier of IKE proposal can be chosen for adding corresponding proposal to the dedicated tunnel. There are total ten proposals can be set in the proposal pool. At most only four proposals from the pool can be applied to the dedicated tunnel as shown in the proposal index list.
    Add to button : Click it to add the chosen proposal indicated by proposal ID to IKE Proposal index list. The proposals in the index list will be used in phase 1 of IKE negotiation for getting the IKSAMP SA of dedicated tunnel.

VPN Settings - Set IPSec Proposal

    IPSec Proposal index :A list of selected proposal indexes from the IPSec proposal pool listed below. The selecting activity is performed by selecting a proposal ID and clicking "add to" button in the bottom of the page. There are only four indexes can be chosen for the dedicated tunnel. Remove button beside the index list can remove selected proposal index before.
    Proposal name :It indicates which IPSec proposal to be focused. First char of the name with 0x00 value stands for the proposal is not available.
    DH group :There are three groups can be selected: group 1 (MODP768), group 2 (MODP1024), group 5 (MODP1536). But none also can be selected here for IPSec proposal.
    Encapsulation protocol :There are two protocols can be selected: ESP and AH.
    Encryption algorithm :There are two algorithms can be selected: 3DES and DES. But when the encapsulation protocol is AH, encryption algorithm is unnecessarily set.
    Authentication algorithm :There are two algorithms can be selected: SHA1 and MD5. But none also can be selected here for IPSec proposal.
    Life time :The unit of life time is based on the value of Life Time Unit. If the value of unit is second, the value of life time represents the life time of dedicated VPN tunnel between both end gateways. Its value ranges from 300 seconds to 172,800 seconds. If the value of unit is KB, the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways for. Its value ranges from 20,480 KBs to 2,147,483,647 KBs.
    Life time unit :There are two units can be selected: second and KB.
    Proposal ID :The identifier of IPSec proposal can be chosen for adding the proposal to the dedicated tunnel. There are total ten proposals can be set in the proposal pool. At most only four proposals from the pool can be applied to the dedicated tunnel as shown in the proposal index list.
    Add to button : Click it to add the chosen proposal indicated by proposal ID to IPSec Proposal index list. The proposals in the index list will be used in phase 2 of IKE negotiation for getting the IPSec SA of dedicated tunnel.