1. Home
    2. /
  2. Manuals
    3. /
  3. Cradlepoint
    4. /
  4. MBR1200
    5. /
  5. 10
Page 46 / 132 Scroll up to view Page 41 - 45
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 44
Enable DMZ.
If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on
that computer. NOTE: Placing a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only
recommended as a last resort.
DMZ IP Address.
Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer
obtains its IP address automatically using DHCP, be sure to make a static reservation on the
Basic
DHCP
sub-menu so that the IP address of
the DMZ machine does not change.
5.3.6
NON-UDP/TCP/ICMP LAN Sessions
When a LAN application that uses a protocol other than UDP, TCP, or ICMP
initiates a session to the Internet, the router‟
s NAT can track such a session,
even though it does not recognize the protocol. This feature is useful
because it enables certain applications (most importantly a single VPN
connection to a remote host) without the need for an ALG.
NOTE: this feature does not apply to the DMZ host (if one is enabled). The
DMZ host always handles these kinds of sessions.
Enable.
(Default: enabled). Allows single VPN connections to a remote host.
But, for multiple VPN connections, the appropriate VPN ALG must be used.
Disabling this option, however, only disables VPN if the appropriate VPN
ALG is also disabled.
5.3.7
Application Level Gateway (ALG) Configuration
Here you can enable or disable ALGs. Some protocols and applications
require special handling of the IP payload to make them work with network
address translation (NAT). Each ALG provides special handling for a specific
protocol or application. A number of ALGs for common applications are
enabled by default.
PPTP.
Allows multiple machines on the LAN to connect to their corporate networks using PPTP protocol. When the PPTP ALG is enabled, LAN
computers can establish PPTP VPN connections either with the same or with different VPN servers. When the PPTP ALG is disabled, the router
allows VPN operation in a restricted way -- LAN computers are typically able to establish VPN tunnels to different VPN Internet servers but not to
the same server. The advantage of disabling the PPTP ALG is to increase VPN performance. Enabling the PPTP ALG also allows incoming VPN
connections to a LAN side VPN server (refer to
Advanced → Virtual
Server
).
IPSec (VPN).
Allows multiple VPN clients to connect to their corporate networks using IPSec. Some VPN clients support traversal of IPSec
through NAT. This option may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network,
try disabling this option.
(continued)
Page 47 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 45
Check with the system administrator of your corporate network whether your VPN client supports NAT traversal.
Note that L2TP VPN connections typically use IPSec to secure the connection. To achieve multiple VPN pass-through in this case, the IPSec ALG
must be enabled.
RTSP.
Allows applications that use Real Time Streaming Protocol to receive streaming media from the Internet. EVDO QuickTime and Real
Player are some of the common applications using this protocol.
Windows/MSN Messenger.
Supports use on LAN computers of Microsoft Windows Messenger (the Internet messaging client that ships with
Micro-soft Windows) and MSN Messenger. The SIP ALG must also be enabled when the Windows Messenger ALG is enabled. Required if you
don‟t have UPnP
-enabled chat program.
FTP.
Allows FTP clients and servers to transfer data across NAT. Refer to the
Advanced
Virtual Server
sub-menu if you want to host an FTP
server.
H.323 (NetMeeting).
Allows H.323 (specifically, Microsoft NetMeeting) clients to communicate across NAT. NOTE: You must set up a virtual
server for Net-Meeting. Refer to the
Advanced
Virtual Server
sub-menu for information on how to set up a virtual server.
SIP.
Allows devices and applications using VoIP (Voice over IP) to communicate across NAT. Some VoIP applications and devices have the
ability to discover NAT devices and work around them. This ALG may interfere with the operation of such devices. If you are having trouble
making VoIP calls, try turning this ALG off.
Wake-On-LAN.
Enables forwarding of “magic packets” (that is, specially formatted wake
-up packets) from the WAN to a LAN computer or other
device that is “Wake on LAN” (WOL) capable. The WOL device must be defined as such on the
Advanced
Virtual Server
sub-menu. The LAN
IP address for the virtual server is typically set to the broadcast address 192.168.0.255. The computer on the LAN whose MAC address is
contained in the magic packet will be awakened.
MMS.
Allows Windows Media Player, using MMS protocol, to receive streaming media from the Internet.
After you‟ve completed all modifications or deletions, you must click the
Save Settings
button at the top of the page to save your changes. The
router must reboot before new settings will take effect. You will be prompted to
Reboot the Device
or
Continue
. If you need to make additional
settings changes, click
Continue
. If you are finished with all configuration settings, click the
Reboot the Device
button.
Page 48 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 46
5.4 Gaming
Multiple connections are required by some applications, such as internet
games, video conferencing, Internet telephony, and others. These
applications have difficulties working through NAT (Network Address
Translation). This section is used to open multiple ports or a range of ports
in your router and redirect data through those ports to a single PC on your
network. You can enter ports in various formats including,
Port Ranges
(100-150)
,
Individual Ports (80, 68, 888)
, or
Mixed (1020-5000, 689)
.
Example: Suppose you are hosting an online game server that is running on
a PC with a private IP Address of 192.168.0.50. This game requires that you
open multiple ports (6159-6180, 99) on the router so Internet users can
connect.
5.4.1
Add Gaming Rule
Use this section to add a Gaming Rule to the following list.
Enable.
Specifies whether the entry will be active or inactive.
Name.
Give the rule a name that is meaningful to you, for example
Game
Server
. You can also select from a list of popular games, and many of the
remaining configuration values will be filled in accordingly. However, you
should check whether the port values have changed since this list was
created, and you must fill in the IP address field.
IP Address.
Enter the local network IP address of the system hosting the
server, for example
192.168.0.50
. You can select a computer from the list of DHCP clients in the
Computer Name
drop-down menu, or you can
manually enter the IP address of the server computer.
TCP Ports.
Enter the TCP ports to open (for example
6159-6180, 99
).
UDP Ports.
Enter the UDP ports to open (for example
6159-6180, 99
).
Schedule.
Select a schedule for the times when this rule is in effect. If you do not see the schedule you need in the list of schedules, go to the
Tools
Schedules
sub-menu and create a new schedule.
Inbound Filter.
Select a filter that controls access as needed for this rule. If you do not see the filter you need in the list of filters, go to the
Advanced
Inbound Filter
sub-menu and create a new filter.
Save/Update.
Record the changes you have made.
(continued)
Page 49 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 47
Clear.
Re-initialize this area of the screen, discarding any changes you have made.
When you are done editing the settings, you must click the
Save Settings
button at the top of the page to make the changes effective and
permanent.
With the above example values filled in and this Gaming Rule enabled, all TCP and UDP traffic on ports 6159 through 6180 and port 99 is passed
through the router and redirected to the Internal Private IP Address of your Game Server at 192.168.0.50
NOTE: different LAN computers cannot be associated with Gaming rules that contain any ports in common. Such rules would contradict each
other.
5.4.2
Gaming Rules
This is a list of the defined Gaming Rules. Click the
Enable
check box at
the left to directly activate or de-activate the entry. An entry can be
changed by clicking the
Edit
icon or can be deleted by clicking the
Delete
icon. When you click the
Edit
icon, the item is highlighted, and
the
Gaming Rules
section is activated for editing.
After you‟ve completed all modifications or dele
tions, you must click the
Save Settings
button at the top of the page to save your changes. The
router must reboot before new settings will take effect. You will be prompted to
Reboot the Device
or
Continue
. If you need to make additional
settings changes, click
Continue
. If you are finished with all configuration settings, click the
Reboot the Device
button.
Page 50 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 48
5.5 Inbound Filters
(Default: No filters). When you use the Virtual Server, Gaming, or Remote
Administration features to open specific ports to traffic from the Internet, you
could be increasing the exposure of your LAN to cyberattacks from the Internet.
In these cases, you can use Inbound Filters to limit that exposure by specifying
the IP addresses of internet hosts that you trust to access your LAN through the
ports that you have opened. You might, for example, only allow access to a
game server on your home LAN from the computers of friends whom you have
invited to play the games on that server.
Inbound Filters can be used for limiting access to a server on your network to a
system or group of systems. Filter rules can be used with Virtual Server, Gaming,
or Remote Administration features. Each filter can be used for several functions;
for example a "Game Clan" filter might allow all of the members of a particular
gaming group to play several different games for which gaming entries have
been created. At the same time an "Admin" filter might only allows systems from
your office network to access the WAN admin pages and an FTP server you use
at home. If you add an IP address to a filter, the change is effected in all of the
places where the filter is used.
5.5.1
Add Inbound Filter Rule
Name.
Enter a name for the rule that is meaningful to you.
Action.
The rule can be set to either ALLOW or DENY applicable messages.
Defines the range of Internet addresses this rule applies to. Select the protocol
used for this rule.
Enable.
Enables inbound filtering for the IP Range you specify.
Remote IP Start/Remote IP End.
Define the ranges of Internet addresses this
rule applies to. For a single IP address, enter the same address in both the
Start
and
End
boxes. Up to eight ranges can be entered. The
Enable
check box allows you to turn on or off specific entries in the list of ranges.
Save/Update.
Record the changes you have made.
Clear.
Re-initialize this area of the screen, discarding any changes you have made. When you are done editing the settings, you must click the
Save Settings
button at the top of the page to make the changes effective and permanent.
(continued)

Rate

3.5 / 5 based on 2 votes.

Popular Cradlepoint Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top