Page 201 / 335 Scroll up to view Page 196 - 200
Vigor2710 Series User’s Guide
189
The reminder as regards concern about Firewall and UPnP
Can't work with Firewall Software
Enabling firewall applications on your PC may cause the UPnP function not working
properly. This is because these applications will block the accessing ability of some
network ports.
Security Considerations
Activating the UPnP function on your network may incur some security threats. You
should consider carefully these risks before activating the UPnP function.
¾
Some Microsoft operating systems have found out the UPnP weaknesses and hence
you need to ensure that you have applied the latest service packs and patches.
¾
Non-privileged users can control some router functions, including removing and
adding port mappings.
The UPnP function dynamically adds port mappings on behalf of some UPnP-aware
applications. When the applications terminate abnormally, these mappings may not be
removed.
Page 202 / 335
Vigor2710 Series User’s Guide
190
4.8.5 IGMP
IGMP is the abbreviation of
Internet Group Management Protocol
. It is a communication
protocol which is mainly used for managing the membership of Internet Protocol multicast
groups.
Enable IGMP Proxy
Check this box to enable this function. The application of
multicast will be executed through WAN port. In addition,
such function is available in NAT mode.
Enable IGMP Snooping
Check this box to enable this function. Multicast traffic will
be forwarded to ports that have members of that group.
Disabling IGMP snooping will make multicast traffic treated
in the same manner as broadcast traffic.
Group ID
This
field displays the ID port for the multicast group. The
available range for IGMP starts from 224.0.0.0 to
239.255.255.254.
P1 to P4
It indicates the LAN port used for the multicast group.
Refresh
Click this link to renew the working multicast group status.
If you check Enable IGMP Proxy, all the multicast groups will be listed and all the LAN
ports (P1 to P4) are available for use.
Page 203 / 335
Vigor2710 Series User’s Guide
191
4.8.6 Wake on LAN
A PC client on LAN can be woken up by the router it connects. When a user wants to wake
up a specified PC through the router, he/she must type correct MAC address of the specified
PC on this web page of
Wake on LAN
of this router.
In addition, such PC must have installed a network card supporting WOL function. By the
way, WOL function must be set as “Enable” on the BIOS setting.
Wake by
Two types provide for you to wake up the binded IP. If you
choose Wake by MAC Address, you have to type the correct
MAC address of the host in MAC Address boxes. If you
choose Wake by IP Address, you have to choose the correct IP
address.
IP Address
The IP addresses that have been configured in
Firewall>>Bind IP to MAC
will be shown in this drop down
list. Choose the IP address from the drop down list that you
want to wake up.
MAC Address
Type any one of the MAC address of the bound PCs.
Wake Up
Click this button to wake up the selected IP. See the following
figure. The result will be shown on the box.
Page 204 / 335
Vigor2710 Series User’s Guide
192
4.9 VPN and Remote Access
A Virtual Private Network (VPN) is the extension of a private network that encompasses
links across shared or public networks like the Internet. In short, by VPN technology, you
can send data between two computers across a shared or public network in a manner that
emulates the properties of a point-to-point private link.
Below shows the menu items for VPN and Remote Access.
4.9.1 Remote Access Control
Enable the necessary VPN service as you need. If you intend to run a VPN server inside your
LAN, you should disable the VPN service of Vigor Router to allow VPN tunnel pass through,
as well as the appropriate NAT settings, such as DMZ or open port.
4.9.2 PPP General Setup
This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP
over IPSec.
Page 205 / 335
Vigor2710 Series User’s Guide
193
Dial-In PPP
Authentication PAP Only
Select this option to force the router to authenticate dial-in
users with the PAP protocol.
PAP or CHAP
Selecting this option means the router will attempt to
authenticate dial-in users with the CHAP protocol first. If the
dial-in user does not support this protocol, it will fall back to
use the PAP protocol for authentication.
Dial-In PPP Encryption
(MPPE Optional MPPE
This option represents that the MPPE encryption method will
be optionally employed in the router for the remote dial-in
user. If the remote dial-in user does not support the MPPE
encryption algorithm, the router will transmit “no MPPE
encrypted packets”. Otherwise, the MPPE encryption scheme
will be used to encrypt the data.
Require MPPE (40/128bits) -
Selecting this option will
force the router to encrypt packets by using the MPPE
encryption algorithm. In addition, the remote dial-in user will
use 40-bit to perform encryption prior to using 128-bit for
encryption. In other words, if 128-bit MPPE encryption
method is not available, then 40-bit encryption scheme will
be applied to encrypt the data.
Maximum MPPE -
This option indicates that the router will
use the MPPE encryption scheme with maximum bits
(128-bit) to encrypt the data.
Mutual Authentication
(PAP)
The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable
this function when your peer router requires mutual
authentication. You should further specify the
User Name
and
Password
of the mutual authentication peer.
Start IP Address
Enter a start IP address for the dial-in PPP connection. You
should choose an IP address from the local private network.
For example, if the local private network is
192.168.1.0/255.255.255.0, you could choose 192.168.1.200
as the Start IP Address.
4.9.3 IPSec General Setup
In
IPSec General Setup,
there are two major parts of configuration.
There are two phases of IPSec.
¾
Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure
tunnel for IKE Phase 2.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top