Page 26 / 80 Scroll up to view Page 21 - 25
21
Chapter 5: Configuring the Gateway
The Setup Tab
ADSL2 Gateway with 4-Port Switch
Internet IP Address. The Router’s current Internet IP Address is displayed here. Because it is dynamic, this will
change.
Status. The status of the DDNS service connection is displayed here.
When finished making your changes on this tab, click the
Save Settings
button to save these changes, or click
the
Cancel Changes
button to undo your changes.
Advanced Routing Tab
The Advanced Routing screen allows you to configure the dynamic routing and static routing settings.
Advanced Routing
Operating Mode. NAT is a security feature that is enabled by default. It enables the Gateway to translate IP
addresses of your local area network to a different IP address for the Internet. To disable NAT, click the
Disabled
radio button.
Dynamic Routing. With Dynamic Routing you can enable the Gateway to automatically adjust to physical
changes in the network’s layout. The Gateway, using the RIP protocol, determines the network packets’ route
based on the fewest number of hops between the source and the destination. The RIP protocol regularly
broadcasts routing information to other Gateways on the network. To enable RIP, click
Enabled
. To disable
RIP, click
Disabled
.
Transmit RIP Version. To transmit RIP messages, select the protocol you want:
RIP1, RIP1-Compatible,
or RIP2
.
Receive RIP Version. To receive RIP messages, select the protocol you want:
RIP1
or
RIP2
.
Static Routing. If the Gateway is connected to more than one network, it may be necessary to set up a static
route between them. A static route is a pre-determined pathway that network information must travel to
reach a specific host or network. To create a static route, change the following settings:
Select set number. Select the number of the static route from the drop-down menu. The Gateway
supports up to 20 static route entries. If you need to delete a route, after selecting the entry, click the
Delete This Entry
button.
Destination IP Address. The Destination IP Address is the address of the remote network or host to which
you want to assign a static route. Enter the IP address of the host for which you wish to create a static
route. If you are building a route to an entire network, be sure that the network portion of the IP address is
set to 0.
Figure 5-12: Advanced Routing
Page 27 / 80
22
Chapter 5: Configuring the Gateway
The Security Tab
ADSL2 Gateway with 4-Port Switch
Subnet Mask. The Subnet Mask (also known as the Network Mask) determines which portion of an IP
address is the network portion, and which portion is the host portion.
Gateway. This IP address should be the IP address of the gateway device that allows for contact between
the Gateway and the remote network or host.
Hop Count. Hop Count is the number of hops to each node until the destination is reached (16 hops
maximum). Enter the Hop Count in the field.
Show Routing Table. Click the
Show Routing Table
button to open a screen displaying how data is routed
through your LAN. For each route, the Destination IP address, Subnet Mask, Gateway, and Interface are
displayed. Click the
Refresh
button to update the information. Click the
Close
button to return to the previous
screen.
When finished making your changes on this tab, click the
Save Settings
button to save these changes, or click
the
Cancel Changes
button to undo your changes.
The Security Tab
Firewall
When you click the Security tab, you will see the Firewall screen. This screen contains Filters and the option to
Block WAN Requests. Filters block specific Internet data types and block anonymous Internet requests. To add
Firewall Protection, click
Enable
. If you do not want Firewall Protection, click
Disable
.
Additional Filters
Filter Proxy. Use of WAN proxy servers may compromise the Gateway's security. Denying Filter Proxy will
disable access to any WAN proxy servers. To enable proxy filtering, click
Enabled
.
Filter Cookies. A cookie is data stored on your computer and used by Internet sites when you interact with
them. To enable cookie filtering, click
Enabled
.
Filter Java Applets. Java is a programming language for websites. If you deny Java Applets, you run the risk
of not having access to Internet sites created using this programming language. To enable Java Applet
filtering, click
Enabled
.
Filter ActiveX. ActiveX is a programming language for websites. If you deny ActiveX, you run the risk of not
having access to Internet sites created using this programming language. To enable ActiveX filtering, click
Enabled
.
Figure 5-13: Routing Table List
Page 28 / 80
23
Chapter 5: Configuring the Gateway
The Security Tab
ADSL2 Gateway with 4-Port Switch
Block WAN requests
Block Anonymous Internet Requests. This keeps your network from being “pinged” or detected and
reinforces your network security by hiding your network ports, so it is more difficult for intruders to discover
your network. Select
Block Anonymous Internet Requests
to block anonymous Internet requests or de-
select it
to allow anonymous Internet requests.
When finished making your changes on this tab, click the
Save Settings
button to save these changes, or click
the
Cancel Changes
button to undo your changes.
VPN
Virtual Private Networking (VPN) is a security measure that basically creates a secure connection between two
remote locations. The VPN screen allows you to configure your VPN settings to make your network more secure.
VPN Passthrough
IPSec Passthrough. Internet Protocol Security (IPSec) is a suite of protocols used to implement secure
exchange of packets at the IP layer. To allow IPSec Passthrough, click the
Enable
button. To disable IPSec
Passthrough, click the
Disable
button.
PPTP Passthrough. Point-to-Point Tunneling Protocol Passthrough is the method used to enable VPN sessions
to a Windows NT 4.0 or 2000 server. To allow PPTP Passthrough, click the
Enable
button. To disable PPTP
Passthrough, click the
Disable
button.
L2TP Passthrough. Layering 2 Tunneling Protocol Passthrough is an extension of the Point-to-Point Tunneling
Protocol (PPTP) used to enable the operation of a VPN over the Internet.To allow L2TP Passthrough, click the
Enable
button. To disable L2TP Passthrough, click the
Disable
button.
IPSec VPN Tunnel
The VPN Gateway creates a tunnel or channel between two endpoints, so that the data or information between
these endpoints is secure.
To establish this tunnel, select the tunnel you wish to create in the Select Tunnel Entry drop-down box.
It is
possible to create up to five simultaneous tunnels. Then click
Enabled
to enable the IPSec VPN tunnel. Once
the tunnel is enabled, enter the name of the tunnel in the Tunnel Name field.
This is to allow you to identify
Figure 5-14: Firewall
Page 29 / 80
24
Chapter 5: Configuring the Gateway
The Security Tab
ADSL2 Gateway with 4-Port Switch
multiple tunnels and does not have to match the name used at the other end of the tunnel. To delete a tunnel
entry, select the tunnel, then click
Delete
. To view a summary of the settings, click
Summary
.
Local Secure Group and Remote Secure Group. The Local Secure Group is the computer(s) on your LAN that
can access the tunnel. The Remote Secure Group is the computer(s) on the remote end of the tunnel that can
access the tunnel. These computers can be specified by a Subnet, specific IP address, or range.
Local Security Gateway.
Remote Security Gateway. The Remote Security Gateway is the VPN device, such as a second VPN Gateway,
on the remote end of the VPN tunnel. Enter the IP Address or Domain of the VPN device at the other end of the
tunnel. The remote VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client
software that supports IPSec. The IP Address may either be static (permanent) or dynamic (changing),
depending on the settings of the remote VPN device.
Make sure that you have entered the IP Address
correctly, or the connection cannot be made.
Remember, this is NOT the IP Address of the local VPN Gateway,
but the IP Address of the remote VPN Gateway or device with which you wish to communicate. If you enter an
IP address, only the specific IP Address will be able to acess the tunnel. If you select
Any
, any IP Address can
access the tunnel.
Encryption. Using Encryption also helps make your connection more secure.
There are two different types of
encryption: DES or 3DES (3DES is recommended because it is more secure).
You may choose either of these,
but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel.
Or, you may choose not to encrypt by selecting Disable.
In Figure 5-19, DES (which is the default) has been
selected.
Authentication. Authentication acts as another level of security.
There are two types of authentication: MD5
and SHA (SHA is recommended because it is more secure).
As with encryption, either of these may be
selected, if the VPN device at the other end of the tunnel is using the same type of authentication.
Or, both
ends of the tunnel may choose to Disable authentication.
In the Manual Key Management screen, MD5 (the
default) has been selected.
Key Management. Select
Auto (IKE)
or
Manual
from the drop-down menu. The two methods are described
below.
Auto (IKE)
Select
Auto (IKE)
and enter a series of numbers or letters in the Pre-shared Key field. Based on this word,
which MUST be entered at both ends of the tunnel if this method is used, a key is generated to scramble
(encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted).
You may use any
combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. In the
Key Lifetime field, you may select to have the key expire at the end of a time period.
Enter the number of
seconds you’d like the key to be useful, or leave it blank for the key to last indefinitely. Check the box next to
PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure.
Figure 5-15: VPN
Figure 5-16: VPN Settings Summary
Page 30 / 80
25
Chapter 5: Configuring the Gateway
The Security Tab
ADSL2 Gateway with 4-Port Switch
Manual
Select
Manual,
then select the Encryption Algorithm from the drop-down menu. Enter the Encryption Key in
the field (if you chose DES for your Encryption Algorithm, enter 16 hexadecimal characters, if you chose 3DES,
enter 48 hexadecimal characters). Select the Authentication Algorithm from the drop-down menu. Enter the
Authentication Key in the field (if you chose MD5 for your Authentication Algorithm, enter 32 hexadecimal
characters, if you chose SHA1, enter 40 hexadecimal characters). Enter the Inbound and Outbound SPIs in the
respective fields.
Status. The status of the connection is shown.
Click the
Connect
button to connect your VPN tunnel. Click
View Logs
to view system, UPnP, VPN, firewall,
access, or all logs.Click the
Advanced Settings
button and the Advanced IPSec VPN Tunnel Setup screen will
appear.
When finished making your changes on this tab, click the
Save Settings
button to save these changes, or click
the
Cancel Changes
button to undo your changes.
Advanced VPN Tunnel Setup
From the Advanced IPSec VPN Tunnel Setup screen you can adjust the settings for specific VPN tunnels.
Phase 1
Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed,
Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.
Operation Mode. There are two modes: Main and Aggressive, and they exchange the same IKE payloads in
different sequences. Main mode is more common; however, some people prefer Aggressive mode because it
is faster. Main mode is for normal usage and includes more authentication requirements than Aggressive
mode. Main mode is recommended because it is more secure. No matter which mode is selected, the VPN
Gateway will accept both Main and Aggressive requests from the remote VPN device.
Encryption. Select the length of the key used to encrypt/decrypt ESP packets. There are two choices: DES and
3DES. 3DES is recommended because it is more secure.
Authentication. Select the method used to authenticate ESP packets. There are two choices: MD5 and SHA.
SHA is recommended because it is more secure.
Group. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman refers to a
cryptographic technique that uses public and private keys for encryption and decryption.
Figure 5-17: Manual Key Management
Figure 5-18: System Log

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top