Linksys BEFSX41v1.44 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Linksys

BEFSX41v1.44

Page 51 / 75 Scroll up to view Page 46 - 50

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Instant Broadband

Series

Does the Router replace a modem?

Is there a cable or DSL modem in the Router?

No, this version of the Router must work in conjunction with a cable or DSL

modem.

Which modems are compatible with the Router?

The Router is compatible with

virtually any cable or DSL modem that supports Ethernet.

What are the advanced features of the Router?

The Router’s advanced features

include Filters, Forwarding, Dynamic Routing, Static Routing, DMZ Hosting,

and MAC Address Cloning.

What is the maximum number of VPN tunnels allowed by the Router?

The Router supports up to two simultaneous IPSec VPN tunnels.

How big is the memory buffer on the Router?

8MB buffer and 2MB flash.

How can I check whether I have static or DHCP IP Addresses?

Consult your ISP

to obtain this information.

How do I get mIRC to work with the Router?

Under the Port Range Forwarding

tab, set port forwarding to 113 for the PC on which you are using mIRC.

If your questions are not addressed here, refer to the Linksys website,

www.linksys.com

How will I be notified of new Router firmware upgrades?

All Linksys firmware

upgrades are posted on the Linksys website at

www.linksys.com

, where they

can be downloaded for free.

The Router’s firmware can be upgraded with

TFTP programs. If the Router’s Internet connection is working well, there is

no need to download a newer firmware version, unless that version contains

new features that you would like to use.

Downloading a more current version

of Router firmware will not always enhance the quality or speed of your

Internet connection, and may disrupt your current connection stability.

Will the Router function in a Macintosh environment?

Yes, but the Router’s setup

pages are accessible only through Internet Explorer 4.0 or Netscape

Navigator 4.0 or higher for Macintosh.

I am not able to get the web configuration screen for the Router.

What can I do?

You may have to remove the proxy settings on your Internet browser, e.g.,

Netscape Navigator or Internet Explorer.

Or remove the dial-up settings on

your browser.

Check with your browser documentation, and make sure that

your browser is set to connect directly and that any dial-up is disabled. Make

sure that your browser is set to connect directly and that any dial-up is dis-

abled. For Internet Explorer, click

Tools

Internet Options

, and then the

Connection

tab. Make sure that Internet Explorer is set to

Never dial a con-

nection

. For Netscape Navigator, click

Edit

Preferences

Advanced

, and

Proxy

. Make sure that Netscape Navigator is set to

Direct connection to the

Internet

What is DMZ Hosting?

Demilitarized Zone (DMZ) allows one IP address (com-

puter) to be exposed to the Internet.

Some applications require multiple

TCP/IP ports to be open.

It is recommended that you set your computer with

a static IP if you want to use DMZ Hosting. To get the LAN IP address, see

“Appendix G: Finding the MAC Address and IP Address for Your Ethernet

Adapter,” or use the web-based utility to determine the MAC address of the

computer accessing the Router’s web-based utility.

If DMZ Hosting is used, does the exposed user share the public IP with the Router?

No.

Is the Router cross-platform compatible?

Any platform that supports Ethernet

and TCP/IP is compatible with the Router.

How many ports can be simultaneously forwarded?

Theoretically, the Router can

establish 520 sessions at the same time, but you can only forward 10 ranges

of ports.

Downloaded from

www.Manualslib.com

manuals search engine

Page 52 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Instant Broadband

Series

As secure as the Firewall Router makes your data, there are still more ways to

maximize security. The following are a few suggestions on how to increase data

security beyond the Firewall Router.

Maximize security on your other networks. Install firewall routers for your

Internet connections, and use the most up-to-date security measures for

wireless networking.

Narrow the scope of your VPN tunnel as much as possible. Rather than

allowing a range of IP Addresses, use the addresses specific to the end-

points required.

Do not set the Remote Security Group to Any, as this will open the VPN to

any IP Address. Host a specific IP address.

Maximize encryption and authentication. Use 3DES encryption and SHA

authentication whenever possible.

Manage your pre-shared keys. Change pre-shared keys regularly.

Data transmission over the Internet is a hole in network security that is often

overlooked. With VPN maximized, along with the use of a firewall router and

wireless security, you can secure your data even when it leaves your network.

Appendix B: Maximizing VPN

Security

Just as you maximized your network security with a firewall, you should also

maximize security for your data with the Firewall Router.

IPSec is compatible with most VPN endpoints and ensures privacy and authen-

tication for data, while authenticating user identification. With IPSec, authen-

tication is based upon the PC's IP Address. This not only confirms the user's

identity but also establishes the secure tunnel at the network layer, protecting

all data that passes through.

By operating at the network layer, IPSec is independent of any applications

running on the network. This way, it doesn't harm your PC's performance and

still allows you to do more with greater security. Still, it is important to note

that IPSec encryption does create a slight slowdown in network throughput, due

to encrypting and decrypting data.

A method of securing data transmission is by using key exchange with a VPN

tunnel.

Securing the key exchange without compromising earlier sessions is by

using PFS (Perfect Forward Secrecy).

PFS protects by authenticating

the key

exchange between two VPN endpoints.

This is done by sending one key to the

other endpoint and then then creating a new key to be passed back to the the

original sender of the data exchange.

All of this protection actually comes at a lower cost than most VPN endpoint

software packages. The Firewall Router will allow the users on your network to

secure their data over the Internet without having to purchase the extra client

licenses that other VPN hardware manufacturers and software packages will

require. With VPN functions handled by the router, rather than your PC (which

software packages would require), this frees up your PCs to perform more

functions, more efficiently. An additional benefit is that you aren't required to

reconfigure any of your network PCs.

Downloaded from

www.Manualslib.com

manuals search engine

Page 53 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Instant Broadband

Series

Click the

Start

button, select

Run

, and type

secpol.msc

in the Open field.

The Local Security Setting screen will appear as shown in Figure C-1.

Right-click

IP Security Policies on Local Computer

, and click

Create IP

Security Policy

Click the

button, and then enter a name for your policy (for example,

to_router

). Then, click

Deselect the

Activate the default response rule

check box, and then click

the

button.

Click the

Finish

button, making sure the

Edit

check box is checked.

Step One: Create an IPSec Policy

Figure C-1

Note:

Keep a record of any changes you make. Those changes will be

identical in the Windows “secpol” application and the Router’s Web-

Based Utility.

Appendix C: Configuring IPSec

between a Windows 2000 or XP PC

and the Firewall Router

This document demonstrates how to establish a secure IPSec tunnel using pre-

shared keys to join a private network inside the Firewall Router and a Microsoft

Windows 2000 or XP PC. You can find detailed information on configuring the

Microsoft Windows 2000 server at the Microsoft website:

Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000

http://support.microsoft.com/support/kb/articles/Q252/7/35.asp

Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000

http://support.microsoft.com/support/kb/articles/Q257/2/25.asp

The IP addresses and other specifics mentioned in this appendix are for illus-

tration purposes only.

Windows 2000 or Windows XP

IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an

example.

Subnet Mask: 255.255.255.0

BEFSX41

WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an

example.

Subnet Mask: 255.255.255.0

LAN IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

Introduction

Environment

Downloaded from

www.Manualslib.com

manuals search engine

Page 54 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

101

Instant Broadband

Series

100

The

IP Filter List

screen should appear, as shown in Figure C-4. Enter an

appropriate name, such as

win->router

, for the filter list, and de-select the

Use Add Wizard

check box. Then, click the

Add

button.

The

Filters Properties

screen will appear, as

shown in Figure C-5.

Select the

Addressing

tab.

the

Source

address field, select

IP Address

the

Destination

address

field, select

A specific

IP Subnet

, and fill in the

IP Address:

192.168.1.0

and

Subnet

mask:

255.255.255.0

(These

are the Router’s default

settings. If you have

changed these settings,

enter your new values.)

Figure C-5

Figure C-4

Filter List 1: win->router

In the new policy’s prop-

erties screen, verify that

the

Rules

tab is selected,

as shown in Figure C-2.

Deselect the

Use Add

Wizard

check box, and

click the

Add

button to

create a new rule.

Make sure the

IP Filter

List

tab is selected, and

click the

Add

button.

Figure C-2

Figure C-3

Note:

The references

in this section to

“win” are references

to Windows

2000

and XP.

Step Two: Build Filter Lists

Downloaded from

www.Manualslib.com

manuals search engine

Page 55 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

103

Instant Broadband

Series

102

The

IP Filter List

screen should appear, as shown in Figure C-7. Enter an

appropriate name, such as

router->win

for the filter list,

and de-select the

Use Add Wizard

check box. Click the

Add

button.

The

Filters Properties

screen will appear, as

shown in Figure C-8.

Select the

Addressing

tab.

the

Source

address field, select

specific IP Subnet

, and

enter

the

IP Address:

192.168.1.0

and Subnet

mask:

255.255.255.0

(Enter your new values if

you have changed the

default settings.) In the

Destination

address

field,

select

Address

Figure C-7

Figure C-8

If you want to enter a description for your filter, click the

Description

tab

and enter the description there.

Click the

button. Then, click the

(for Windows XP) or

(for

Windows 2000) button on the

IP Filter List

window.

Filter List 2: router=>win

The

New Rule Properties

screen will appear, as shown in Figure C-6. Select

the

IP Filter List

tab, and make sure that

win -> router

is highlighted.

Then, click the

Add

button.

Figure C-6

Downloaded from

www.Manualslib.com

manuals search engine

Rate

Popular Linksys Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share