Page 51 / 75 Scroll up to view Page 46 - 50
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
95
Instant Broadband
®
Series
94
Does the Router replace a modem?
Is there a cable or DSL modem in the Router?
No, this version of the Router must work in conjunction with a cable or DSL
modem.
Which modems are compatible with the Router?
The Router is compatible with
virtually any cable or DSL modem that supports Ethernet.
What are the advanced features of the Router?
The Router’s advanced features
include Filters, Forwarding, Dynamic Routing, Static Routing, DMZ Hosting,
and MAC Address Cloning.
What is the maximum number of VPN tunnels allowed by the Router?
The Router supports up to two simultaneous IPSec VPN tunnels.
How big is the memory buffer on the Router?
8MB buffer and 2MB flash.
How can I check whether I have static or DHCP IP Addresses?
Consult your ISP
to obtain this information.
How do I get mIRC to work with the Router?
Under the Port Range Forwarding
tab, set port forwarding to 113 for the PC on which you are using mIRC.
If your questions are not addressed here, refer to the Linksys website,
www.linksys.com
.
How will I be notified of new Router firmware upgrades?
All Linksys firmware
upgrades are posted on the Linksys website at
www.linksys.com
, where they
can be downloaded for free.
The Router’s firmware can be upgraded with
TFTP programs. If the Router’s Internet connection is working well, there is
no need to download a newer firmware version, unless that version contains
new features that you would like to use.
Downloading a more current version
of Router firmware will not always enhance the quality or speed of your
Internet connection, and may disrupt your current connection stability.
Will the Router function in a Macintosh environment?
Yes, but the Router’s setup
pages are accessible only through Internet Explorer 4.0 or Netscape
Navigator 4.0 or higher for Macintosh.
I am not able to get the web configuration screen for the Router.
What can I do?
You may have to remove the proxy settings on your Internet browser, e.g.,
Netscape Navigator or Internet Explorer.
Or remove the dial-up settings on
your browser.
Check with your browser documentation, and make sure that
your browser is set to connect directly and that any dial-up is disabled. Make
sure that your browser is set to connect directly and that any dial-up is dis-
abled. For Internet Explorer, click
Tools
,
Internet Options
, and then the
Connection
tab. Make sure that Internet Explorer is set to
Never dial a con-
nection
. For Netscape Navigator, click
Edit
,
Preferences
,
Advanced
, and
Proxy
. Make sure that Netscape Navigator is set to
Direct connection to the
Internet
.
What is DMZ Hosting?
Demilitarized Zone (DMZ) allows one IP address (com-
puter) to be exposed to the Internet.
Some applications require multiple
TCP/IP ports to be open.
It is recommended that you set your computer with
a static IP if you want to use DMZ Hosting. To get the LAN IP address, see
“Appendix G: Finding the MAC Address and IP Address for Your Ethernet
Adapter,” or use the web-based utility to determine the MAC address of the
computer accessing the Router’s web-based utility.
If DMZ Hosting is used, does the exposed user share the public IP with the Router?
No.
Is the Router cross-platform compatible?
Any platform that supports Ethernet
and TCP/IP is compatible with the Router.
How many ports can be simultaneously forwarded?
Theoretically, the Router can
establish 520 sessions at the same time, but you can only forward 10 ranges
of ports.
Downloaded from
www.Manualslib.com
manuals search engine
Page 52 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
97
Instant Broadband
®
Series
96
As secure as the Firewall Router makes your data, there are still more ways to
maximize security. The following are a few suggestions on how to increase data
security beyond the Firewall Router.
1)
Maximize security on your other networks. Install firewall routers for your
Internet connections, and use the most up-to-date security measures for
wireless networking.
2)
Narrow the scope of your VPN tunnel as much as possible. Rather than
allowing a range of IP Addresses, use the addresses specific to the end-
points required.
3)
Do not set the Remote Security Group to Any, as this will open the VPN to
any IP Address. Host a specific IP address.
4)
Maximize encryption and authentication. Use 3DES encryption and SHA
authentication whenever possible.
5)
Manage your pre-shared keys. Change pre-shared keys regularly.
Data transmission over the Internet is a hole in network security that is often
overlooked. With VPN maximized, along with the use of a firewall router and
wireless security, you can secure your data even when it leaves your network.
Appendix B: Maximizing VPN
Security
Just as you maximized your network security with a firewall, you should also
maximize security for your data with the Firewall Router.
IPSec is compatible with most VPN endpoints and ensures privacy and authen-
tication for data, while authenticating user identification. With IPSec, authen-
tication is based upon the PC's IP Address. This not only confirms the user's
identity but also establishes the secure tunnel at the network layer, protecting
all data that passes through.
By operating at the network layer, IPSec is independent of any applications
running on the network. This way, it doesn't harm your PC's performance and
still allows you to do more with greater security. Still, it is important to note
that IPSec encryption does create a slight slowdown in network throughput, due
to encrypting and decrypting data.
A method of securing data transmission is by using key exchange with a VPN
tunnel.
Securing the key exchange without compromising earlier sessions is by
using PFS (Perfect Forward Secrecy).
PFS protects by authenticating
the key
exchange between two VPN endpoints.
This is done by sending one key to the
other endpoint and then then creating a new key to be passed back to the the
original sender of the data exchange.
All of this protection actually comes at a lower cost than most VPN endpoint
software packages. The Firewall Router will allow the users on your network to
secure their data over the Internet without having to purchase the extra client
licenses that other VPN hardware manufacturers and software packages will
require. With VPN functions handled by the router, rather than your PC (which
software packages would require), this frees up your PCs to perform more
functions, more efficiently. An additional benefit is that you aren't required to
reconfigure any of your network PCs.
Downloaded from
www.Manualslib.com
manuals search engine
Page 53 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
99
Instant Broadband
®
Series
98
1.
Click the
Start
button, select
Run
, and type
secpol.msc
in the Open field.
The Local Security Setting screen will appear as shown in Figure C-1.
2.
Right-click
IP Security Policies on Local Computer
, and click
Create IP
Security Policy
.
3.
Click the
Next
button, and then enter a name for your policy (for example,
to_router
). Then, click
Next
.
4.
Deselect the
Activate the default response rule
check box, and then click
the
Next
button.
5.
Click the
Finish
button, making sure the
Edit
check box is checked.
Step One: Create an IPSec Policy
Figure C-1
Note:
Keep a record of any changes you make. Those changes will be
identical in the Windows “secpol” application and the Router’s Web-
Based Utility.
Appendix C: Configuring IPSec
between a Windows 2000 or XP PC
and the Firewall Router
This document demonstrates how to establish a secure IPSec tunnel using pre-
shared keys to join a private network inside the Firewall Router and a Microsoft
Windows 2000 or XP PC. You can find detailed information on configuring the
Microsoft Windows 2000 server at the Microsoft website:
Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000
Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000
The IP addresses and other specifics mentioned in this appendix are for illus-
tration purposes only.
Windows 2000 or Windows XP
IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an
example.
Subnet Mask: 255.255.255.0
BEFSX41
WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an
example.
Subnet Mask: 255.255.255.0
LAN IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
Introduction
Environment
Downloaded from
www.Manualslib.com
manuals search engine
Page 54 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
101
Instant Broadband
®
Series
100
3.
The
IP Filter List
screen should appear, as shown in Figure C-4. Enter an
appropriate name, such as
win->router
, for the filter list, and de-select the
Use Add Wizard
check box. Then, click the
Add
button.
4.
The
Filters Properties
screen will appear, as
shown in Figure C-5.
Select the
Addressing
tab.
In
the
Source
address field, select
My
IP Address
.
In
the
Destination
address
field, select
A specific
IP Subnet
, and fill in the
IP Address:
192.168.1.0
and
Subnet
mask:
255.255.255.0
.
(These
are the Router’s default
settings. If you have
changed these settings,
enter your new values.)
Figure C-5
Figure C-4
Filter List 1: win->router
1.
In the new policy’s prop-
erties screen, verify that
the
Rules
tab is selected,
as shown in Figure C-2.
Deselect the
Use Add
Wizard
check box, and
click the
Add
button to
create a new rule.
2.
Make sure the
IP Filter
List
tab is selected, and
click the
Add
button.
Figure C-2
Figure C-3
Note:
The references
in this section to
“win” are references
to Windows
2000
and XP.
Step Two: Build Filter Lists
Downloaded from
www.Manualslib.com
manuals search engine
Page 55 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
103
Instant Broadband
®
Series
102
8.
The
IP Filter List
screen should appear, as shown in Figure C-7. Enter an
appropriate name, such as
router->win
for the filter list,
and de-select the
Use Add Wizard
check box. Click the
Add
button.
9.
The
Filters Properties
screen will appear, as
shown in Figure C-8.
Select the
Addressing
tab.
In
the
Source
address field, select
A
specific IP Subnet
, and
enter
the
IP Address:
192.168.1.0
and Subnet
mask:
255.255.255.0
.
(Enter your new values if
you have changed the
default settings.) In the
Destination
address
field,
select
My
IP
Address
.
Figure C-7
Figure C-8
5.
If you want to enter a description for your filter, click the
Description
tab
and enter the description there.
6.
Click the
OK
button. Then, click the
OK
(for Windows XP) or
Close
(for
Windows 2000) button on the
IP Filter List
window.
Filter List 2: router=>win
7.
The
New Rule Properties
screen will appear, as shown in Figure C-6. Select
the
IP Filter List
tab, and make sure that
win -> router
is highlighted.
Then, click the
Add
button.
Figure C-6
Downloaded from
www.Manualslib.com
manuals search engine

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top