Page 6 / 75 Scroll up to view Page 1 - 5
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
Chapter 2: Your Virtual Private
Network (VPN)
Computer networking provides a flexibility not available when using an archa-
ic, paper-based system. With this flexibility, however, comes an increased risk
in security. This is why firewalls were first introduced. Firewalls help to protect
data inside of a local network. But what do you do once information is sent out-
side of your local network, when emails are sent to their destination, or when
you have to connect to your company's network when you are out on the road?
How is your data protected?
That is when a VPN can help. VPNs are called Virtual Private Networks
because they secure data moving outside of your network as if it were still with-
in that network.
When data is sent out across the Internet from your computer, it is always open
to attacks. You may already have a firewall, which will help protect data mov-
ing around or held within your network from being corrupted or intercepted by
entities outside of your network, but once data moves outside of your network
—when you send data to someone via email or communicate with an individ-
ual over the Internet—the firewall will no longer protect that data.
At this point, your data becomes open to hackers using a variety of methods to
steal not only the data you are transmitting but also your network login and
security data. Some of the most common methods are as follows:
1) MAC Address Spoofing
Packets transmitted over a network, either your local network or the Internet,
are preceded by a packet header. These packet headers contain both the source
and destination information for that packet to transmit efficiently. A hacker can
use this information to spoof (or fake) a MAC address allowed on the network.
With this spoofed MAC address, the hacker can also intercept information
meant for another user.
5
Instant Broadband
®
Series
4
By default, a DHCP server (LAN side) is enabled on the Router.
If you already
have a DHCP server running on your network, you
must
disable one of the two
DHCP servers.
If you run more than one DHCP server on your network, you
will experience network errors, such as conflicting IP addresses.
To disable
DHCP on the Router, see the DHCP section in “Chapter 7: The Cable/DSL
Firewall Router’s Web-based Utility.”
This user guide covers the basic steps for setting up a network with a router.
After going through “Chapter 3: Getting to Know the EtherFast Cable/DSL
Firewall Router,” most users will only need to use the following chapters:
Chapter 4: Connect the Router
This chapter instructs you on how to connect the cable or DSL modem to
the Router and connect the PC(s) to the Router.
Chapter 5: Configure the PCs
This chapter instructs you on how to configure your PC(s) for a DHCP con-
nection, if the network settings are not already set to DHCP.
Chapter 6: Configure the Router
This chapter explains how to configure the Router using your web browser
and the Router’s web-based utility. You will configure the Router using the
settings provided by your ISP.
When you’re finished with the basic steps, then you are ready to connect to the
Internet. After the PC(s) can access the Internet through the Router, you can
alter the Router’s settings further; for example, you can adjust security features
and other settings to enable online gaming.
Note:
Even if you assign a static IP address to a PC, other PCs can
still use DHCP’s dynamic IP addressing, as long as the static IP
address is not within the DHCP range of the LAN IP Address.
If the dynamic IP addressing fails to provide a dynamic IP address, refer
to “Appendix A: Troubleshooting.”
Network Setup Overview
Why Do I Need a VPN?
Downloaded from
www.Manualslib.com
manuals search engine
Page 7 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
There are two basic ways to create a VPN connection:
Firewall Router to Firewall Router
Computer (using VPN client software that supports IPSec) to Firewall
Router
The Firewall Router creates a “tunnel” or channel between two endpoints, so
that data transmissions between them are secure. A computer with VPN client
software that supports IPSec can be one of the two endpoints. Any computer
with the built-in IPSec Security Manager (Microsoft 2000 and XP ) allows the
Firewall Router to create a VPN tunnel using IPSec (refer to “Appendix C:
Configuring IPSec between a Microsoft Windows 2000 or XP PC and the
Firewall Router”). Other versions of Microsoft operating systems require addi-
tional, third-party VPN client software applications that support IPSec to be
installed.
Firewall Router to Firewall Router
An example of a Firewall Router-to-Firewall Router VPN would be as follows.
(See Figure 2-1.) At home, a telecommuter uses his Firewall Router for his
always-on Internet connection. His router is configured with his office's VPN
settings. When he connects to his office's router, the two routers create a VPN
tunnel, encrypting and decrypting data. As VPNs utilize the Internet, distance
is not a factor. Using the VPN, the telecommuter now has a secure connection
to the central office's network, as if he were physically connected.
7
Instant Broadband
®
Series
2) Data Sniffing
Data “sniffing” is a method used by hackers to obtain network data as it trav-
els through unsecured networks, such as the Internet. Tools for just this kind of
activity, such as protocol analyzers and network diagnostic tools, are often built
into operating systems and allow the data to be viewed in clear text.
3) Man in the middle attacks
Once the hacker has either sniffed or spoofed enough information, he can now
perform a “man in the middle” attack. This attack is performed, when data is
being transmitted from one network to another, by rerouting the data to a new
destination. Even though the data is not received by its intended recipient, it
appears that way to the person sending the data.
These are only a few of the methods hackers use and they are always develop-
ing more. Without the security of your VPN, your data is constantly open to
such attacks as it travels over the Internet. Data travelling over the Internet will
often pass through many different servers around the world before reaching its
final destination. That's a long way to go for unsecured data and this is when a
VPN serves its purpose.
A VPN, or Virtual Private Network, is a connection between two endpoints - a
VPN Router, for instance - in different networks that allows private data to be
sent securely over a shared or public network, such as the Internet. This estab-
lishes a private network that can send data securely between these two locations
or networks.
This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or net-
works and allows data to be transmitted over the Internet as if it were still with-
in those networks. Not a literal tunnel, it is a connection secured by encrypting
the data sent between the two networks.
VPN was created as a cost-effective alternative to using a private, dedicated,
leased line for a private network. Using industry standard encryption and
authentication techniques—IPSec, short for IP Security—the VPN creates a
secure connection that, in effect, operates as if you were directly connected to
your local network. Virtual Private Networking can be used to create secure
networks linking a central office with branch offices, telecommuters, and/or
professionals on the road (travelers can connect to a VPN Router using any
computer with VPN client software that supports IPSec, such as SSH Sentinel).
6
What is a Virtual Private Network?
Figure 2-1
Downloaded from
www.Manualslib.com
manuals search engine
Page 8 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
9
Chapter 3: Getting to Know the
EtherFast
Cable/DSL Firewall Router
The Router’s ports, shown in Figure 3-1, are where network cables are con-
nected
WAN
The
WAN
(Wide Area Network) port is where you connect
your cable or DSL modem through an Ethernet cable.
Your
modem connection will not work from any other port.
Ports 1-3
These three LAN (Local Area Network) ports are where you
will connect networked devices, such as PCs, print servers,
switches, and anything else you want to put on your network.
(These ports auto-detect crossover and straight-through
cables.)
Port 4/DMZ
Port 4/DMZ
operates like a regular LAN port to connect with
network devices, unless DMZ is enabled through the
Cable/DSL Firewall Router’s web-based utility. Once DMZ is
enabled, this port will be accessible with NO PROTECTION
from the firewall. Be sure to disable the DMZ function through
the web-based utility if you want this port shielded by the
Cable/DSL Firewall Router’s firewall. (This port auto-detects
crossover and straight-through cables.)
Power
The
Power
port is where you will connect the power adapter.
The Router’s Back Panel
Figure 3-1
Instant Broadband
®
Series
8
Computer (using VPN client software that supports IPSec) to Firewall
Router
The following is an example of a computer-to-Firewall Router VPN. (See
Figure 2-2.) In her hotel room, a traveling businesswoman dials up her ISP. Her
notebook computer has VPN client software that is configured with her office's
VPN settings. She accesses the VPN client software that supports IPSec and
connects to the Firewall Router at the central office. As VPNs utilize the
Internet, distance is not a factor. Using the VPN, the businesswoman now has
a secure connection to the central office's network, as if she were physically
connected.
For additional information and instructions about creating your own VPN,
please visit Linksys’s website at
www.linksys.com
or refer to “Appendix C:
Configuring IPSec between a Microsoft Windows 2000 or XP PC and the
Firewall Router.”
Important:
You must have at least one Firewall Router on one end of
the VPN tunnel. At the other end of the VPN tunnel, you must have a
second Firewall Router or a computer with VPN client software that
supports IPSec.
Figure 2-2
Downloaded from
www.Manualslib.com
manuals search engine
Page 9 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
11
Instant Broadband
®
Series
10
WAN and LAN LEDs
Link/Act
Green
. The
Link/Act
LED serves two purposes. If the LED is con-
tinuously lit, the Router is successfully connected to a device
through the corresponding port (1, 2, 3 or 4/DMZ). If the LED is
flickering, the Router is actively sending or receiving data over
that port.
Full/Col
Green
. The
Full/Col
LED also serves two purposes. If this LED is
lit up continuously, the connection made through the correspon-
ding port is running in Full Duplex mode. If the LED flickers, the
connection is experiencing collisions. Infrequent collisions are
normal.
If this LED flickers too often, there may be a problem with your
connection. See “Appendix A: Troubleshooting” if you encounter
this problem.
100
Orange
. The
100
LED lights up when a successful 100Mbps con-
nection is made through the corresponding port.
If this LED does not light up, then your connection speed is 10
Mbps.
Proceed to “Chapter 4: Connect the Router.”
The Router’s LEDs, shown in Figure 3-2, provide a graphic display of activity.
Diag
Red
. The
Diag
LED lights up when the Router goes through its self-
diagnosis mode during every boot-up. It will turn off upon successful
completion of the diagnosis.
If this LED stays on for an abnormally long period of time, see
“Appendix A: Troubleshooting.”
DMZ
Green
. The DMZ LED lights up when the Cable/DSL Firewall
Router’s DMZ function is enabled. Enabling this function will remove
firewall protection from Port 4/DMZ.
Power
Green
. The
Power
LED lights up when the Router is powered on.
The Reset Button
*
Briefly pressing the Reset Button will refresh the Cable/DSL Firewall Router’s
connections, potentially clearing any jammed links.
Pressing the Reset Button and holding it in for a few seconds will clear all of
the Cable/DSL Firewall Router’s data. This should be done only if you are
experiencing heavy routing problems, and only after you have exhausted all of
the other troubleshooting options. By resetting the Cable/DSL Firewall Router,
you run the risk of creating conflicts between your PCs’ actual IP Addresses
and what the Cable/DSL Firewall Router thinks their IP Addresses should be.
You may be forced to reboot the entire system(s).
If the Cable/DSL Firewall Router locks up, simply power it down for three to
five seconds by removing the power cable from the Cable/DSL Firewall
Router’s Power Port. Leaving the power off for too long could result in the loss
of network connections.
The Router’s Front Panel LEDs
Figure 3-2
Downloaded from
www.Manualslib.com
manuals search engine
Page 10 / 75
EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
13
Instant Broadband
®
Series
12
Repeat the above step to connect
more PCs or network devices to
the Router.
3.
Connect the Ethernet cable from your cable or
DSL modem to the
WAN
port on the Router’s
back panel, as shown in Figure 4-3.
This is the
only port that will work for your modem con-
nection.
4.
As shown in Figure 4-4, connect the power
adapter to the Power port on the back panel of
the Router, and then plug the power adapter
into a power outlet.
The
Power
LED on the front panel will light up green as soon as the power
adapter is connected properly. (The LEDs are shown in Figure 4-5.)
The
Diag
LED will light up red for a few
seconds when the Router goes through its
self-diagnostic test. This LED will turn
off when the self-test is complete.
5.
Turn on the cable or DSL modem and PCs.
The Router’s hardware installation is now complete.
Figure 4-3
Figure 4-2
Figure 4-4
Figure 4-5
Chapter 4: Connect the Router
Unlike a hub or a switch, the Router’s setup consists of more than simply plug-
ging hardware together. You will have to configure your networked PCs to
accept the IP addresses that the Router assigns them (if applicable), and you
will also have to configure the Router with setting(s) provided by your Internet
Service Provider (ISP).
The installation technician from your ISP should have left the setup informa-
tion with you after installing your broadband connection. If not, you can call
your ISP to request the data.
Once you have the setup information you need for your specific type of Internet
connection, you can begin installation and setup of the Router.
The diagram in Figure 4-1 shows a typical configuration.
1.
Before you begin, make sure that all of your hardware is powered off,
including the Router, PCs, hubs, switches, and cable or DSL modem.
2.
Connect one end of an Ethernet cable to one of the LAN ports (labeled
1
,
2
,
3
, or
4/DMZ
) on the back of the Router, and the other end to a standard
port on a network device, e.g., a PC, print server, hub, or switch (see Figure
4-2).
Overview
Cable or DSL
Modem
Cable/DSL Firewall Router
PC with Ethernet Adapter
Notebook with Ethernet Adapter
WAN
LAN
Figure 4-1
Connecting Your Hardware Together and Booting Up
Downloaded from
www.Manualslib.com
manuals search engine

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top