Linksys BEFSX41v1.44 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Linksys

BEFSX41v1.44

Page 21 / 75 Scroll up to view Page 16 - 20

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Instant Broadband

Series

HBS

The

HeartBeat

Signal

(HBS)

service

that

applies to connec-

tions in Australia

only.

(Shown

Figure

7-9.)

For

users in Australia,

check with your ISP

for setup informa-

tion.

User Name and Password

Enter

the

User Name

and

Password

supplied by

your ISP.

Heart Beat Server

Enter

the IP address of the Heart Beat Server. This is sup-

plied by your ISP.

Connect on Demand and Max Idle Time

You can configure the Router to cut

your connection with your ISP after a specified period of time (Max Idle Time).

If you have been disconnected due to inactivity, Connect on Demand enables

the Router to automatically re-establish your connection as soon as you attempt

to access the Internet again. If you wish to activate Connect on Demand, click

the radio button. In the Max Idle Time field, enter the number of minutes you

want to have elapsed before your Internet access disconnects.

Keep Alive Option and Redial Period

If you select this option, the Router will

periodically check your Internet connection. If you are disconnected, then the

Router will automatically re-establish your connection.

To use this option,

click the radio button next to

Keep Alive

. The default Redial Period is 30 sec-

onds.

To apply any of the settings you change on a page, click the

Apply

button, and

then click the

Continue

button.

To cancel any values you’ve entered on any

page, click the

Cancel

button.

The Firewall Tab, shown in Figure 7-10, allows you to set the Cable/DSL

Firewall Router’s level of security. Some environments require greater security

while some Internet applications work better with fewer restrictions. This tab

allows you to customize these settings.

Advanced Firewall Protection

Enable this option to employ SPI (Stateful

Packet Inspection) and DoS (Denial of Service). These functions allow for

more detailed review of data packets entering your network environment and

prevention of Denial of Service attacks.

Firewall

Figure 7-10

Figure 7-9

Downloaded from

www.Manualslib.com

manuals search engine

Page 22 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

PPTP Pass Through

•

Point-to-Point Tunneling Protocol Pass Through is the method used to

enable VPN sessions to a Windows NT 4.0 or 2000 server. PPTP Pass

Through is enabled by default. To disable this feature, click on

Disable

PPTP Pass Through

, and then the

Apply

button. Click the

Continue

button.

PPPoE Pass Through

•

PPPoE Pass Through allows your PC(s) to use the PPPoE client software

provided by your ISP. Some ISPs may request that you use this feature on

the Router. PPPoE Pass Through is enabled by default. To disable PPPoE

Pass Through, click on

Disable

and then the

Apply

button. Click the

Continue

button.

Remote Management

•

This feature allows you to manage the Router from a remote location, via

the Internet.

To enable this feature, click on

Enable,

and enter the port

number you want to use when accessing the Router remotely. Click the

Apply

button and then the

Continue

button. Remote Management must be

activated before you can manage the Router from a remote location. If you

wish to use this feature on the browser, enter

http:\\<WAN IP Address>:

port.

(Enter your specific WAN IP Address in place of <WAN IP

Address>, and enter the port number in place of the word port.)

•

To disable Remote Management, click on

Disable

, and click the

Apply

but-

ton. Then click the

Continue

button.

Remote Upgrade

•

This feature allows you to upgrade the Router’s firmware from a remote

location.

To enable Remote Upgrade, click on

Enable

, and then click the

Apply

button. Then click the

Continue

button. Remote Management must

be activated before you can manage the Router from a remote location.

MTU (Maximum Transmission Unit)

•

This feature specifies the largest packet size permitted for network trans-

mission. Select

Auto

to leave the MTU at its factory default value. Select

Manual

to enable the MTU value you enter in the Size field.

It is recom-

mended that you keep this value in the 1200 to 1500 range.

For most DSL

users, it is recommended to use the value

1492

To apply any of the settings you change on a page, click the

Apply

button, and

then click the

Continue

button.

To cancel any values you’ve entered on any page,

click the

Cancel

button.

For further help on this tab, click the

Help

button.

Instant Broadband

Series

Web Filter

You can either enable or disable these four filtering methods by

selecting

Allow

Deny

• Proxy

If local users have access to WAN proxy servers, they may be able

to circumvent the Router’s content filters and access Internet sites

blocked by the Router. Denying Proxy will block access to any WAN

proxy servers.

• Java

Java is a programming language for websites. If you deny Java, you

run the risk of not having access to Internet sites created using this pro-

gramming language.

• ActiveX

ActiveX is a programming language for websites. If you deny

ActiveX, you run the risk of not having access to Internet sites created

using this programming language.

• Cookie

A cookie is data stored on your PC and used by Internet sites

when you interact with them, so you may not want to deny cookies.

Block WAN Request

•

By enabling the Block WAN Request feature, you can prevent your network

from being “pinged,” or detected, by other Internet users. The Block WAN

Request feature also reinforces your network security by hiding your net-

work ports. Both functions of the Block WAN Request feature make it more

difficult for outside users to access your network. This feature is enabled by

default. Select

Disable

to disable this feature. Then click the

Apply

button

and then the

Continue

button to save your changes.

Multicast Pass Through

•

IP Multicasting occurs when a single data transmission is sent to multiple

recipients at the same time. Using this feature, the Router allows IP multi-

cast packets to be forwarded to the appropriate computers. Select

Enable

support the feature, or

Disable

to disable it.

IPSec Pass Through

•

Internet Protocol Security (IPSec) is a suite of protocols used to implement

secure exchange of packets at the IP layer. To allow IPSec tunnels to pass

through the Router, IPSec Pass Through is enabled by default. To disable

IPSec Pass Through, click on

Disable

and then the

Apply

button. Click the

Continue

button.

Downloaded from

www.Manualslib.com

manuals search engine

Page 23 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Virtual Private Networking (VPN) is a security measure that basically creates

a secure connection between two remote locations.

This connection is very

specific as far as its settings are concerned; this is what creates the security.

The VPN screen, shown in Figure 7-11, allows you to configure your VPN set-

tings to make your network more secure.

Establishing a Tunnel

The Firewall Router creates a tunnel or channel between two endpoints, so that

the data or information between these endpoints is secure.

To establish this tun-

nel, select the tunnel you wish to create in the (

Select Tunnel Entry)

drop-

down box.

It is possible to create up to two simultaneous tunnels.

Then check the box next to

Enable

to enable the tunnel.

Once the tunnel is enabled, enter the name of the tunnel in the

Tunnel Name

field.

This is to allow you to identify multiple tunnels and does not have to

match the name used at the other end of the tunnel.

Click the

Delete This Tunnel

button to delete any tunnel entry. Click the

Summary

button to view information about the selected tunnel, after the tun-

nel has been connected.

Note:

Network security, while a desirable and often necessary

aspect of networking, is complex and requires a thorough under-

standing of networking principles.

Instant Broadband

Series

VPN

Figure 7-11

Downloaded from

www.Manualslib.com

manuals search engine

Page 24 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

• IP Address

- If you select

IP Address

, only the computer with the spe-

cific IP Address that you enter will be able to access the tunnel.

In the

example shown in Figure 7-13, only the computer with IP Address

192.168.1.10 can access the tunnel from this end.

Only the computer with

IP Address 192.168.2.12 can access the tunnel from the remote end (in

your settings, use the IP Addresses appropriate for your VPN).

•

IP Range

- If you select IP Range, it will be a combination of Subnet and

IP Address.

You can specify a range of IP Addresses within the Subnet

which will have access to the tunnel.

In the example shown in Figure 7-

14, all computers on this end of the tunnel with IP Addresses between

192.168.1.1 and 192.168.1.20 can access the tunnel from the local end.

Only computers assigned an IP Address between 192.168.2.1 and

192.168.2.100 can access the tunnel from the remote end (in your set-

tings, use the IP Ranges appropriate for your VPN).

Figure 7-13

Figure 7-14

Instant Broadband

Series

Local Secure Group and Remote Secure Group

The

Local Secure Group

is the computer(s) on your LAN that can access the

tunnel. The

Remote Secure Group

is the computer (s) on the remote end of the

tunnel that can access the tunnel. Under Local Secure Group and Remote

Secure Group, you may choose one of three options: Subnet, IP Address, and

IP Range. Under Remote Secure Group, you have two additional options: Host

and Any.

• Subnet

- If you select

Subnet

(which is the default), this will allow all

computers on the local subnet to access the tunnel.

In the example shown

in Figure 7-12, all Local Secure Group computers with IP Addresses

192.168.1.xxx will be able to access the tunnel. All Remote Secure Group

computers with IP Addresses 192.168.2.xxx will be able to access the tun-

nel (in your settings, use the IP Addresses appropriate for your VPN).

When using the Subnet setting, the default values of

should remain in

the last fields of the

and

Mask

settings.

Note:

The IP Addresses and Subnet Mask values used here are for

example only.

Do not try to use them for your actual setup.

Obtain

the relevant information from your own network to accurately config-

ure your Firewall Router.

Figure 7-12

Note:

It is possible to set up your Firewall Router using any combi-

nation of the three settings under Local Secure Group and the five set-

tings under Remote Secure Group.

For instance, when Subnet is cho-

sen on the local end of the tunnel, Subnet does not have to be chosen

at the remote end.

So a single IP Address could be chosen to access

the tunnel on the local end and a range of IP Addresses could be set at

the remote end of the tunnel.

Downloaded from

www.Manualslib.com

manuals search engine

Page 25 / 75

EtherFast

Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Remote Security Gateway

The Remote Security Gateway is the VPN device, such as a second Firewall

Router, on the remote end of the VPN tunnel. Under

Remote Security

Gateway

, you have three options: IP Address, FQDN, and Any.

• IP Address

- If you select IP Address, as shown in Figure 7-17, enter the

IP Address of the VPN device at the other end of the tunnel. The remote

VPN device can be another Firewall Router, a VPN Server, or a comput-

er with VPN client software that supports IPSec.

The IP Address may

either be static (permanent) or dynamic (changing), depending on the set-

tings of the remote VPN device.

Make sure that you have entered the IP

Address correctly, or the connection cannot be made.

Remember, this is

NOT the IP Address of the local Firewall Router, but the IP Address of the

remote

Firewall Router or device with which you wish to communicate.

• FQDN

(Fully Qualified Domain Name) - If you select FQDN, as shown

in Figure 7-18, enter the FQDN of the VPN device at the other end of the

tunnel. The remote VPN device can be another Firewall Router, a VPN

Server, or a computer with VPN client software that supports IPSec.

The

FQDN is the host name and domain name for a specific computer on the

Internet, for example,

vpn.myvpnserver.com

Figure 7-17

Figure 7-18

Instant Broadband

Series

Under

Remote Secure Group

, you have two additional options: Host and Any.

• Host

- If you select Host for the Remote Secure Group, then the Remote

Secure Group will be the same as the Remote Security Gateway setting:

IP Address, FQDN (Fully Qualified Domain Name), or Any. (Remote

Security Gateway settings are explained on the following page.) In the

example shown in Figure 7-15, the Remote Secure Group is the same as

the Remote Security Gateway, set to a specific IP Address.

• Any

- If you select Any for the Remote Security Group, as shown in

Figure 7-16, the local Firewall Router will accept a request from any IP

address. This setting should be chosen when the other endpoint is using

DHCP or PPPoE on the WAN side.

Figure 7-15

Figure 7-16

Downloaded from

www.Manualslib.com

manuals search engine

Rate

Popular Linksys Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share