32

Chapter 4: Configuring the Gateway

The Wireless Tab

Wireless-G ADSL Gateway with 2 Phone Ports

Wireless Access Tab

Wireless Network Access

Selecting

Allow All,

from the Wireless Access tab, allows access to the wireless network from any PC. To restrict

access to the network, select

Restrict Access

, then select

Prevent

to prevent access

or Permit only

to permit

access. Click the

Edit

MAC Address Access List

button, and the screen will appear.

Select the MAC Address

from the list

and click

Wireless Client MAC List

.

When finished making your changes on this tab, click the

Save Settings

button to save these changes, or click

the

Cancel Changes

button to undo your changes.

Figure 4-22: Wireless Tab - Wireless Network Access

Figure 4-23: MAC Address Access/Filter List

Downloaded from

www.Manualslib.com

manuals search engine

33

Chapter 4: Configuring the Gateway

The Wireless Tab

Wireless-G ADSL Gateway with 2 Phone Ports

Advanced Wireless Settings Tab

Advanced Wireless

On this screen you can access the Advanced Wireless features, including Authentication Type, Basic Data Rates,

Control Tx Rates, Beacon Interval, DTIM Interval, RTS Threshold, and Fragmentation Threshold.

Authentication Type

. The default is set to

Auto

, which allows either Open System or Shared Key authentication

to be used. For Open System authentication, the sender and the recipient won’t use a WEP key for authentication

but can use WEP for data encryption. If you want to allow Open System authentication, select

Open System

. For

Shared Key authentication, the sender and recipient use a WEP key for both authentication and data encryption.

If you want to use only Shared Key authentication, select

Shared Key

. This option should be left in the default

(Auto) mode, as some clients cannot be configured for Shared Key.

Control Tx Rates

. The default transmission rate is

Auto

. The range is from 1 to 54Mbps. The rate of data

transmission should be set depending on the speed of your wireless network. Select from the range of speeds, or

have the Gateway automatically use the fastest possible data rate, be default, and enable the Auto-Fallback

feature.

Beacon Interval

. The default value is

100

. Enter a value between 1 and 65,535 milliseconds. The Beacon Interval

value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the Gateway to

synchronize the wireless network.

DTIM Interval

. The default value is

3

. This value, between 1 and 255, indicates the interval of the Delivery Traffic

Indication Message (DTIM). A DTIM field is a countdown field informing clients of the next window for listening to

broadcast and multicast messages. When the Gateway has buffered broadcast or multicast messages for

associated clients, it sends the next DTIM with a DTIM Interval value. Its clients hear the beacons and awaken to

receive the broadcast and multicast messages.

Fragmentation Threshold

. This value should remain at its default setting of

2346

. The range is 256-2346 bytes.

It specifies the maximum size of a packet before data is fragmented into multiple packets. If you experience a

high packet error rate, you may slightly increase the Fragmentation Threshold. Setting the Fragmentation

Threshold too low may result in poor network performance. Only minor modifications of this value are

recommended.

RTS Threshold

. This value should remain at its default setting of

2347

. The range is 0-2347 bytes. If you

encounter inconsistent data flow, only make minor modifications. If a network packet is smaller than the preset

RTS threshold size, the RTS/CTS mechanism will not be enabled. The Gateway sends Request to Send (RTS)

frames to a particular receiving station and negotiates the sending of a data frame. After receiving an RTS, the

wireless station responds with a Clear to Send (CTS) frame to acknowledge the right to begin transmission.

Figure 4-24: Wireless Tab - Advanced Wireless Settings

Downloaded from

www.Manualslib.com

manuals search engine

34

Chapter 4: Configuring the Gateway

The Security Tab

Wireless-G ADSL Gateway with 2 Phone Ports

The Security Tab

Firewall

When you click the

Security

tab, you will see the

Firewall

screen. This screen contains Filters and the option to

Block WAN Requests. Filters block specific Internet data types and block anonymous Internet requests. To add

Firewall Protection, click

Enable

. If you do not want Firewall Protection, click

Disable

.

Additional Filters

Filter Proxy

. Use of proxy servers may compromise the Gateway's security. If this box is checked, you will be

unable to access any proxy servers. To enable proxy filtering, click

Enabled

.

Filter Cookies

. A cookie is data stored on your computer and used by Internet sites when you interact with them.

To enable cookie filtering, click

Enabled

.

Filter Java Applets

. Java is a programming language for websites. If you deny Java Applets, you run the risk of

not having access to Internet sites created using this programming language. To enable Java Applet filtering,

click

Enabled

.

Filter ActiveX

. ActiveX is a programming language for websites. If you enable ActiveX filtering, you may not have

access to Internet sites created using this programming language. To enable ActiveX filtering, click

Enabled

.

Block WAN requests

Block Anonymous Internet Requests

. This keeps your network from being “pinged” or detected and reinforces

your network security by hiding your network ports, so it is more difficult for intruders to discover your network.

Select

Block Anonymous Internet Requests

to block anonymous Internet requests or de-select it

to allow

anonymous Internet requests.

When finished making your changes on this tab, click the

Save Settings

button to save these changes, or click

the

Cancel Changes

button to undo your changes.

Figure 4-25: Security Tab - Firewall

Downloaded from

www.Manualslib.com

manuals search engine

35

Chapter 4: Configuring the Gateway

The Security Tab

Wireless-G ADSL Gateway with 2 Phone Ports

VPN

Virtual Private Networking (VPN) is a security measure that basically creates a secure connection between two

remote locations. The VPN screen allows you to configure your VPN settings to make your network more secure.

VPN Passthrough

IPSec Passthrough

. Internet Protocol Security (IPSec) is a suite of protocols used to implement secure exchange

of packets at the IP layer. To allow IPSec Passthrough, click the

Enable

button. To disable IPSec Passthrough,

click the

Disable

button.

PPPoE Passthrough

. The PPPoE (Point-to-Point Protocol over Ethernet) option is included for those users who

wish to disable PPPoE sessions. This option is enabled by default. To disable PPPoE Passthrough, click the

Disable

button.

PPTP Passthrough

. Point-to-Point Tunneling Protocol Passthrough is the method used to enable VPN sessions to

a Windows NT 4.0 or 2000 server. To allow PPTP Passthrough, click the

Enable

button. To disable PPTP

Passthrough, click the

Disable

button.

L2TP Passthrough

. Layering 2 Tunneling Protocol Passthrough is an extension of the Point-to-Point Tunneling

Protocol (PPTP) used to enable the operation of a VPN over the Internet.To allow L2TP Passthrough, click the

Enable

button. To disable L2TP Passthrough, click the

Disable

button.

IPSec VPN Tunnel

The VPN Gateway creates a tunnel or channel between two endpoints, so that the data or information between

these endpoints is secure.

To establish this tunnel, select the tunnel you wish to create in the Select Tunnel Entry drop-down box.

It is

possible to create up to five simultaneous tunnels. Then click

Enabled

to enable the IPSec VPN tunnel. Once the

tunnel is enabled, enter the name of the tunnel in the Tunnel Name field.

This is to allow you to identify multiple

tunnels and does not have to match the name used at the other end of the tunnel. To delete a tunnel entry, select

the tunnel, then click

Delete

. To view a summary of the settings, click

Summary

.

Local Secure Group and Remote Secure Group

. The Local Secure Group is the computer(s) on your network

that can access the tunnel. The Remote Secure Group is the computer(s) on the remote end of the tunnel that can

access the tunnel. These computers can be specified by a Subnet, specific IP address, or range.

Local Security Gateway

. This pull-down menu will provide you with your available Internet connection options.

Figure 4-26: Security Tab - VPN

Figure 4-27: VPN Settings Summary

Downloaded from

www.Manualslib.com

manuals search engine

36

Chapter 4: Configuring the Gateway

The Security Tab

Wireless-G ADSL Gateway with 2 Phone Ports

Remote Security Gateway

. The Remote Security Gateway is the VPN device, such as a second VPN Gateway, on

the remote end of the VPN tunnel. Enter the IP Address or Domain of the VPN device at the other end of the tunnel.

The remote VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client software that

supports IPSec. The IP Address may either be static (permanent) or dynamic (changing), depending on the

settings of the remote VPN device.

Make sure that you have entered the IP Address correctly, or the connection

cannot be made.

Remember, this is NOT the IP Address of the local VPN Gateway, but the IP Address of the

remote VPN Gateway or device with which you wish to communicate. If you enter an IP address, only the specific

IP Address will be able to acess the tunnel. If you select

Any

, any IP Address can access the tunnel.

•

Encryption. Using Encryption also helps make your connection more secure.

There are two different types

of encryption: DES or 3DES (3DES is recommended because it is more secure).

You may choose either of

these, but it must be the same type of encryption that is being used by the VPN device at the other end of

the tunnel.

Or, you may choose not to encrypt by selecting Disable. DES is selected by default.

•

Authentication. Authentication acts as another level of security.

There are two types of authentication:

MD5 and SHA (SHA is recommended because it is more secure).

As with encryption, either of these may

be selected, if the VPN device at the other end of the tunnel is using the same type of authentication.

Or,

both ends of the tunnel may choose to Disable authentication.

In the Manual Key Management screen,

MD5 (the default) has been selected.

Key Management

. Select

Auto (IKE)

or

Manual

from the drop-down menu. The two methods are described

below.

•

Auto (IKE). Select

Auto (IKE)

and enter a series of numbers or letters in the Pre-shared Key field. Based

on this word, which MUST be entered at both ends of the tunnel if this method is used, a key is generated

to scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted).

You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces

are allowed. In the Key Lifetime field, you may select to have the key expire at the end of a time period.

Enter the number of seconds you’d like the key to be useful, or leave it blank for the key to last

indefinitely. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange

and IKE proposals are secure.

•

Manual. Select

Manual,

then select the Encryption Algorithm from the drop-down menu. Enter the

Encryption Key in the field (if you chose DES for your Encryption Algorithm, enter 16 hexadecimal

characters, if you chose 3DES, enter 48 hexadecimal characters). Select the Authentication Algorithm

from the drop-down menu. Enter the Authentication Key in the field (if you chose MD5 for your

Authentication Algorithm, enter 32 hexadecimal characters, if you chose SHA1, enter 40 hexadecimal

characters). Enter the Inbound and Outbound SPIs in the respective fields.

Status

. The status of the connection is shown.

Figure 4-29: Manual Key Management

Figure 4-28: Auto Key Management

Downloaded from

www.Manualslib.com

manuals search engine