21

Security

☛

WARNING:

NAT Bypass configuration allows inbound access to the specified LAN station.

Contact your Network Administrator for LAN security questions.

IP-Passthrough

The Netopia Gateway now offers an IP passthrough feature. The IP passthrough feature

allows a single PC on the LAN to have the Gateway’s public address assigned to it. It also

provides PAT (NAPT) via the same public IP address for all other hosts on the private LAN

subnet.

VPN IPSec Pass Through

This Motorola Netopia® service supports your independent VPN client software in a trans-

parent manner. Motorola has implemented an Application Layer Gateway (ALG) to support

multiple PCs running IP Security protocols.

This feature has three elements:

1.

On power up or reset, the address mapping function (NAT) of the Gateway’s WAN con-

figuration is turned on by default.

2.

When you use your third-party VPN application, the Gateway recognizes the traffic

from your client and your unit. It allows the packets to pass through the NAT “protec-

tion layer” via the encrypted IPSec tunnel.

3.

The encrypted IPSec tunnel is established “through” the Gateway.

22

A typical VPN IPSec Tunnel pass through is diagrammed below:

☛

NOTE:

Typically, no special configuration is necessary to use the IPSec pass through

feature.

In the diagram, VPN PC clients are shown behind the Motorola Netopia® Gate-

way and the secure server is at Corporate Headquarters across the WAN. You

cannot have your secure server behind the Motorola Netopia® Gateway.

When multiple PCs are starting IPSec sessions, they must be started one at a

time to allow the associations to be created and mapped.

VPN IPSec Tunnel Termination

This Motorola Netopia® service supports termination of VPN IPsec tunnels at the Gateway.

This permits tunnelling from the Gateway without the use of third-party VPN client software

on your client PCs. Currently one IPSec VPN tunnel is supported on Motorola Netopia®

2200 and 3300 Series Gateways. Unlike VPN Passthrough, IPsec VPN tunnel is a keyed

feature that you can obtained from Motorola. See

“

Security Settings

” on page

253

.

Motorola Netopia®

Gateway

23

Security

Dynamic DNS

Dynamic DNS support allows you to use the free services of

www.dyndns.org

. Dynamic

DNS automatically directs any public Internet request for your computer's name to your cur-

rent dynamically-assigned IP address. This allows you to get to the IP address assigned to

your Gateway, even though your actual IP address may change as a result of a PPPoE con-

nection to the Internet. See

“

Dynamic DNS Settings

” on page

210

.

Stateful Inspection Firewall

Stateful inspection is a security feature that prevents unsolicited inbound access when

NAT is disabled. You can configure UDP and TCP “no-activity” periods that will also apply to

NAT time-outs if stateful inspection is enabled on the interface. Technical details are dis-

cussed in

“

Stateful Inspection

” on page

262

.

24

25

CHAPTER 2

Basic Mode Setup

Most users will find that the basic Quickstart configuration is all that they ever need to use.

This section may be all that you ever need to configure and use your Motorola Netopia®

Gateway. The following instructions cover installation in

Router Mode

.

This section covers:

•

“

Impor

tant Safety Instr

uctions

” on page

26

•

“

Set up the Motor

ola Netopia® Gateway

” on page

27

•

“

Confi

gur

e the Motor

ola Netopia® Gateway

” on page

31

•

“

Motor

ola Netopia

®

Gateway Status Indicator Lights

” on page

34

•

“

Accessing the W

eb User Inter

face

” on page

35

•

“

Links Bar

” on page

36