Page 121 / 185 Scroll up to view Page 116 - 120
Virtual Private Networking
121
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Local LAN IP Address
The remote VPN
endpoint has to have
these IP addresses
entered as its remote
addresses.
Subnet Mask
Enter the network mask.
Single PC - no
Subnet
Select this option if there is no LAN (only a single PC) at the
remote endpoint. If this option is selected, no additional data is
required.
Single/Start IP
Address
The IP address for a single address, or the starting address for
an address range used on the LAN. If you want to make a single
server on your LAN available to remote users, use a single
address settings.
Any
. The remote VPN endpoint can be at any IP address.
Finish IP
Address
For an address range, enter the finish IP address. This has to be
an address range used on your LAN.
Subnet Mask
Enter the network mask.
Remote LAN IP Address
The remote VPN
endpoint has to have
these IP addresses
entered as its local
addresses.
IP Address
Single PC - no Subnet
. Select this option if there is no LAN (only
a single PC) at the remote endpoint. If this option is selected, no
additional data is required. The typical application is a PC running
the VPN client at the remote end.
Single/Start IP
Address
• Enter an IP address on the remote LAN. You can use this setting
to access a server.
• For a range of addresses, enter the starting IP address. This has
to be an address range used on the remote LAN.
Any
. Any outgoing traffic from specified
Local IP
computers
triggers an attempted VPN connection to the remote VPN
endpoint. Be sure you want this option before selecting it.
Finish IP
Address
Enter the finish IP address for a range of addresses. This must be
an address range used on the remote LAN.
Subnet Mask
Enter the network mask.
ESP Configuration
ESP (encapsulating
security payload)
provides security for the
payload (data) sent
through the VPN tunnel.
SPI
Enter the required security policy indexes (SPIs). Each policy has
to have unique SPIs. These settings have to match the remote
VPN endpoint. The
in
setting here has to match the
out
setting on
the remote VPN endpoint, and the
out
setting here has to match
the
in
setting on the remote VPN endpoint.
Encryption
Select an encryption algorithm, and enter the key in the field
provided. For 3DES, the keys should be 24 ASCII characters, and
for DES, the keys should be 8 ASCII characters.
DES
. The Data Encryption Standard (DES) processes input data
that is 64 bits wide, encrypting these values using a 56-bit key.
Faster but less secure than 3DES.
3DES
. (Triple DES) achieves a higher level of security by
encrypting the data three times using DES with three different,
unrelated keys.
Authentication
Select an authentication method.
Table 21.
VPN Manual Policy fields and settings
(continued)
Fields and Settings
Description
Downloaded from
www.Manualslib.com
manuals search engine
Page 122 / 185
122
8
8.
Advanced Settings
Configuring for unique situations
This chapter describes the advanced features of your wireless modem router. The information is
for users with a solid understanding of networking concepts who want to set the router up for
unique situations such as when remote access from the Internet by IP or domain name is
needed.
This chapter contains the following sections:
WAN Setup
Dynamic DNS
LAN Setup
Set Up Quality of Service (QoS)
Advanced Wireless Settings
Building Wireless Bridging and Repeating Networks
Remote Management
Static Routes
Universal Plug and Play
Advanced USB Settings
Traffic Meter
Downloaded from
www.Manualslib.com
manuals search engine
Page 123 / 185
Advanced Settings
123
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
WAN Setup
Select
Advanced > WAN Setup
to display the following screen:
Figure 47. WAN Setup screen
WAN Preference
Configure whether the wireless modem router uses only one WAN port exclusively (either
ADSL WAN or Ethernet WAN) or detects automatically the WAN port to use.
Disable Port Scan and DOS Protection
The firewall protects your LAN against port scans and denial of service (DOS) attacks. This
protection should be disabled only in special circumstances.
Default DMZ Server
The default demilitarized zone (DMZ) server feature is helpful when you use online games
and video conferencing applications that are incompatible with NAT. The wireless modem
router is programmed to recognize some of these applications and to work correctly with
them, but there are other applications that might not function well. In some cases, one local
computer can run the application correctly if that computer’s IP address is entered as the
default DMZ server.
Note:
For security reasons, you should avoid using the default DMZ server
feature. When a computer is designated as the default DMZ server,
it loses much of the protection of the firewall and is exposed to many
exploits from the Internet. If compromised, the computer can be
used to attack your network.
Downloaded from
www.Manualslib.com
manuals search engine
Page 124 / 185
Advanced Settings
124
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Incoming traffic from the Internet is usually discarded by the wireless modem router unless
the traffic is a response to one of your local computers or a service that you have configured
in the Ports screen. Instead of discarding this traffic, you can have it forwarded to one
computer on your network. This computer is called the default DMZ server.
To assign a computer or server to be a default DMZ server:
1.
In the
WAN Setup
screen, select the
Default DMZ Server
check box.
Figure 48.
Default DMZ Server setting
2.
Type the IP address for that server and click
Apply
.
Respond to Ping on Internet Port
If you want the wireless modem router to respond to a ping from the Internet, select this
check box. This should be used only as a diagnostic tool, because it allows your wireless
modem router to be discovered, which can be a security problem. Do not select this check
box unless you have a specific reason to do so.
MTU Size (in bytes)
The normal maximum transmission unit (MTU) value for most Ethernet networks is 1500
bytes, 1492 bytes for PPPoE connections, and 1458 for PPPoA connections. For some ISPs
you might need to reduce the MTU. But this is rarely required, and should not be done unless
you are sure it is necessary for your ISP connection.
NAT Filtering
This option determines how the router deals with inbound traffic. The Secured option
provides a secured firewall to protect the PCs on LAN from attacks from the Internet, but it
might cause some Internet games, point-to-point applications, and multimedia applications
no work. The Open option, on the other hand, provides a much less secured firewall, while it
allows almost all Internet applications to work.
Downloaded from
www.Manualslib.com
manuals search engine
Page 125 / 185
Advanced Settings
125
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Disable SIP ALG
The Session Initiation Protocol (SIP) Application Level Gateway (ALG) is enabled by default
to optimize VoIP phone calls that use the SIP. The Disable SIP ALG check box allows you to
disable the SIP ALG. Disabling the SIP ALG might be useful when running certain
applications.
Dynamic DNS
If your network has a permanently assigned IP address, you can register a domain name and
have that name linked with your IP address by public Domain Name Servers (DNS).
However, if your Internet account uses a dynamically assigned IP address, you do not know
in advance what your IP address is, and the address can change frequently. In this case, use
a commercial Dynamic DNS service that lets you register your domain to its IP address and
forwards traffic directed at your domain to your frequently changing IP address.
The router has a client that can connect to a Dynamic DNS service provider. Once you have
configured your ISP account information in the router, whenever your ISP-assigned IP
address changes, your router contacts your Dynamic DNS service provider, logs in to your
account, and registers your new IP address.
To enable dynamic DNS:
1.
Select
Advanced > Dynamic DNS
to display the following screen.
Figure 49.
Dynamic DNS screen
2.
Access the website of one of the Dynamic DNS service providers whose names appear in
the
Service Provider
drop-down list, and register for an account. For example, for
dyndns.org, go to www.dyndns.org.
3.
Select the
Use a Dynamic DNS Service
check box.
4.
Select the name of your Dynamic DNS service provider.
5.
Type the host name that your Dynamic DNS service provider gave you. The Dynamic DNS
service provider might call this the domain name. If your URL is myName.dyndns.org, then
your host name is myName.
6.
Type the user name for your Dynamic DNS account.
7.
Type the password (or key) for your Dynamic DNS account.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top