Internet and Broadband Settings

41

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

6.

To verify the connection, click the

Status

option arrow in the upper right of the screen to

display the Connection Status pop-up screen. (The following figure shows a static IP

address configuration; the IP addresses are not related to any other examples in this

manual.)

Figure 20.

The Connection Status screen should show a valid IP address and gateway, and you are

connected to the Internet. If the configuration was not successful, see

Troubleshoot the

ISP Connection

on page 370.

Note:

For more information about the Connection Status screen, see

View

the WAN Port Status

on page 356.

Note:

If your ISP requires MAC authentication and another MAC address

has been previously registered with your ISP, then you need to enter

that address on the Broadband Advanced Options screen for the

corresponding WAN interface (see

Configure Advanced WAN

Options and Other Tasks

on page 47).

Configure 6to4 Automatic Tunneling

If your network is an isolated IPv6 network that is not connected to an IPv6 ISP, you need to

make sure that the IPv6 packets can travel over the IPv4 Internet backbone by enabling

automatic 6to4 tunneling.

6to4 is a WAN tunnel mechanism for automatic tunneling of IPv6 traffic between a device

with an IPv6 address and a device with an IPv4 address, or the other way around. 6to4

tunneling is used to transfer IPv6 traffic between LAN IPv6 hosts and WAN IPv6 networks

over the IPv4 network.

Internet and Broadband Settings

42

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

With 6to4 tunnels, IPv6 packets are embedded within the IPv4 packet and then transported

over the IPv4 network. You do not need to specify remote tunnel endpoints, which are

automatically determined by relay routers on the Internet. You cannot use 6to4 tunnels for

traffic between IPv4-only devices and IPv6-only devices.

Note:

If the wireless VPN firewall functions as the endpoint for 6to4

tunnels in your network, make sure that the wireless VPN firewall

has a static IPv4 address (see

Manually Configure an IPv4 Internet

Connection

on page 31). A dynamic IPv4 address can cause routing

problems on the 6to4 tunnels.

Note:

If you do not use a stateful DHCPv6 server in your LAN, you need to

configure the Router Advertisement Daemon (RADVD), and set up

6to4 advertisement prefixes for 6to4 tunneling to function correctly.

For more information, see

Manage the IPv6 LAN

on page 70.

Typically, 6to4 tunnel addresses start with a 2002 prefix (decimal notification). On the

wireless VPN firewall, a 6to4 tunnel is indicated by sit0-WAN1 (see

View the Tunnel Status

and IPv6 Addresses

on page 45).



To enable 6to4 automatic tunneling:

1.

Select

Network Configuration > WAN Settings > 6 to 4 Tunneling

.

Figure 21.

2.

Select the

Enable Automatic Tunneling

check box.

3.

Click

Apply

to save your changes.

Configure ISATAP Automatic Tunnelling

If your network is an IPv4 network or IPv6 network that consists of both IPv4 and IPv6

devices, you need to make sure that the IPv6 packets can travel over the IPv4 intranet by

Internet and Broadband Settings

43

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

enabling and configuring Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

tunneling.

ISATAP is a LAN tunnel mechanism in which the IPv4 network functions as a virtual IPv6

local link. Each IPv4 address is mapped to a link-local IPv6 address, that is, the IPv4 address

is used in the interface portion of the IPv6 address. ISATAP tunneling is used intra-site, that

is, between addresses in the LAN. For more information about link-local addresses, see

Manage the IPv6 LAN

on page 70.

Note:

If you do not use a stateful DHCPv6 server in your LAN, you need to

configure the Router Advertisement Daemon (RADVD), and set up

ISATAP advertisement prefixes (which are referred to as

Global/Local/ISATAP prefixes) for ISATAP tunneling to function

correctly. For more information, see

Manage the IPv6 LAN

on

page 70.

The wireless VPN firewall determines the link-local address by concatenating the IPv6

address with the 32 bits of the IPv4 host address:

•

For a unique global address:

fe80:0000:0000:0000:0000:5efe (or fe80::5efe) is concatenated with the IPv4 address.

For example, fe80::5efe with 10.29.33.4 becomes fe80::5efe:10.29.33.4, or in

hexadecimal format, fe80::5efe:a1d:2104.

•

For a private address:

fe80:0000:0000:0000:0200:5efe (or fe80::200:5efe) is concatenated with the IPv4

address. For example, fe80::200:5efe with 192.168.1.1 becomes

fe80::200:5efe:192.168.1.1, or in hexadecimal format, fe80::200:5efe:c0a8:101.



To configure an ISATAP tunnel:

1.

Select

Network Configuration > WAN Settings > ISATAP Tunnels

. The ISATAP

Tunnels screen displays. (The following figure shows some examples.)

Figure 22.

Internet and Broadband Settings

44

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

2.

Click the

Add

table button under the List of Available ISATAP Tunnels table. The Add

ISATAP Tunnel screen displays:

Figure 23.

3.

Specify the tunnel settings as explained in the following table.

4.

Click

Apply

to save your changes.



To edit an ISATAP tunnel:

1.

On the ISATAP Tunnels screen, click the

Edit

button in the Action column for the tunnel

that you want to modify. The Edit ISATAP Tunnel screen displays. This screen is

identical to the Add ISATAP Tunnel screen.

2.

Modify the settings as explained in the previous table.

3.

Click

Apply

to save your settings.



To delete one or more tunnels:

1.

On the ISATAP Tunnels screen, select the check box to the left of each tunnel that you

want to delete, or click the

Select All

table button to select all tunnels.

2.

Click the

Delete

table button.

Table 7.

Add ISATAP Tunnel screen settings

Setting

Description

ISATAP Subnet Prefix

The IPv6 prefix for the tunnel.

Local End Point

Address

From the drop-down list, select the type of local address:

•

LAN

. The local end point address is the address of the default VLAN.

•

Other IP

. The local end point address is another LAN IP address that you need

to specify in the IPv4 Address fields.

IPv4 Address

If you select Other IP from the Local End Point Address drop-down list, enter the

IPv4 address.

Internet and Broadband Settings

45

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

View the Tunnel Status and IPv6 Addresses

The IPv6 Tunnel Status screen displays the status of all active 6to4 and ISATAP tunnels and

their IPv6 addresses.



To view the status of the tunnels and IPv6 addresses:

Select

Monitoring > Router Status > Tunnel Status

. The Tunnel Status screen displays:

Figure 24.

The IPv6 Tunnel Status table shows the following fields:

•

Tunnel Name

. The tunnel name for the 6to4 tunnel is always sit0-WAN1 (SIT stands for

simple Internet transition); the tunnel name for an ISATAP tunnel is isatapx-LAN, in which

x is an integer.

•

IPv6 Address

. The IPv6 address of the local tunnel endpoint.

Configure Dynamic DNS

Dynamic DNS (DDNS) is an Internet service that allows devices with varying public IPv4

addresses to be located using Internet domain names. To use DDNS, you need to set up an

account with a DDNS provider such as DynDNS.org, TZO.com, Oray.net, or 3322.org. (Links

to DynDNS, TZO, Oray, and 3322 are provided for your convenience as option arrows on the

DDNS configuration screens.) The wireless VPN firewall firmware includes software that

notifies DDNS servers of changes in the WAN IP address so that the services running on this

network can be accessed by others on the Internet.

If your network has a permanently assigned IP address, you can register a domain name and

have that name linked with your IP address by public Domain Name Servers (DNS).

However, if your Internet account uses a dynamically assigned IP address, you will not know

in advance what your IP address will be, and the address can change frequently—hence, the

need for a commercial DDNS service, which allows you to register an extension to its

domain, and restores DNS requests for the resulting fully qualified domain name (FQDN) to

your frequently changing IP address.

After you have configured your account information on the wireless VPN firewall, when your

ISP-assigned IP address changes, your wireless VPN firewall automatically contacts your

DDNS service provider, logs in to your account, and registers your new IP address.