1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 14
Page 66 / 469 Scroll up to view Page 61 - 65
IPv4 and IPv6 Internet and WAN Settings
66
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To configure an ISATAP tunnel:
1.
Select
Network Configuration > WAN Settings > ISATAP Tunnels
. The ISATAP
Tunnels screen displays. (The following figure shows some examples.)
Figure 38.
2.
Click the
Add
table button under the List of Available ISATAP Tunnels table. The Add
ISATAP Tunnel screen displays:
Figure 39.
3.
Specify the tunnel settings as described in the following table.
4.
Click
Apply
to save your changes.
Table 11.
Add ISATAP Tunnel screen settings
Setting
Description
ISATAP Subnet Prefix
The IPv6 prefix for the tunnel.
Local End Point
Address
From the drop-down list, select the type of local address:
LAN
. The local endpoint address is the address of the default VLAN.
Other IP
. The local endpoint address is another LAN IP address that you
need to specify in the IPv4 Address fields.
IPv4 Address
If you select Other IP from the Local End Point Address drop-down list, enter the
IPv4 address.
Page 67 / 469
IPv4 and IPv6 Internet and WAN Settings
67
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To edit an ISATAP tunnel:
1.
On the ISATAP Tunnels screen, click the
Edit
button in the Action column for the tunnel
that you want to modify. The Edit ISATAP Tunnel screen displays. This screen is
identical to the Add ISATAP Tunnel screen.
2.
Modify the settings as described in the previous table.
3.
Click
Apply
to save your settings.
To delete one or more tunnels:
1.
On the ISATAP Tunnels screen, select the check box to the left of each tunnel that you
want to delete, or click the
Select All
table button to select all tunnels.
2.
Click the
Delete
table button.
View the Tunnel Status and IPv6 Addresses
The IPv6 Tunnel Status screen displays the status of all active 6to4 and ISATAP tunnels and
their IPv6 addresses.
To view the status of the tunnels and IPv6 addresses:
Select
Monitoring > Router Status > Tunnel Status
. The Tunnel Status screen displays:
Figure 40.
The IPv6 Tunnel Status table shows the following fields:
Tunnel Name
. The tunnel name for the 6to4 tunnel is always sit0-WAN1 (SIT stands for
simple Internet transition); the tunnel name for an ISATAP tunnel is isatapx-LAN, in which
x is an integer.
IPv6 Address
. The IPv6 address of the local tunnel endpoint.
Configure Stateless IP/ICMP Translation
Stateless IP/ICMP Translation (SIIT) is a transition mechanism algorithm that translates
between IPv4 and IPv6 packet headers. Using SIIT, an IPv6 device that does not have a
permanently assigned IPv4 addresses can communicate with an IPv4-only device.
SIIT functions with IPv4-translated addresses, which are addresses of the format
0::ffff:0:0:0/96 for IPv6-enabled devices. You can substitute an IPv4 address in the format
Page 68 / 469
IPv4 and IPv6 Internet and WAN Settings
68
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
a.b.c.d for part of the IPv6 address so that the IPv4-translated address becomes
0::ffff:0:a.b.c.d/96.
For SIIT to function, the routing mode needs to be IPv4 / IPv6. NETGEAR’s implementation of
SIIT lets you enter a single IPv4 address on the SIIT screen. This IPv4 address is then used
in the IPv4-translated address for IPv6 devices to enable communication between IPv4-only
devices on the VPN firewall’s LAN and IPv6-only devices on the WAN.
To configure SIIT:
1.
Select
Network Configuration > SIIT
. The SIIT screen displays:
Figure 41.
2.
Select the
Enable SIIT
check box.
3.
In the SIIT Address fields, enter the IPv4 address that should be used in the IPv4-translated
address for IPv6 devices.
4.
Click
Apply
to save your changes.
Configure Auto-Rollover for IPv6 Interfaces
You can configure the VPN firewall’s IPv6 interfaces for auto-rollover for increased system
reliability. You need to specify one WAN interface as the primary interface.
The VPN firewall supports the following modes for IPv6 interfaces:
Primary WAN mode
. The selected WAN interface is made the primary interface. The
other three interfaces are disabled.
Auto-rollover mode
. The selected WAN interface is defined as the primary link, and
another interface needs to be defined as the rollover link. The remaining two interfaces
are disabled. As long as the primary link is up, all traffic is sent over the primary link.
When the primary link goes down, the rollover link is brought up to send the traffic. When
the primary link comes back up, traffic automatically rolls back to the original primary link.
If you want to use a redundant ISP link for backup purposes, select the WAN port that
should function as the primary link for this mode. Ensure that the backup WAN port has
also been configured and that you configure the WAN failure detection method on the
WAN Advanced Options screen to support auto-rollover.
Page 69 / 469
IPv4 and IPv6 Internet and WAN Settings
69
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To use a redundant ISP link for backup purposes, ensure that the backup WAN interface has
already been configured. Then select the WAN interface that should function as the primary
link for this mode, and configure the WAN failure detection method on the WAN Mode screen
to support auto-rollover.
When the VPN firewall is configured in auto-rollover mode, it uses the WAN failure detection
method to detect the status of the primary link connection at regular intervals. For IPv6
interfaces, the VPN firewall detects link failure by sending a ping request to an IP address
From the primary WAN interface, ping requests are sent to the specified IP address. If replies
are not received, after a specified number of retries, the primary WAN interface is considered
down and a rollover to the backup WAN interface occurs. When the primary WAN interface
comes back up, another rollover occurs from the backup WAN interface back to the primary
WAN interface. WAN failure detection applies only to the primary WAN interface, that is, it
monitors the primary link only.
Configure Auto-Rollover Mode for IPv6 Interfaces
To configure auto-rollover mode:
1.
Select
Network Configuration > WAN Settings > WAN Mode
. The WAN Mode screen
displays:
Figure 42.
2.
In the Load Balancing Settings section of the screen, configure the following settings:
a.
Select the
Primary WAN Mode
radio button.
b.
From the corresponding drop-down list on the right, select a WAN interface to
function as the primary WAN interface. The other WAN interfaces become disabled.
c.
Select the
Auto Rollover
check box.
d.
From the corresponding drop-down list on the right, select a WAN interface to
function as the backup WAN interface.
Page 70 / 469
IPv4 and IPv6 Internet and WAN Settings
70
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Note:
Ensure that the backup WAN interface is configured before enabling
auto-rollover mode.
3.
Click
Apply
to save your settings.
Configure the Failure Detection Method for IPv6 Interfaces
To configure the failure detection method:
1.
Select
Network Configuration > WAN Settings > WAN Setup
.
2.
In the upper right of the screen, select the
IPv6
radio button. The WAN Setup screen
displays the IPv6 settings (See
Figure
29
on page
55).
3.
Click the
Edit
table button in the Action column of the WAN interface that you selected as
the primary WAN interface. The WAN IPv6 ISP Settings screen displays (see
Figure
30
on
page
56, which shows the WAN2 IPv6 ISP Settings screen as an example).
4.
Click the
Advanced
option arrow in the upper right of the screen. The WAN IPv6 Advanced
Options screen displays for the WAN interface that you selected:
Figure 43.
5.
Enter the settings as described in the following table.
Table 12.
Failure detection settings
Setting
Description
Ping IP Address
The IP address of the interface that should receive the ping request. The interface
should not reject the ping request and should not consider ping traffic to be abusive.
Note:
Pings are sent through the WAN interface that is being monitored. The retry
interval and number of failover attempts determine how quickly the VPN firewall
switches from the primary link to the backup link if the primary link fails, or when the
primary link comes back up, switches back from the backup link to the primary link.
Retry Interval is
The retry interval in seconds. A ping is sent after every retry interval. The default retry
interval is 30 seconds.
Failover after
The number of failover attempts. The primary WAN interface is considered down after
the specified number of queries have failed to elicit a reply. The backup interface is
brought up after this situation has occurred. The failover default is 4
failures.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top