1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 26
Page 126 / 469 Scroll up to view Page 121 - 125
LAN Configuration
126
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 68.
2.
Enter the settings as described in the following table:
3.
Click
Apply
to save your changes and add the new IPv6 address pool to the List of Prefixes
to Advertise table on the RADVD screen for the DMZ.
To edit an advertisement prefix:
1.
On the RADVD screen for the DMZ (see
Figure
67
on page
124), click the
Edit
button in
the Action column for the advertisement prefix that you want to modify. The Add
Advertisement Prefix screen displays.
2.
Modify the settings as described in the previous table.
Table 28.
Add Advertisement Prefix screen settings for the DMZ
Setting
Description
IPv6 Prefix Type
Specify the IPv6 prefix type by making a selection from the drop-down list:
6to4
. The prefix is for a 6to4 address. You need to select a WAN interface from
the 6to4Interface drop-down list, and complete the SLA ID field and Prefix Lifetime
field. The other fields are masked out.
Global/Local/ISATAP
. The prefix is for a global, local, or ISATAP address. This
needs to be a global prefix or a site-local prefix; it cannot be a link-local prefix. You
need to complete the IPv6 Prefix field, IPv6 Prefix Length field, and Prefix Lifetime
field. The 6to4Interface drop-down list and SLA ID field are masked out.
6to4Interface
Select a WAN interface from the drop-down list.
SLA ID
Enter the site level aggregation identifier (SLA ID) for the 6to4 address prefix that
should be included in the advertisement.
IPv6 Prefix
Enter the IPv6 prefix for the VPN firewall’s DMZ that should be included in the
advertisement.
IPv6 Prefix Length
Enter the IPv6 prefix length (typically 64) that should be included in the advertisement.
Prefix Lifetime
The prefix lifetime specifies how long the IP address that was created as a result of the
router advertisement should remain valid.
Enter the prefix lifetime in seconds that should be included in the advertisement. The
minimum period is 0 seconds; the maximum period is 65536 seconds.
Page 127 / 469
LAN Configuration
127
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3.
Click
Apply
to save your settings.
To delete one or more advertisement prefixes:
1.
On the RADVD screen for the DMZ screen (see
Figure
67
on page
124), select the
check box to the left of each advertisement prefix that you want to delete, or click the
Select All
table button to select all advertisement prefixes.
2.
Click the
Delete
table button.
Manage Static IPv4 Routing
Configure Static IPv4 Routes
Configure the Routing Information Protocol
IPv4 Static Route Example
Static routes provide additional routing information to your VPN firewall. Under normal
circumstances, the VPN firewall has adequate routing information after it has been
configured for Internet access, and you do not need to configure additional static routes. You
should configure static routes only for unusual cases such as multiple firewalls or multiple IP
subnets on your network.
Note:
The VPN firewall automatically sets up routes between VLANs and
secondary IPv4 addresses that you have configured on the LAN
Multi-homing (IPv4) screen (see
Configure IPv4 Multihome LAN IP
Addresses on the Default VLAN
on page
94). Therefore, you do not
need to manually add an IPv4 static route between a VLAN and a
secondary IPv4 address.
Configure Static IPv4 Routes
To add an IPv4 static route to the Static Route table:
1.
Select
Network Configuration > Routing
. In the upper right of the screen, the IPv4
radio button is selected by default. The Static Routing screen displays the IPv4 settings.
(The following figure contains one example.)
Figure 69.
Page 128 / 469
LAN Configuration
128
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
Click the
Add
table button under the Static Routes table. The Add Static Route screen
displays:
Figure 70.
3.
Enter the settings as described in the following table:
4.
Click
Apply
to save your settings. The new static route is added to the Static Routes table.
To edit an IPv4 static route:
1.
On the Static Routing screen for IPv4 (see
Figure
69
on page
127), click the
Edit
button
in the Action column for the route that you want to modify. The Edit Static Route screen
Table 29.
Add Static Route screen settings for IPv4
Setting
Description
Route Name
The route name for the static route (for purposes of identification and
management).
Active
To make the static route effective, select the
Active
check box.
Note:
A route can be added to the table and made inactive if not needed. This
allows you to use routes as needed without deleting and re-adding the entry. An
inactive route is not advertised if RIP is enabled.
Private
If you want to limit access to the LAN only, select the
Private
check box. Doing so
prevents the static route from being advertised in RIP.
Destination IP Address
The destination IP address of the host or network to which the route leads.
Subnet Mask
The IP subnet mask of the host or network to which the route leads. If the
destination is a single host, enter
255.255.255.255
.
Interface
From the drop-down list, select the physical or virtual network interface (the WAN1,
WAN2, WAN3, or WAN4 interface, a VLAN, or the DMZ interface) through which
the route is accessible.
Gateway IP Address
The gateway IP address through which the destination host or network can be
reached.
Metric
The priority of the route. Select a value between 2 and 15. If multiple routes to the
same destination exist, the route with the lowest metric is used.
Page 129 / 469
LAN Configuration
129
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
displays. This screen is identical to the Add Static Route screen (see the previous
figure).
2.
Modify the settings as described in the previous table.
3.
Click
Apply
to save your settings.
To delete one or more routes:
1.
On the Static Routing screen for IPv4 (see
Figure
69
on page
127), select the check box
to the left of each route that you want to delete, or click the
Select All
table button to
select all routes.
2.
Click the
Delete
table button.
Configure the Routing Information Protocol
Routing Information Protocol (RIP), RFC 2453, is an Interior Gateway Protocol (IGP) that is
commonly used in internal IPv4 networks (LANs). RIP enables a router to exchange its
routing information automatically with other routers, to dynamically adjust its routing tables,
and to adapt to changes in the network. RIP is disabled by default. RIP does not apply to
IPv6.
To enable and configure RIP:
1.
Select
Network Configuration > Routing
. In the upper right of the screen, the IPv4
radio button is selected by default. The Static Routing screen displays the IPv4 settings
(see
Figure
69
on page
127).
2.
Click the
RIP Configuration
option arrow to the right of the Static Routing submenu tab.
The RIP Configuration screen displays. (The following figure contains some examples.)
Figure 71.
Page 130 / 469
LAN Configuration
130
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3.
Enter the settings as described in the following table:
Table 30.
RIP Configuration screen settings
Setting
Description
RIP
RIP Direction
From the RIP Direction drop-down list, select the direction in which the VPN
firewall sends and receives RIP packets:
None
. The VPN firewall neither advertises its route table, nor accepts any RIP
packets from other routers. This effectively disables RIP, and is the default
setting.
In Only
. The VPN firewall accepts RIP information from other routers but does
not advertise its routing table.
Out Only
. The VPN firewall advertises its routing table but does not accept
RIP information from other routers.
Both
. The VPN firewall advertises its routing table and also processes RIP
information received from other routers.
RIP Version
By default, the RIP version is set to Disabled. From the RIP Version drop-down list,
select the version:
RIP-1
. Classful routing that does not include subnet information. This is the
most commonly supported version.
RIP-2
. Routing that supports subnet information. Both RIP-2B and RIP-2M
send the routing data in RIP-2 format:
-
RIP-2B
. Sends the routing data in RIP-2 format and uses subnet
broadcasting.
-
RIP-2M
. Sends the routing data in RIP-2 format and uses multicasting.
Authentication for RIP-2B/2M
Authentication for
RIP-2B/2M required?
Authentication for RP-2B or RIP-2M is disabled by default, that is, the No radio
button is selected. To enable authentication for RP-2B or RIP-2M, select the
Yes
radio button, and enter the settings for the following fields.
First Key Parameters
MD5 Key Id
The identifier for the key that is used for authentication.
MD5 Auth Key
The password that is used for MD5 authentication.
Not Valid Before
The beginning of the lifetime of the MD5 key. Enter the month,
date, year, hour, minute, and second. Before this date and
time, the MD5 key is not valid.
Not Valid After
The end of the lifetime of the MD5 key. Enter the month, date,
year, hour, minute, and second. After this date and time, the
MD5 key is no longer valid.
Second Key Parameters
MD5 Key Id
The identifier for the key that is used for authentication.
MD5 Auth Key
The password that is used for MD5 authentication.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top