91

Links Bar

Define Custom Service

To configure a Custom Service, choose whether to use Port Forwarding or Trigger Ports.

•

Port Forwarding

forwards a range of WAN ports to an IP address on the LAN.

•

Trigger Ports

forwards a range of ports to an IP address on the LAN only after specific

outbound traffic “triggers” the feature.

Click the

Ne

xt

button.

If you chose Port Forwarding, the Port Range entry screen appears.

Port Forwarding forwards a range of WAN ports to an IP address on the LAN. Enter the fol-

lowing information:

92

•

Service Name:

A unique identifier for the Custom Service.

•

Global Port Range:

Range of ports on which incoming traffic will be received.

•

Base Host Port:

The port number at the start of the port range your Router should use

when forwarding traffic of the specified type(s) to the internal IP address.

•

Protocol:

Protocol type of Internet traffic, TCP or UDP.

Click the

Ne

xt

button.

If you chose Trigger Ports, the Trigger Ports entry screen appears.

Trigger Ports forwards a range of ports to an IP address on the LAN only after specific out-

bound traffic “triggers” the feature. Enter the following information:

•

Service Name:

A unique identifier for the Custom Service.

•

Global Port Range:

Range of ports on which incoming traffic will be received.

•

Local Trigger Port:

Port number of the type of outbound traffic that needs to happen

(will be the trigger) to then allow the configured ports for inbound traffic.

Example

: Set the trigger port to 21 and configure a range of 25 – 110. You would need

to do an outbound ftp before you were able to do an inbound smtp.

Click the

Ne

xt

button.

93

Links Bar

Static NAT

This feature allows you to:

•

Direct your Router to forward all externally initiated IP traffic (TCP and UDP protocols

only) to a default host on the LAN.

•

Enable it for certain situations:

– Where you cannot anticipate what port number or packet protocol an in-bound appli-

cation might use. For example, some network games select arbitrary port numbers

when a connection is opened.

– When you want all unsolicited traffic to go to a specific LAN host.

This feature allows you to direct unsolicited or non-specific traffic to a designated LAN sta-

tion. With NAT “On” in the Router, these packets normally would be discarded.

For instance, this could be application traffic where you don’t know (in advance) the port or

protocol that will be used. Some game applications fit this profile.

From the pull-down menu, select the address of the PC that you want to be your default

NAT destination.

Click the

Ne

xt

button, and your choice will be so designated.

94

IPSec

When you click on the

IPSec

link, the IPSec configuration screen appears.

Your Gateway can support two mechanisms for IPSec tunnels:

•

IPSec PassThrough

supports Virtual Private Network (VPN) clients running on LAN-

connected computers. Normally, this feature is enabled.

You can disable it if your LAN-side VPN client includes its own NAT interoperability

option. Uncheck the

Enable IPSec

checkbox.

IPSec VPN

A VPN IPSec Tunnel provides a single, encrypted tunnel to be

terminated on

the Gateway,

making a secure tunnel available for

all

LAN- connected users. This implementation offers

the following:

•

Eliminates the need for VPN client software on individual PCs.

•

Reduces the complexity of tunnel configuration.

•

Simplifies the ongoing maintenance for secure remote access.

95

Links Bar

Configuring an IPSec VPN Tunnel

Use the following procedure to configure your IPSec tunnel.

1.

Obtain your configuration information from your network administrator.

The tables

“

Parameter Descriptions

” on page

100

describe the various parameters that

may be required for your tunnel. Not all of them need to be changed from the defaults

for every VPN tunnel. Consult with your network administrator.

2.

Complete the Parameter Setup worksheet

“IPSec Tunnel Details Parameter Setup

Worksheet” on page 96

.

The worksheet provides spaces for you to enter your own specific values. You can print

the page for easy reference. IPSec tunnel configuration requires precise parameter

setup between VPN devices. The Setup Worksheet (

page

96

) facilitates setup and

assures that the associated variables are

identical

.