Page 56 / 161
Scroll up to view Page 51 - 55
56
Section 4
Configure
Confi
gure a Default Server
This feature allows you to direct unsolicited or non-specific traffic to a des-
ignated LAN station. With NAT “On” in the Gateway, these packets nor-
mally would be discarded.
For instance, this could be application traffic where you don’t know (in
advance) the port or protocol that will be utilized. Some game applications
fit this profile.
Use the following steps to setup a NAT default server to receive this infor-
mation:
Step 1
Select the
Configure
toolbar button, then
Advanced
, then the
Default Server
link.
Step 2
Check the
Enable Default Server
checkbox. The NAT Server IP Address field
appears.
Step 3
Determine the IP address of the LAN computer you have chosen to receive
the unexpected or unknown traffic. Enter this address in the NAT Server IP
Address field.
Step 4
Click the
Submit
button.
Step 5
Click the
Alert
button.
Step 6
Click the
Save and Restart
link to confirm.
NAT Default Server capability is not available over SafeHarbour IPsec.
Downloaded from
www.Manualslib.com
manuals search engine
Page 57 / 161
57
Section 4
Configure
Typical Network Diagram
A typical network utilizing the NAT Default Server looks like this:
NAT Combination Application
Cayman’s NAT security feature allows you to configure a sophisticated LAN
layout that uses
both
the Pinhole and Default Server capabilities.
With this topology, you configure the embedded administration ports as a
first task, followed by the Pinholes and, finally, the NAT Default Server.
When using both NAT pinholes and NAT Default Server the Gateway works
with the following rules (in sequence) to forward traffic from the Internet
to the LAN:
1.
If the packet is a response to an existing connection created by outbound traf-
fic from a LAN PC, forward to that station.
2.
If not, check for a match with a pinhole configuration and, if one is found, for-
ward the packet according to the pinhole rule.
3.
If there’s no pinhole, the packet is forwarded to the Default Server.
WAN
LAN
Ethernet
Interface
192.168.1.3
192.168.1.2
192.168.1.1
LAN STN #3
LAN STN #2
NAT Default Server
Gateway
NAT
NAT Pinhole
Embedded
Web Server
210.219.41.20
210.219.41.20
(Port 80 default)
NAT protected
Ethernet
Interface
Internet
Downloaded from
www.Manualslib.com
manuals search engine
Page 58 / 161
58
Section 4
Configure
Link
DNS
Response
Description
Your Service Provider may maintain a Domain Name server. If you have
the information for the DNS servers, enter it on the DNS page. If your
Gateway is configured to use DHCP to obtain its WAN IP address, the
DNS information is automatically obtained from that same DHCP
Server.
Downloaded from
www.Manualslib.com
manuals search engine
Page 59 / 161
59
Section 4
Configure
Link
DHCP Server
Response
Description
Your Gateway can provide network configuration information to com-
puters on your LAN, using the Dynamic Host Configuration Protocol
(DHCP).
If you already have a DHCP server on your LAN, you should turn this
service off.
If you want the Gateway to provide this service, click the
Server Mode
pulldown menu, then configure the range of IP addresses that you
would like the Gateway to hand out to your computers.
You can also specify the length of time the computers can use the con-
figuration information; DHCP calls this period the lease time.
Your Service Provider may, for certain services, want to provide configu-
ration from its DHCP servers to the computers on your LANs. In this
case, the Gateway will relay the DHCP requests from your computers to
a DHCP server in the Service Provider's network.
Click the relay-agent and enter the IP address of the Service Provider's
DHCP server in the Server Address field. This address is furnished by the
Service Provider.
Downloaded from
www.Manualslib.com
manuals search engine
Page 60 / 161
60
Section 4
Configure
Link
SNMP
SNMP presents you with a security issue. The community facility of
SNMP behaves somewhat like a password. The community “
public
”
is a well-known community name. It could be used to examine the
configuration of your Gateway by your service provider or an unin-
vited reviewer. While Cayman's SNMP implementation does not
allow changes to the configuration, the information can be read
from the Gateway.
If you are strongly concerned about security, you may delete the
“public” community.
Description
The Simple Network Management Protocol (SNMP) lets a network
administrator monitor problems on a network by retrieving settings
on remote network devices. The network administrator typically runs
an SNMP management station program on a local host to obtain
information from an SNMP agent. In this case, the Cayman Gateway
is an SNMP agent.
You enter SNMP configuration information on this page.
Your network administrator furnishes the SNMP parameters.
Response
Downloaded from
www.Manualslib.com
manuals search engine