Page 16 / 161 Scroll up to view Page 11 - 15
16
Section 3
General
Local Area Network
DHCP (
Dynamic Host Confi
guration Protocol
)
Server
DHCP Server functionality enables the Gateway to assign your LAN com-
puter(s) a “private” IP address and other parameters that allow network
communication. The default DHCP Server configuration of the Gateway
supports up to 253 LAN IP addresses.
This feature simplifies network administration because the Gateway main-
tains a list of IP address assignments. Additional computers can be added
to your LAN without the hassle of configuring an IP address.
DHCP (
Dynamic Host Confi
guration Protocol
)
Relay Agent
DHCP Relay functionality enables the Gateway to forward a DHCP client
request to a specified DHCP Server. This assigned DHCP Server will reply to
the request with an IP address and other network parameters.
DNS Proxy
Domain Name System (DNS) provides end users with the ability to look for
devices or web sites through the use of names, rather than IP addresses.
For websurfers, this technology allows a user to enter the URL (Universal
Resource Locator) text string to access a desired website. Each text string
identifier has an associated IP address, a series of numbers in the format of
xxx.xxx.xxx.xxx (e.g. 147.240.101.006). It is DNS servers that are respon-
sible for this text-to-IP Address translation. DNS Servers, in most cases, are
located at Internet Service Provider facilities. They translate domain names
into the desired IP address for locating an Internet website by answering
DNS requests.
The Cayman DNS Proxy feature allows the LAN-side IP address of the Gate-
way to be used for proxying DNS requests from hosts on the LAN to the
DNS Servers configured in the gateway. This is accomplished by having the
Gateway's LAN address handed out as the “DNS Server” to the DHCP cli-
ents on the LAN.
The Cayman DNS Proxy only proxies UDP DNS queries, not TCP DNS
queries.
Downloaded from
www.Manualslib.com
manuals search engine
Page 17 / 161
17
Section 3
General
Wide Area Network
DHCP (
Dynamic Host Confi
guration Protocol
) Client
DHCP Client functionality enables the Gateway to request an IP address
from your Service Provider. DHCP servers on your Service Provider’s net-
work reply to DHCP Client requests and assign the network parameters.
PPPoE (
Point-to-Point Protocol over Ethernet
)
The PPPoE specification, incorporating the PPP and Ethernet standards,
allows your computer(s) to connect to your Service Provider’s network
through your Ethernet WAN connection. The Netopia Cayman-series Gate-
way supports PPPoE, eliminating the need to install PPPoE client software
on any LAN computers.
Service Providers may require the use of PPP authentication protocols such
as Challenge Handshake Authentication Protocol (CHAP) or Password
Authentication Protocol (PAP). CHAP and PAP use a username and pass-
word pair to authenticate users with a PPP server.
A CHAP authentication process works as follows:
1.
The password is used to scramble a challenge string.
2.
The password is a shared secret, known by both peers.
3.
The unit sends the scrambled challenge back to the peer.
PAP, a less robust method of authentication, sends a username and pass-
word to a PPP server to be authenticated. PAP’s username and password
pair are not encrypted, and therefore, sent “unscrambled”.
Instant-On PPP
You can configure your Gateway for one of two types of Internet connec-
tions:
Always On
Instant On
These selections provide either an uninterrupted Internet connection or an
as-needed connection.
While an Always On connection is convenient, it does leave your network
permanently connected to the Internet, and therefore potentially vulnera-
ble to attacks.
Cayman's Instant On technology furnishes almost all the benefits of an
Always-On connection while providing two additional security benefits:
Your network cannot be attacked when it is not connected.
Downloaded from
www.Manualslib.com
manuals search engine
Page 18 / 161
18
Section 3
General
Your network may change address with each connection making it
more difficult to attack.
When you configure Instant On access, you can also configure an idle
time-out value. Your Gateway monitors traffic over the Internet link and
when there has been no traffic for the configured number of seconds, it
disconnects the link.
When new traffic that is destined for the Internet arrives at the Gateway,
the Gateway will instantly re-establish the link.
Your service provider may be using a system that assigns the Internet
address of your Gateway out of a pool of many possible Internet addresses.
The address assigned varies with each connection attempt, which makes
your network a moving target for any attacker.
Static IP Addresses
If your Service Provider requires the Cayman Gateway to use Static IP
addressing, you must configure your Gateway for it. Dynamically assigned
addresses allow a service provider’s customer to install their Gateway with-
out WAN configuration. Static addresses never time out; dynamic
addresses time out and will be reassigned.
A static IP address is preferred for setting up and maintaining pinholes
through the Cayman Gateway’s NAT security facility.
Your Service Provider may not offer a static IP address option.
IPMaps
IPMaps supports one-to-one Network Address Translation (NAT) for IP
addresses assigned to servers, hosts, or specific computers on the LAN side
of the Cayman Gateway.
With IPMaps, a Service Provider-assigned static IP address is mapped to a
specific internal device. This allows a LAN-located device to appear public
without compromising other locally attached devices. The external IP
addresses must be on the same subnet.
IPMaps is used for applications such as Web, email, and FTP servers.
See
How To: Configure for IPMaps
on
page 52
for more information.
Downloaded from
www.Manualslib.com
manuals search engine
Page 19 / 161
19
Section 3
General
Security
Password Protection
Access to your Cayman device is controlled through two access control
accounts,
Admin
or
User
.
The
Admin
, or administrative user, performs all configuration, manage-
ment or maintenance operations on the Gateway.
The
User
account provides monitor capability
only
.
A user may
NOT
change the configuration, perform upgrades or invoke
maintenance functions.
For the security of your connection, an Admin password must be set on the
Cayman unit.
Network Address T
ranslation (
NA
T)
The Cayman Gateway Network Address Translation (NAT) security feature
lets you conceal the topology of a hard-wired Ethernet or wireless network
connected to its LAN interface from routers on networks connected to its
WAN interface. In other words, the end computer stations on your LAN are
invisible
from the Internet.
Only a
single WAN IP address
is required to provide this security support
for your entire LAN.
LAN sites that communicate through an Internet Service Provider typically
enable NAT, since they usually purchase only one IP address from the ISP.
When NAT is
ON
, the Cayman Gateway “proxies” for the end com-
puter stations on your network by pretending to be the originating host
for network communications from non-originating networks. The WAN
interface address is the only IP address exposed.
The Cayman Gateway tracks which local hosts are communicating with
which remote hosts. It routes packets received from remote networks to
the correct computer on the LAN (Ethernet A) interface.
When NAT is
OFF
, a Cayman Gateway acts as a traditional TCP/IP
router, all LAN computers/devices are exposed to the Internet.
A diagram of a typical NAT-enabled LAN is shown below:
Downloaded from
www.Manualslib.com
manuals search engine
Page 20 / 161
20
Section 3
General
A similar configuration applies to a DSL WAN interface (3220 family).
Cayman Advanced Features for NA
T
Using the NAT facility provides effective LAN security. However, there are
user applications that require methods to selectively by-pass this security
function for certain types of Internet traffic.
Cayman Gateways provide special pinhole configuration rules that enable
users to establish NAT-protected LAN layouts that still provide flexible by-
pass capabilities.
Some of these rules require coordination with the unit’s embedded admin-
istration services: the internal Web (HTTP) Port (TCP 80) and the internal
Telnet Server Port (TCP 23).
Internal Servers
Related to the pinhole configuration rules is an internal port forwarding
facility that enables you to:
Direct traffic to specific hosts/computers on the LAN side of the Gate-
way.
Eliminate conflicts with embedded administrative ports 80 and 23.
1. The default setting for NAT is
ON
.
2. Cayman uses Port Address Translation (PAT) to implement the NAT
facility.
3. NAT Pinhole traffic (discussed below) is always initiated from the
WAN side.
WAN
Interface
LAN
Ethernet
Interface
Dual Ethernet Gateway
NAT
Internet
Embedded Admin Services
:
HTTP-Web Server and Telnet Server Port
NAT-protected
LAN stations
Cable
Modem
Ethernet
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top