SnapGear 1.7.8 manual Field Description

Page 44

Field	Description
Enable Dial-in	To enable and configure dial-in, check the relevant COM port
	box. The selected port is now available for dial-in access. If no
	COM port is selected, all dial-in attempts will be blocked.
	The current dial-in status of all COM ports is displayed. If dial-
	in is already enabled, the checkbox displays a bold or shaded
	check mark. If dial-in is not enabled, the checkbox is clear
	Note: A port enabled for dial-in cannot be used simultaneously
	for dial-out activities (e.g. dial-on-demand Internet
	connection). If a port was previously set up for Internet access
	and is later enabled for dial-in, the Internet access function is
	disabled.
IP Addresses	Dial-in users must be assigned local IP addresses to access
for Dial-in users	the local network. Specify a free IP address from your local
	network that each dial-up client will use when connecting to
	the SnapGear appliance.
Authentication	The authentication scheme is the method the SnapGear
Scheme	appliance uses to challenge users dialing into the network.
	Dial-in clients must be configured to use the selected
	authentication scheme which may be one of:
	• MSCHAPv2 is the most secure.
	• CHAP is less secure, and PAP (although more
	common) is even less secure. If you select None, no
	username/password authentication is done on dial-in.
	• RADIUS and TACACS+ use a remote authentication
	server on the local network. When selected, you must
	enter the IP address of a server setup to use this
	scheme.
Idle Timeout	If a dial-in connection remains inactive, it can be automatically
	disconnected after a specified time period. Selecting Enable
	idle timeout will disconnect idle connections after 5 minutes.
	Idle time can be set between 0 – 99 minutes.

After enabling and configuring the selected SnapGear appliance COM ports to support dial-in, click Continue to create and configure the dial-in user accounts.

41

Dial-in server configuration

Image 44

Contents Rev May 2nd Table of contents Virtual Private Networking Introduction Terminology Term MeaningLAN Document conventions TCP/IPInstalling and configuring your SnapGear appliance Step ChapterLabel Activity Description Your SnapGear applianceLEDs SnapGear appliance back panels Network interconnections SnapGear appliance features Software featuresDial-in connection features Internet link featuresLAN link features Environmental features Static IP reset Getting startedNew Networks 10.0.0.0 10.255.255.255 10/8 prefix192.168.0.0 192.168.0.255 192.168.0/24 prefix Configuring the SnapGear appliance on your network Page Set up IP addresses Your SnapGear appliance was found on the network Multiple SnapGear appliances were found on the networkYour SnapGear appliance needs an IP address Administrative password SnapGear Management Console web administration pagesInitial setup using Linux Using linsetipUsing an existing local Dhcp or Bootp server Ping -b subnet broadcast address Arp -aConfiguring a new local Dhcp or Bootp server Edit the /etc/inetd.conf fileSnapGear Quick Setup LAN port quick setup LAN port quick setupISP connection quick setup ISP connection quick setupGetting started Configuring the PCs on your network TCP/IP properties Connecting to the Internet Physically connect modem deviceConnect to Internet Adsl Select Internet connectionConnect to Internet cable modem Connect to Internet direct Connect to Internet modemISP. The Password and Confirm Password fields must Field DescriptionAdvanced configuration option Internet failoverFollowing figure shows the failover configuration screen Failed connection Configure PCs to use SnapGear appliance Internet gateway Establishing the connectionDial-in server configuration Dial-in server configuration Dial-in setup Dial-in setupField Description Dial-in user accounts Dial-in user account creationFollowing figure shows the user maintenance screen Dial-in password error Account listRemote user configuration For Windows 95 and WindowsServer types Windows Connect to dialogue boxClick Next to continue 11 Connection availability 13 Remote access login screen Network configuration IP configurationNetwork configuration Advanced IP configuration Advanced IP configurationNetwork configuration Dhcp server configuration Dhcp serverNetwork configuration Additional routes Advanced networkingTraffic shaping Incoming access FirewallIncoming access administration services Incoming access configurationExternal access to services Configure external access to servicesPort forwarding configuration Port forwardingOutgoing access Security group classes configurationOutgoing access settings Firewall rulesIntrusion detection and blocking configuration Intrusion detection and blockingPage Content filtering Content filtering Filtering levels and reporting Filtering Level Description1VPN tunneling using the Pptp server Virtual Private NetworkingPptp client setup Pptp client configuration Pptp server setup Enable and configure the Pptp VPN server Pptp server setupField Description Configuring user accounts for VPN server 4PPTP VPN server accounts screenVirtual Private Networking Configuring the remote VPN client VPN Pptp IP addressVirtual Private Networking VPN client setup Windows 95 and WindowsYour VPN client is now set up correctly Windows NT Network and dial-up connections This displays the Destination Address window Connecting the remote VPN client IPSec setup 12 IPSec setup13 Add new IPSec connection Virtual Private Networking 14 Automatic keying setup Aggressive mode phase 1 settings Technique DescriptionIPSec interoperability Time server PasswordSystem Diagnostics AdvancedFlash upgrade Reset buttonTechnical support Technical supportAppendix a LED status patterns LED Pattern Status ActionAccess Logging Appendix B System LogDefault Deny Eth0Eth1 PppCreating Custom Log Rules Forward Iptables -I Forward -j LOG -i eth+ -o eth+ -p tcp Administrative Access Logging Rate LimitingBoot Log Messages