Exterior Router, Let Mail out | Avocent Cyclades-PR4000 instruction

Cyclades-PR4000

Exterior Router

The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny. Thus, ALL desired traffic must be expressly allowed by the rules in the rule list.

DENY

Let

e-mail out

Wo
	rl
	d
	of
		P
			o
			s
			s
			i
			b
			l
			e
			P
			a
			c
	Let		k
	Let		s
			e
			t
	e-mail in
	DENY

DENY

Let Telnet

Connections Out

FIGURE 12.3 DENY AS DEFAULT SCOPE

In Figure 12.3, a conceptual equivalent of the interface is shown. All packets except those which fall into the holes in the ball will be denied entry in to or out of the network.

Chapter 14 - Filters and Rules

126

Image 126

Avocent Cyclades-PR4000 installation manual Exterior Router, Let Mail out, Let Telnet Connections Out

Contents

Cyclades-PR4000 Cyclades-PR4000 Installation Manual FCC Warning StatementCanadian DOC Notice Table of Contents IP Bridge 119 139 156 HOW to USE this Manual Installation Assumptions Convention Description CONFIG=INTERFACE=LText Conventions Icons CONFIGURATION=ALL Cyclades Technical Support and Contact Information Cyclades Corporation USA What is in the BOX Swan Expansion Card Slot with Swan RSV Card or DB-25 MaleWith M.34 Interface Signaling ISDN-PRI CCS or CAS Provisioning the T1/E1 Dialup LinesNumber of Phone Lines Data/Voice Support Isdn Switch Type ISDN-PRI onlyOne-Way or Two-Way Service Phone Numbers, Hunting Groups, and Hunting Sequence Framing Signaling Method and Dialing Method T1 CAS-BR onlyLine Coding Termination at the Customer Premises Using CyROS Menus Lmi-typeANSI, Group of four, None a Discard, save to Flash, or save to Run configuration Special Keys Cyros Management Utility CyROS Management Utility CyROS Management Utility Slot #2 Port #26 Status CyROS Management Utility LCD Operating the Front-Panel Display Modem Overview Modem Order Slot/Link Order ND no Interface Overview Interface Overview Screen IP Traffic Syslog MessagesSystem Info Example 1 Using the PR4000 as a Remote Access Server STEP-BY-STEP Instructions for Common Applications Network RadiusServer Mask PR4000 Telephone Number IP MTU Step ONEParameter Example Your Application NAT E1/T1 Controller Menu Parameters Step Three Radius Server Parameters Step Four Step Five Instructions for listing the configuration PR4000 Host 192.168.0.0Host 192.168.0.11 Parameter Example Your Application Swan Physical Menu Parameters Global Assigned because the IP Mlppp 10 PPP Encapsulation Menu Parameters 11 Static Route Menu Parameters Step SIX Configuration =TO Flash Step Nine Step SevenStep Eight Instructions for listing the configuration Configuration of the Ethernet Interface IP Network ProtocolParameter Description Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW Incoming IP Accounting PR4000 Link PR3000 IP Bridge200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 200.240.240.8 200.240.240.4 Other Parameters Swan Interface Clock Source is always External Step TWO Protocol Be used for authentication E1 and T1 INTERFACES, Without Signaling Rest Same as Add Group Otherwise, see chapter CONFIG=INTERFACE=T1/E1=CHANNEL Menu Item Description Hdlc Step Four E1 and T1 INTERFACES, with Signaling Controller Menu Tree CONFIG=CONTROLLER=T1/E1 CCS Signaling Mode ISDN-PRI Integrated Isdn LineBRI Line Router Analog Line Remote Users ISDN-PRI Interface Configuration Menu Tree Timeout function CAS Signaling Mode Integrated CAS LineRouter Analog Line Remote Users Range Parameters Independent of Signaling ModeInterface E1/T1 CAS One Channel All Channels Channel Menu CONFIG=INTERFACE=T1/E1=CHANNEL Multilink Options Internet Service Provider Modem LANServer IP Address PR4000IP Address Router a Config Interface E1/T1 Channel SIgnaling =MODEMS =DIGITAL Modem Parameter Description LAN-to-LAN Profile Interface T1/E1 Channel Wizards TS ProfileRAS Profile Copy From Channel Menu Items Description Ansi 12 Parameters SET by the RAS Wizard 13 Parameters SET by the LAN-TO-LAN Wizard Network Protocols Network Protocol IP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol DATA-LINK Protocols Encapsulation PPP The Point-to-Point Protocol PPP Menu Char Pppchar HdlcFrame Relay Parameter Description Dlci 200.1.1.1 São Paulo Rio de Janeiro Network Salvador Recife Network Parameter Description Switch / DCE Modem orRouter / DTE Step ONE Menu With PAD Packet Assembler/Disassembler Static Routing Routing ProtocolsRouting Strategies Dynamic Routing 192.168.100.0 Static Routes142.10.0.0 Mask 10.0.0.0 Unnumbered Interfaces Add Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this =PASSWORD=ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface Applies when Area Range N Status is Active Only when Virtual Link Status is Active =IP=OSPF=AREA=AUTHENTICATION Type BGP-4 Configuration Example System with PR3000 in AS 100 Being Configured 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus CONFIG=IP=BGP4=GLOBAL CONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=NEIGHBOR=ADD Route Reflector Client Routing Protocols 107 Route PR3000 Rred Up Ro 100.10.0.0/16Parameter Description Routes Seq Rule Message From Tele Popeye Route Map Routing Protocols 110 Seq Rule DiscardedDiscarded RoutesRoutesMessage From Tele Popeye Rule CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD Creation of user accounts and passwords CYROS, the Operating SystemCreation of the host table Slip Detailed information can be accessed via Snmp IP Accounting NAT Network Address Translation PR4000 With Translated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time NAT 122 Configuration of IP Filters Rules and Filters Rules List Rule List Exterior Router Perimeter Network Slot 192.168.0.0 Bastion Host 10.0.0.0 Extension to Network Exterior Router Let Mail outLet Telnet Connections Out Filters and Rules 127 TCP Output for IP Filtering Example Interior Router Stop Forged Packets Don’t Allow Access to News Stop Telnets From the Outside Except Bastion Host Filters and Rules 131 Traffic Rule Lists Link 33.33.33.1 25% or lessClient B Filters and Rules 133 Filterlist Name traffic1 Output Showing Parameters for Traffic Rule Example Back Operator Start Internal Network IPX Internetwork Packet ExchangeIPX Network Number Mac Address 00 60 2E 00 11 Configuring the Ethernet Interface Configuring Other InterfacesEnabling IPX Frame Relay RoutingParameter Value for the Example SAP Service Advertisement Protocol Table Routing Table for the Example Virtual Private Network Configuration Virtual Private Network Configuration 143 RSG3 Remote IP Network 9.1 Security Gateway Router Link Link IP10..255.255.0Router IP Address IP172.16.0.0 Link Virtual Private Network Configuration 145 Virtual Private Network Configuration 146 Appendix a Troubleshooting Test CPU Boot Code step What to Do if the Router Does Not Work or Stops Working Event Port 2 LED Morse code Testing the Ethernet Interface Testing the WAN Interface Use of a Cross Cable for Testing T1/E1 Ports and Modems Testing the Two T1/E1 Ports How to Test the Modems DPS Test Results 113 Power Requirements Appendix B. Hardware SpecificationsGeneral Specifications Physical Specifications Console Port External InterfacesConsole Port RTS DTR Ethernet Port Ethernet PortTPTX+ Tptx TPRX+ Tprx T1 and E1 T1/E1 Interface Cables Straight-Through Cable Cross Cable DB-25 Male Cyclades Router Signal Pin PGnd Router-MD / V.35 CablePin 13 B 10 F 15 S 17 T 24 W 11 U DB-25 to M.34 Adapter Cross Cable for Testing the T1/E1 Ports DB-25 Male Modem Cyclades Router Signal Pin PGndISO 2110 Standard Cable TxD/V.35 B TxD/V.35 a RxD/V.35 B RxD/V.35 a E1 / DB-15 Cable RJ-45 Male Appendix C Configuration Without a Console ProcedureRequirements Step One Appendix D Installation of Additional Digital ModemsAppendix D Installation of Additional Digital Modems Step Two Step Four Step Five Step Six Clamp SlotStep Seven Step Eight Step NineClamp Step Ten Step Eleven Index 172 Index 173 Cyclades Philippines