105, Local / Access, Local / Protocol | Compatible Systems 5.4

Chapter 6 - VPN Ports and LAN-to-LAN Tunnels	105

Local / Access

This used to specify a local host or subnet which will be reachable by the tunnel. It is entered as an IP address followed by a slash followed by the number of significant bits in the entered IP address (i.e., 192.168.41.9/32). To allow access to only a single host, specify 32 in the bits portion.

Local / Protocol

The pull-down menu is used to specify an IP protocol which will accepted by this end of the tunneled. The default of 0 will allow all protocols. Accepted IP Protocol numbers are:

•1 - ICMP (Internet Control Message Protocol)

•6 - TCP (Transmission Control Protocol)

•17 - UDP (User Diagram Protocol)

•47 - GRE (Generic Routing Encapsulation)

•50 - ESP (Encapsulating Security Protocol)

•51 - AH (Authentication Header)

•89 - OSPF (Open Shortest Path First)

Local / Port

The is used to specify a local port number which will be reachable via the tunnel. The default of 0 will allow all ports.

ϖNote: Refer to the IP Filter Name section in the Text Based Configura- tion and Command Line Management Reference Guide for more informa- tion on commonly used ports and their numbers.

Peer / Access

This is used to specify a host or subnet behind the remote tunnel partner which will be reachable via the tunnel. It is entered as an IP address followed by a slash followed by the number of significant bits in the entered IP address (i.e., 192.168.41.9/32). To tunnel to only a single host, specify 32 in the bits portion.

Peer / Protocol

This pull-down menu is used to specify an IP protocol which will be tunneled. If a protocol number is specified, then only traffic of that protocol type will be tunneled. The default of 0 will allow all protocols. Accepted IP Protocol numbers are:

•1 - ICMP (Internet Control Message Protocol)

•6 - TCP (Transmission Control Protocol)

•17 - UDP (User Diagram Protocol)

•47 - GRE (Generic Routing Encapsulation)

Image 111

Compatible Systems 5.4 manual 105, Local / Access, Local / Protocol, Local / Port, Peer / Access, Peer / Protocol

Contents

CompatiView 5.4 Reference Guide Page Table of Contents Iii Installation and Overview VPN Ports and LAN-to-LAN Tunnels Table of Contents TCP/IP Filtering 183 Ospf CompatiView Quickstart Installation and Overview Selecting IP or IPX Operation with Windows CompatiView Installation NotesAbout this Manual System Requirements for Windows CompatiView’s Menus and Main Windows Device View Device View and the Main Window Right-Clicking in the Device View Open Device New ConfigOpen Config File File Menu Save / Restart Options Download Config to Device Dialog Box Firewall Path Save To FileSubinterface VPN Port Database Menu Options Database Options Dialog BoxGeneral Tab Save/Restart Tab Confirmations Tab Advanced Tab Control Menu Download Software Tftp DownloadRestart Device Output Window Statistics MenuCompatiView Output Window PPP Statistics EthernetWAN State Serial Statistics IPX Route Table Ospf ConfigurationIP Route Table IP Routing Command Line Edit Box Moving and Customizing the Windows View menuCustomize Toolbars CommandsWindow Menu Customize Window View Dialog BoxPage IP Routing/Bridging/Off TCP/IP Routing Ethernet Configuration Dialog BoxTCP/IP Routing Ethernet Dialog Box IP Routing & Bridging IP Address Network IP Subnet MaskNetwork IP Broadcast Address Routing Protocol Output RIP Input RIP RIP Split Horizon Ospf IP Routing & Bridging Directed Broadcast TCP/IP Routing WAN Configuration Dialog Box TCP/IP Routing WAN Configuration Dialog Box Numbered Interface Network IP Broadcast Address Update Method RIP Split Horizon IP Routing & Bridging Options TCP/IP Routing VPN Configuration Dialog Box IP Routing/IP Bridging/IP Off IP Address Routing Protocol Update Method Ospf Bridge Logical Diagram TCP/IP Routing Bridge Configuration Dialog Box IP Routing/Off TCP/IP Routing Bridge 0 Configuration Dialog Box Network IP Subnet Mask IP Routing & Bridging Ospf IP Subinterface Dialog Box IP Connection Dialog Box IP Connection Dialog BoxIP On/IP Off IP Address IP Static Routing Dialog Box Destination MaskGateway Redistribute via Metric Ethernet IP Options Bridge IP Options Ethernet or Bridge TCP/IP Options Dialog BoxIP Proxy ARP UDP Forwarding Agents Dialog Box UDP Forwarding Agents Relays WAN IP Options Dialog Box WAN IP OptionsServer IP Address UDP Ports/Protocols Van Jacobson Header Compression Send IP Address Configure Request Protocol Precedence RIP V2 PasswordTCP/IP Routing Options IP Multiprotocol Precedence Dialog Box IP Route Redistribution IP Route Redistribution Dialog Box Ospf Route AggregationRIP to Ospf BGP to RIP Default into OspfOspf to RIP BGP to Ospf IP Routing & Bridging IPX Routing & Bridging IPX Routing Ethernet Configuration Dialog BoxIPX Routing Ethernet Configuration Dialog Box IPX Ethernet Frame Types Seed Status per Frame Type IPX Routing/Bridging/Off Block IPX Type 20 Output Packets RIP Update TimerSAP Update Timer Network Number per Frame Type IPX Routing WAN Configuration Dialog Box IPX Routing WAN Configuration Dialog Box Network Number Optional Remote Node Network Number IPX Routing & Bridging Use Ethernet Port as End-Node Proxy IPX Routing VPN Configuration Dialog Box IPX Routing VPN Configuration Dialog Box IPX Routing/Bridging/Off RIP Update Timer IPX Routing Bridge Configuration Dialog Box IPX Frame Types IPX Routing Bridge 0 Configuration Dialog Box IPX Routing/Off Network Number per Frame Type AppleTalk Routing & Bridging AppleTalk Routing Ethernet Configuration Dialog BoxAppleTalk Phase 1 Configuration AppleTalk Routing Ethernet Configuration Dialog Box Phase 1 Seed Status Phase 1 Routing/Bridging/Off NBP Lookup Filters Filtering Phase 1 Net #Phase 1 Zone Phase 1 Node AppleTalk Phase 2 Configuration Phase 2 Routing/Bridging/OffPhase 2 Seed Status Phase 2 Node Phase 2 Net # RangePhase 2 Zones Phase 2 Default Zone AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing & Bridging AppleTalk On/Bridging/Off Zone NodeOptional Remote End-Node Network Number Optional Remote End-Node Proxy AppleTalk Routing VPN Configuration Dialog BoxAppleTalk Routing VPN Configuration Dialog Box Optional Remote End-Node Node Number AppleTalk On/Bridging/Off AppleTalk Zone AppleTalk Routing Bridge Configuration Dialog Box AppleTalk Routing Bridge 0 Configuration Dialog Box Phase 1 Routing/Off AppleTalk Routing & Bridging Phase 1 Net # Phase 2 Routing/Off Phase 2 Zones NBP Filtering Configuration Dialog Box NBP FilteringNetwork Filters Zone Filters Phase 2 Aarp Probe Time AppleTalk Options Configuration Dialog Box DECnet On Main DECnet Routing Configuration Dialog BoxMain DECnet Routing Configuration Dialog Box DECnet Routing & Bridging Hello Timer Routing TimerArea DECnet Routing & Bridging Max Addresses DECnet Ethernet Configuration Dialog Box DECnet Routing/Bridging/Off DECnet Ethernet Configuration Dialog Box DECnet WAN Configuration Dialog Box DECnet WAN Configuration Dialog BoxDECnet On/Bridging/Off Hello Timer Add VPN Port Dialog Box Add VPN Port Dialog Box Bind To Interface Tunnel Partner VPN Configuration Dialog BoxVPN Ports and LAN-to-LAN Tunnels Partner Address IKE Key Management IKE Key Management Dialog BoxKey Manage Shared Key TransformPerfect Forward Secrecy Encryption IKE Configuration Dialog BoxAuthentication 101 Manual Key Management Enable AuthenticationAuthentication Method Authentication Secret Encryption Method Interoperability Settings Dialog BoxEnable Encryption 103 Local and Peer Settings Interoperability Settings Dialog BoxMode Local / Protocol Local / AccessPeer / Access 105 Peer / Port 107 108 VPN Group Configuration Dialog Box VPN Group Configuration Dialog Box and General TabVPN Client Tunnels 109 VPN Group Configuration General Tab Exclude Local LAN VPN Client Tunnels 111 Inactivity TimeoutSLA Enable Client MinimumVersion VPN Group Configuration IKE Configuration Tab VPN Group Configuration IKE Configuration Tab Save Secrets VPN Client Tunnels 113 VPN Group Configuration Manual Tab VPN Group Configuration Manual Tab Start IP Address VPN Group Configuration IP Connection TabVPN Group Configuration IP Connection Tab VPN Client Tunnels 115 Assign IP Radius Local IP Net Edit VPN Client Tunnels 117 Allow Connections ToAdd Add IP Address Dialog Box Output Filters VPN Group Configuration IP Filters TabVPN Config IP Filters Tab Input Filters Local IPX Net VPN Group Configuration IPX Connection TabVPN Config IPX Connection Tab VPN Client Tunnels 119 VPN Group Configuration IPX Filters Tab VPN Group Configuration IPX Filters TabAssign IPX Radius Alternate IntraPort Addresses VPN Group Configuration Rollover TabVPN Group Configuration Rollover Tab VPN Client Tunnels 121 Input Filters SecurID User Name VPN Group Configuration SecurID TabVPN Group Configuration SecurID Tab SecurID Required VPN Group Configuration DNS Redirection Tab Local Domain Name VPN Group Configuration Wins Redirection TabVPN Group Configuration Wins Tab Add Local Domain Dialog Box VPN User Configuration Dialog Box VPN User Configuration Dialog BoxVPN Client Tunnels 125 VPN Group STEP/STAMP Authentication SecretVPN User Dialog Box Name IKE Policy VPN Client Tunnels 127 STEP/STAMP Encryption SecretIKE Policy Global Dialog Box IPSec Gateway Configuration Dialog Box IPSec Gateway Dialog BoxIPSec Gateway VPN Client Tunnels 129 130 131 IntraGuard Firewall Configuration Settings FirewallPath Dialog Box IntraGuard Firewall ConfigurationInterfaces Inside/Outside 133 ‘AND’ Filters‘OR’ Filters Advanced Options Advanced Settings Firewall Path Dialog BoxResetRedirects SendTCPReset ICMPtoTCPsession SendICMPReset135 SynRejectOnly Current Security Policy Security Policies Firewall Path Dialog Box 137 Security Policies at a Glance Policy Security Policy Protocol Setting Dialog BoxSecurity Policy Protocol Setting Dialog Box 139 140 141 Allow Ports/Protocols Dialog Box Port/ProtocolPort/Protocol Number Firewall Logging Dialog Box 143Firewall Logging Dialog Box Rejects IP TimeoutsTCP Timeouts TCP Resets General Icmp Resets145 Redirects FIN Timer Firewall Settings Dialog BoxFirewall Settings Dialog Box SYN Timer DynamicTimer TCPTimeoutUDPTimeout HalfShutTimerPage Bridging 149 Global Bridging Configuration Dialog Box Table Size BridgingBridge On Learning/IEEE Spanning Tree Max Age Spanning Tree Fwd Delay Spanning TreeBridging 151 Aging Time Priority Spanning Tree Interface Configuration Dialog Box Bridging 153 Bridging On PriorityPath Cost Spanning Tree Exclude Non-Routed Protocols WAN On Link Configuration WAN Dialog BoxLink Configuration WAN Dialog Box WAN Link Protocols 155 WAN Link Protocols Link TypeFailover Type Allow Dial Out Backup PortTimers WAN Link Protocols 157 Dialing Method Allow DialAlways Keep Link Up Drop Link If Inactive For WAN Link Protocols 159 Dial-Out / Connect ScriptDial-back Script Retry Delay Setting Script TimeoutDialing Retries / Connect Retries Backup Init Timer Failover Timers Configuration Dialog BoxBackup Enable Timer Backup Disable Timer Frame Relay Configuration Dialog Box Frame Relay Configuration Dialog BoxMaintenance Protocol Home Dlci WAN Link Protocols 163 Polling Frequency Dlci Database Dialog Box Dlci Database Configuration Dialog Box Dlci Entry Dialog Box WAN Link Protocols 165 Dlci #AppleTalk Address DECnet Address Chap Configuration Dialog BoxChap Configuration Dialog Box IPX Address Request Chap Authentication WAN Link Protocols 167Respond to Chap Challenges PAP Configuration Dialog Box PAP Configuration Dialog BoxSecret Request PAP Authentication WAN Link Protocols 169Respond to PAP Requests Station Address PasswordSmds Dialog Box Smds Dialog Box PPP Options Dialog Box WAN Link Protocols 171 IP MulticastPPP Options Dialog Box PPP Link Quality Configuration Dialog Box Sequenced Predictor CompressionEcho Packets On Frequency in Seconds Echo Packets LCP Options Configuration Dialog BoxLCP Options Configuration Dialog Box WAN Link Protocols 173 Multilink PPP Dialog Box Address/Control CompressionProtocol Compression Linked Ports EnableWAN Link Protocols 175 Mppp Bundle Name WAN Chat Script Editor Dialog Box MPQualWAN Chat Script Editor Dialog Box WAN Link Protocols 177 Chat Script Editor Dialog Box Buttons & ControlsChat Script Rules and Syntax 178 WAN Link Protocols 179 Chat Script Examples To connect to an Internet Service Provider using a modem WAN Link Protocols 181 User Authentication Database Dialog Box Dial-back Chat Password/SecretRemote Name Interfaces Packet Filters Button Main TCP/IP Filtering Dialog BoxTCP/IP Filtering 183 Route Filters Button Log Rejected Source-Routed Packets TCP/IP Filter Editor WindowTCP/IP Filtering Block IP Source Routing TCP/IP Route Filter Rules Basic IP Route Filter Rules and Syntax IP Route Filter Rule Modifiers TCP/IP Filtering 187 IP Route Filter Rule Options TCP/IP Packet Filter Rules IP Route Filter Rule NotificationIP Route Filter Rule Examples Basic IP Packet Filter Rules and Syntax TCP/IP Filtering 189 IP Packet Filter Rule Operators and Port Names TCP Ports TCP/IP Filtering 191 IP Packet Filter Rule Modifiers Icmp Types UDP TCP/IP Filtering 193 Simple IP Packet Filter Rule Examples IP Packet Filter Rule Notification IP Packet Filter Rule Set Examples TCP/IP Filtering 195 TCP/IP Packet Filtering Bridge Dialog Box Interface TCP/IP Packet Filtering Configuration Dialog Box IPX Route Filters Main IPX Filtering Configuration Dialog BoxMain IPX Filtering Dialog Box IPX Filtering 197 Filter Editor Window Buttons and Controls IPX Filter Editor WindowIPX Filtering IPX Filter Editor Window IPX Packet Filter Rules IPX Filtering 199Basic IPX Packet Filter Rules and Syntax IPX Packet Filter Options IPX Packet Filter Rule Notification IPX Filtering 201 IPX Packet Filter Rule Examples IPX Route Filter Rules IPX Filtering 203 Basic IPX Route Filter Rules and Syntax IPX Route Filter Rule Modifiers IPX Route Filter Rule Options IPX Route Filter Rule Examples IPX SAP Filter RulesIPX Filtering 205 IPX Route Filter Rule Notification IPX SAP Filter Options Basic IPX SAP Filter Rules and Syntax IPX Filtering 207 IPX SAP Filter Rule Modifiers IPX SAP Filter Rule NotificationIPX SAP Filter Rule Examples IPX Filtering 209 Interface IPX Packet Filtering Configuration Dialog Box 210 Main AppleTalk Filtering Editor Window AppleTalk Filtering 211Main AppleTalk Filter Editor Window AppleTalk Packet Filter Rules AppleTalk FilteringGeneral Packet Filtering Basic AppleTalk Filter Rules and Syntax AppleTalk Filtering 213Get Zone List Routing Filters Rtmp 214 AppleTalk Filtering 215 Simple AppleTalk Packet Filter Rule Examples AppleTalk Get Zone List Filter Rule Set ExamplesAppleTalk Rtmp Filter Rule Set Examples Interface AppleTalk Filtering Configuration Dialog Box AppleTalk Filtering 217Input Rtmp Filters Output Packet Filters Output Rtmp FiltersZone List Filters Input Packet Filters Async/Sync Physical RS-232 Configuration WAN Dialog BoxPhysical RS-232 Configuration WAN Dialog Box General 219 Tx Clock Internal Sync Only Baud RateFlow Control Async Only Physical T1 WAN Configuration Dialog Box General 221Clock Scheme Start Channel & Number of Channels Fractional T1 EnabledFraming Line Encoding PRM Transmit General 223 Contiguous Channels or Alternate ChannelsChannel Data Rate Invert Data Tx Clock Internal Physical V.35 Configuration WAN Dialog Box General 225 Physical DS3 Configuration WAN Dialog Box System Configuration Dialog Box System Configuration Dialog BoxBandwidth Allocation General 227 Confirm PasswordEnable Password Confirm Enable Password Administrative Name Snmp ConfigurationSnmp System Info Configuration Dialog Box Name of Administrator and How to Contact Traps Enabled Advanced Snmp Configuration Dialog BoxSnmp Enabled Sets Enabled Snmp Community Strings Configuration Dialog Box Snmp Community Strings Configuration Dialog BoxCommunity String Host IP Address Snmp Traps Configuration Dialog BoxGeneral 231 Access Snmp Traps Dialog Box Secondary DNS Server Search Order Domain Name Server DNS Dialog BoxDomain Name Server Dialog Box Primary DNS Server Add TCP/IP DNS Server Time Server Configuration Dialog BoxTime Server Dialog Box General 233 Backup IP Address ProtocolOffset from Server Radius Configuration Dialog Box Radius Configuration Dialog BoxGeneral 235 VPN Real IP Address Authentication PortAccounting Accounting Port VPN Group Info VPN AuthenticationPAP Authentication Secret General 237 VPN Tunnel Secret Use Secret in Checksum Secondary Server IP AddressSecondary Server Retries Port SecurID Configuration Dialog BoxEnable SecurID General 239 Timeout Backup Server NAT Configuration Dialog Box NAT Configuration Dialog Box New Button Modify ButtonGeneral 241 Internal Range External RangePassThru Range Addresses TCP Fin Timeout General 243 TCP TimeoutUDP Timeout TCP Syn Timeout NAT Range Dialog Box NAT Range Dialog Box NAT Mapping Dialog Box General 245NAT Mapping Dialog Box NAT Range Dialog Box NAT Mapping Translation Pair Examples Internal IP address Logging On Logging Configuration Dialog BoxLogging Configuration Dialog Box General 247 File Syslogd On Only Send Log to Aux PortSyslogd On IP Address Syslogd On Only Ldap Server Dialog Box Ldap ConfigurationLdap Server Dialog Box General 249 Add Ldap Server Dialog Box Ldap Config NameEnable Ldap Primary Server Primary Password Base General 251 Secondary Server Secondary Password Ldap Authentication Dialog Box Ldap Authentication Dialog BoxEnable Ldap Authentication VPN Shared Secret Attribute General 253 Primary Server Primary PasswordSecondary Server Secondary Password VPN Group Attribute 254 Ospf Dialog Box Ospf 255Ospf Dialog Box Cost Ospf EnabledOspf Area ID Ospf Area Add Ospf Area Dialog Box Ospf Area Dialog Box Ospf 259 Ospf Area Name Ospf Authentication TypeEnable Stub Area Stub Default Cost Net Range Dialog Box Ospf Virtual Link Add Ospf Virtual Link Dialog Box Enable Virtual LinkOspf 261 Ospf Virtual Link Dialog Box Virtual Retransmission Virtual Transit DelayOspf Packet Authentication Key Transit Area BGP General Dialog Box Enable BGPBGP 263 BGP General Dialog Box Use IPR Filters BGP Aggregates Dialog BoxBGP BGP Local Preference Add BGP Aggregate Dialog Box BGP Peer Configs Dialog BoxBGP Peer Configs Dialog Box BGP 265 Output Route Map BGP Peer Config NameEnable Ebgp Multihop Input Route Map IP Loopback Dialog Box Add BGP Peer Dialog Box BGP Peers Dialog BoxIP Loopback BGP Peers Dialog Box BGP 269 BGP Route Maps Editor Dialog Box BGP Route Map Editor Dialog Box Buttons & Controls BGP Route Maps Dialog Box Action BGP Route Mapping RulesBGP 271 Enter Data Dialog Box Options/Output Modifiers Direction Options/Input Modifiers BGP 273 Special Communities BGP Networks BGP Networks Dialog BoxBGP Network Dialog Box BGP 275 Subnet Mask 276 IP Addresses Appendices 277 Subnet Masks Chart 1 IP Address ClassesChart 2 Standard IP Subnets Appendices Chart 3 Subnetted Class C Host Ranges Appendices 279Broadcast Addresses Assigning a Broadcast Address Chart 4 Broadcast Address ExamplesAssigning an IP address Assigning a Subnet Mask IPX Appendices 281 Static Routes & Routing ProtocolsIPX Routing Basics 282 Service Advertising Protocol Appendices 283Client Machine Addressing AppleTalk Routing Basics AppleTalk Appendices 285 Non-extended and Extended AppleTalk NetworksSeeding a Network Segment Zones Probing Bridging Basics Router AutoconfigurationBridging Appendices 287 Spanning Tree Bridging Transparent Bridging Multiport Bridges/Switches and Bridge Groups Appendices 289Simple Bridging Example Bridge Groups on a Multiport Router Addressing Frame RelayAppendices 291 Virtual Circuits Network/Protocol Addressing and Virtual Interfaces Local & Global DLCIsLocal Management Interface LMI Encapsulation and Fragmentation Appendices 293 Frame Relay ExampleFrame Relay Example Page Index 295 Symbols Index Index 297 IPX TCP/IP Index 299 See also, TCP/IP Index 301 NAT RIP Index 303 UDP Index 305 Dlci Radius Index 307