Netopia 2200 - page 344

344

☛ NOTE:

Typically, no special conﬁguration is necessary to use the IPSec pass through

feature.

In the diagram, VPN PC clients are shown behind the Netopia Gateway and the

secure server is at Corporate Headquarters acr oss the WAN. You cannot have

your secure server behind the Netopia Gateway.

When multiple PCs are starting IPSec sessions, they must be started one at a

time to allow the associations to be created and mapped.

VPN IPSec Tunnel Termination

This Netopia service supports ter mination of VPN IPsec tunnels at the Gateway. This per-

mits tunnelling from the Gateway without the use of third-party VPN client software on your

client PCs.

Stateful Inspection Firewall

Stateful inspection is a security feature that prevents unsolicited inbound access when

NAT is disabled. You can conﬁgure UDP and TCP “no-activity” periods that will also apply to

NAT time-outs if stateful inspection is enabled on the interface.

Technical details are discussed in “Expert Mode” on page 39.

SSL Certiﬁcate Support

On selected models, you can also install a Secure Sockets Layer (SSL V3.0) certiﬁcate

from a trusted Certiﬁcation Authority (CA) for authentication purposes. If this feature is

available on your Gateway, an additional link will appear in the Install page.

See “Install Certiﬁcate” on page 188.

Contents

Main Page Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Basic Mode Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Expert Mode Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Accessing the Expert Web Interface . . . . . . . . . . . . . . . . . . . . .39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Firewall Tutorial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Working with IP Filters and Filter Sets . . . . . . . . . . . . . . . . . .164 Factory Reset Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Basic Troubleshooting . . . . . . . . . . . . . . . . . . . . . 205 Advanced Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . 191 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 221 Page Glossary Agency approvals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327 . . . . . 327 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Overview of Major Capabilities . . . . . . . . . . . . . . . . . . 335 Page CHAPTER 1 Introduction Whats New in 7.6 About Netopia Documentation Intended Audience http://www.netopia.com/ Documentation Conventions Page Organization A Word About Example Screens Page CHAPTER 2 Basic Mode Setup Important Safety Instructions POWER SUPPLY INSTALLATION TELECOMMUNICATION INSTALLATION Wichtige Sicherheitshinweise NETZTEIL INSTALLIEREN INSTALLATION DER TELEKOMMUNIKATION Setting up the Netopia Gateway Microsoft Windows: Page Page Page Conguring the Netopia Gateway Page Page Page Page Home Page - Basic Mode http://192.168.1.254 Page Link: Manage My Account Link: Status Details Link: Enable Remote Management Enable Rmt Mgmt Link: Expert Mode Expert Mode Link: Update Firmware Update Firmware Continue Link: Factory Reset Factory Reset CHAPTER 3 Expert Mode Accessing the Expert Web Interface OK User Admin Page Page Home Page - Information Page Toolbar Navigating the Web Interface Link: Breadcrumb Trail Page Link: Alert Symbol Help Button: Help Congure Button: Congure Link: Quickstart How to Use the Quickstart Page. Setup Your Gateway using a PPP Connection. Connect to the Internet Link: LAN Page Server Mode Wireless (supported models) Wireless Page Page Page Page Page Page Page Page Page Wireless MAC Authorization Page Page RADIUS Page Link: WAN ATM Trafc Shaping Page Page Page Link: IP Static Routes Static Routes Page Save Changes Link: IP Static ARP Link: Pinholes Congure Specic Pinholes. Planning for Your Pinholes. Example: A LAN Requiring Three Pinholes . Application 3 Application 2 Application 1 Gateway Internet Pinhole Conguration Procedure. Page Page Link: IPMaps Page NAT/PAT Table IPMaps: One-to-One Multiple Address Mapping Link: Default Server Congure a Default Server. Default-Server Congure Default Server Typical Network Diagram. NAT Combination Application. Gateway Internet IP-Passthrough. A restriction. Link: Differentiated Services Differentiated Services Page Page Link: DNS Link: DHCP Server Server Mode Page Link: RADIUS Server RADIUS Link: SNMP SNMP Save and Restart Link: IGMP (Internet Group Management Protocol) IGMP Save and Restart Link: UPnP UPnP Enabled Link: LAN Management Link: Advanced -> Ethernet Bridge Conguring for Bridge Mode Congure LAN Ethernet Bridge Enable Concurrent Bridging/Routing Enable System Bridge Page Link: VLAN VLAN Page Page VLAN Page Link: System Link: Syslog Parameters Syslog Parameters http://www.icsalabs.com/html/communities/rewalls/certication/ criteria/Baseline.pdf Log Event Messages Administration Related Log Messages System Log Messages DSL Log Messages (most common): Access-related Log Messages Link: Internal Servers Link: Software Hosting Remove Page Rename a User(PC) Rename a User(PC) Update Link: Clear Options Page Page Link: Passwords Create and Change Passwords. Security Username Conrm Password New Password Old Password Link: Firewall BreakWater Basic Firewall. Security Firewall Page ICMP HTTP FTP SNMP telnet DHCP Page Page Link: IPSec IPSec Enable IPSec Passthrough Page Page Page Enable SafeHarbour IPSec Name Authentication Protocol Encryption Protocol Peer External IP Address Update Alert Field Description Page Page Page Link: Stateful Inspection Stateful Inspection Firewall installation procedure http://www.icsalabs.com/html/communities/rewalls/certication/ criteria/Residential.pdf prevent TCP, UDP and ICMP packets destined for the router or the private hosts. Exposed Addresses Exposed addresses Add more Exposed Addresses Page Stateful Inspection Options Open Ports in Default Stateful Inspection Installation Firewall Tutorial General rewall terms Basic IP packet components Basic protocol types Firewall design rules Page Page Filter basics Example lters Page Link: Packet Filter Packet Filter Whats a lter and whats a lter set? How lter sets work How individual lters work Page Page Page Page Page Design guidelines Working with IP Filters and Filter Sets Adding a lter set Adding lters to a lter set Edit button under Input Rules. Forward Source IP Protocol Destination Mask Destination IP Page Deleting a lter set Associating a Filter Set with an Interface Ethernet 100BT Page Policy-based Routing using Filtersets TOS eld matching Page Page Link: Security Log Security toolbar button. Show Security Log Page Reset Install Button: Install Link: Install Software Step 1: Required Files Step 2: Netopia rmware Image File Home Install Software Open Install Software Page Link: Install Keys Use Netopia Software Feature Keys Install toolbar button. Install Keys Page Page Page Link: Install Certicate link. Page Page CHAPTER 4 Basic Troubleshooting Status Indicator Lights Page Page Page Page Page Page Netopia Gateway MiAVo status indicator lights Front View LED Function Summary Matrix EN Link Unlit EN Trafc Unlit USB Active Unlit DSL Trafc Unlit Launch a browser and try to browse the Internet. If the DSL Active light still ing. to run as normal. the Gateway will perform a factor y reset, clear all settings and congurations, and reboot. 3347W/3357W 3341/3351 3346/3356 2247NWG 2240N 2241N 2246N 3397GP Page Page Item Description Button: Troubleshoot Expert Mode Expert Mode Page Link: Ports: Ethernet Link: Ports: DSL Link: IP: Interfaces Link: DSL: Circuit Conguration Link: System Log: Entire Link: Diagnostics The following table summarizes the possible results. CODE Description Link: Network Tools NSLookup Ping TraceRoute Page Page CHAPTER 6 Command Line Interface Overview SHELL Commands CONFIG Commands Command Verbs Status and/or Description Keywords Starting and Ending a CLI Session telnet <ip_address> Logging In Ending a CLI Session Command Utilities Using the CLI Help Facility restart reset rese quit SHELL Commands nnn.nnn.nnn.nnn diagnose download [ filename server_address download [-cert] [ message_string level ] 1 size hostname 2 | ]{ Page seconds Page Page Page port segment end-to-end vcc-id show dsl show ppp [{ stats | lcp | ipcp }] About CONFIG Commands or CONFIG Mode Prompt Navigating the CONFIG Hierarchy Netopia-3000/9437188 (top)>> quit Netopia-3000/9437188 > top Netopia-3000/9437188 (top)>> ip Netopia-3000/9437188 (ip)>> , and Guidelines: CONFIG Commands Displaying Current Gateway Settings Step Mode: A CLI Conguration Technique Command component Rules for entering CONFIG commands . CONFIG Commands Page Page Page lease-time Page domain-name myhostname myusername myuserpassword Page Page broadcast_address set ip ethernet A netmask set ip ethernet A restrictions { none | admin-disabled } set ip ethernet A rip-send { off | v1 | v2 | v1-compat | v2-MD5 } Page Page Page Static ARP Settings set ip static-arp ip-address MAC_address set ip static-arp ip-address nn.nn.nn.nn.nn.nn hardware-address IGMP Forwarding set ip igmp-forwarding [ off | on ] Page inside-ip-addr inside-ip-netmask outside-ip-addr outside-ip-netmask net_address Page ip address Page internal-ip Page Page username password lines Port Renumbering Settings set servers web-http [ 1 - 65534 ] set servers telnet-tcp [ 1 - 65534 ] Page Page mtu_value username password Page Page Page lterset-name index lterset-name Page Page Page contact_info location_info SNMP Notify Type Settings set snmp notify type [ v1-trap | v2-trap | inform ] set system name System Settings Page dns_name server_name domain_name Page redirection-URL Page Type network_name Page Page Page Page Page MAC-address_string shared_secret server_name_string shared_secret server_name_string port_number set vlan name Page UPnP settings set upnp option [ on | off ] DSL Forum settings set dslf-lanmgmt option [ off | on ] Page Page VDSL Parameter Defaults Parameter Default Meaning Page Page Page Page Page Page Page CHAPTER 7 Glossary -----A----- -----B----- -----C----- -----D----- -----E----- -----F----- -----H----- -----I----- -----K----- Internet Key Exchange (IKE) -----L----- -----M----- -----N----- -----P----- ASCII HEX -----Q----- -----R----- -----S----- 3DES MD5 SHA1 DES 1 and 1,000,000 MB -----T----- -----U----- -----V----- Page CHAPTER 8 Technical Specifications and Safety Information Description Page Agency approvals North America International Regulatory notices European Community. Manufacturers Declaration of Conformance United States. Service requirements. Important Safety Instructions Australian Safety Information Caution Telecommunication installation cautions 47 CFR Part 68 Information FCC Requirements FCC Statements RF Exposure Statement: Electrical Safety Advisory CHAPTER 9 Overview of Major Capabilities Wide Area Network Termination PPPoE/PPPoA (Point-to-Point Protocol over Ethernet/ATM) Instant-On PPP Simplied Local Area Network Setup DHCP (Dynamic Host Conguration Protocol) Server DNS Proxy Management Embedded Web Server Run Diagnostics Security Remote Access Control NAT Page Page Page Index Symbols A B C E F H I K M N O P Q S T U V W Z