About IPsec Tunnels, Conﬁguration | Netopia 4753 guide

Virtual Private Networks (VPNs) 12-7

The IP Proﬁle Parameters screen appears.

IP Profile Parameters

Address Translation Enabled:	Yes
NAT Map List...	Easy-PAT
NAT Server List...	Easy-Servers
Local WAN IP Address:	0.0.0.0
Remote IP Address:	173.167.8.10
Remote IP Mask:	255.255.0.0
Filter Set...
Remove Filter Set
Receive RIP:	Both

Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx).

■Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel. The remote IP address and remote IP mask refer to the remote private network into which your device will be tunnelling.

About IPsec Tunnels

IPsec stands for IP Security, a set of protocols that supports secure exchange of IP packets at the IP layer. IPsec is deployed widely to implement Virtual Private Networks (VPNs). See Overview on page 12-1for more information.

IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPsec-compliant device decrypts each packet. Netopia Routers support the more secure Tunnel mode.

DES stands for Data Encryption Standard, a popular symmetric-key encryption method. DES uses a 56-bit key.

The Netopia 4753 offers IPsec DES encryption over the VPN tunnel.

Conﬁguration

IPsec tunnels are deﬁned in the same manner as PPTP tunnels. You conﬁgure the Connection Proﬁle as follows.

From the Main Menu navigate to WAN Conﬁguration and then Add Connection Proﬁle.

Main

Menu

WAN

Configuration

Add Connection

Profile

Image 149

Netopia 4753 manual About IPsec Tunnels, Conﬁguration

Contents

Netopia Shdsl Integrated Access Device Part Number Contents Part II Advanced Configuration Contents Vi Administration Guide Contents Snmp Part III Appendixes Administration Guide Part I Getting Started Administration Guide Overview Features and CapabilitiesChapter Introduction How to Use This Guide Definition of Terms Chapter Setting Up Internet Services Unique requirements Finding an Internet Service ProviderPricing and support Endorsements Deciding on an ISP Account Obtaining Information from the ISP Setting up a Netopia 4753 account Obtaining an IP addressLocal LAN IP address information to obtain SmartIP Without Network Address Translation Find a Location Chapter Making the Physical Connections What You Need Telecommunication Installation Cautions Important Safety instructions 10/100 Ethernet port Identify the Connectors and Attach the Cables Netopia 4753 Status Lights Administration Guide Chapter Sharing the Connection Dynamic conﬁguration recommended Conﬁguring TCP/IP on Windows-based Computers Static conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh Computers TCP/IP or MacTCP Sharing the Connection Administration Guide Chapter Connecting to Your Local Network Readying Computers on Your Local Network Telephone Extension ports Connecting to an IP and Telephone Network Administration Guide Chapter Console-Based Management Snmp Simple Network Management Protocol. See Snmp on Connecting through a Telnet SessionConﬁguring Telnet software Connecting a Console Cable to Your Device Mac ANSI, VT-100, or VT-200 PC ANSI-BBS Navigating through the Console Screens Administration Guide Accessing the Easy Setup console screens Chapter Easy SetupEasy Setup Console Screens Screen similar to the following Main Menu appears See Appendix A, Troubleshooting, for more suggestions LLC Snap Quick Easy Setup Connection Path Administration Guide DSL Line Conﬁguration Voice Easy Setup Easy Setup Proﬁle IP Easy Setup Easy Setup Security Conﬁguration Previous Screen To Main Menu Introduction Chapter Voice Configuration Voice Conﬁguration screen appears Configuring the Voice Features Voice Configuration Voice Gateway Administration Guide Part II Advanced Configuration Administration Guide Chapter WAN and System Configuration WAN Conﬁguration ConfigurationSetup Multiple ATM PVC overview Multiple ATM Permanent Virtual Circuit Support Select Display/Change Circuit and press Return Multiple ATM PVC configurationSetup DSL Line Configuration Changing a circuit Administration Guide Choosing Add Circuit displays the Add Circuit screen Adding a circuit Select VC Trafﬁc Statistics Monitoring multiple virtual circuits ATM VC Statistics screen appears Commit Creating a New Connection Proﬁle Datalink PPP/MP Options Data Compression 0.0 Default Profile Default Proﬁle screen appears WAN Default Proﬁle For details on setting up IP Parameters see IP Setup on IP Parameters Default Proﬁle screen Navigating through the System Conﬁguration screens ATMP/PPTP Default ProﬁleSystem Conﬁguration Screens System Conﬁguration Features Filter sets Network protocols setupIP address serving Date and time Network Time Protocol MM/DD/YY Console conﬁguration Snmp Simple Network Management Protocol Upgrade feature setSecurity Logging PPP PAP Installing the Syslog client Administration Guide Chapter IP Setup IP Setup IP Setup IP subnets For example Static routes Viewing static routes Static Routes screen will appear Adding a static route Deleting a static route Rules of static route installationModifying a static route Main Menu System Configuration IP Address Serving IP Setup Dhcp NetBios Options Serve Bootp Clients IP Address Pools Administration Guide Dhcp NetBIOS Options NetBios Type More Address Serving Options Select Release BootP Leases and press Return Conﬁguring the IP Address Server options Scroll UP 192.168.1.112 192.168.1.113 Scroll Down Lease Management 192.168.1.101 Dhcp Dhcp Relay Agent IP Address Serving IP Address Serving Mode Connection Proﬁles Easy-PAT List WAN Configuration Administration Guide Chapter Multiple Network Address Translation Features Port Address Translation Following is a general description of these featuresServer lists Static mapping WAN Network Complex maps Supported trafﬁc Server Lists and Dynamic NAT conﬁguration Easy Setup Proﬁle conﬁgurationMultiNAT Conﬁguration Select Network Address Translation NAT and press Return NAT rules Network Address Translation screen appears Add NAT Public Range screen appears ADD NAT MAP Select Public Range Type is Pat Public Range Start Address is Show/Change NAT Map List screen appears Modifying map lists Change NAT MAP Moving maps Dynamic 206.1.1.252 192.168.1.252 Adding Server Lists ADD NAT Server Port Show/Change NAT Server List screen appears Modifying server lists Change NAT Server Deleting a server IP proﬁle parameters Binding Map Lists and Server Lists +--NAT Map List Name Toggle Address Translation Enabled to Yes IP Parameters WAN Default Proﬁle IP Parameters Default Profile NAT NAT Associations NAT Associations +NAT Map List Name-+ MultiNAT Conﬁguration Example Enter your ISP-supplied values as shown below Change NAT Public Range ADD NAT MAP Multiple Network Address Translation Administration Guide Chapter Virtual Private Networks VPNs Transit Internetwork Summary About Pptp Tunnels Pptp conﬁguration Configuration Add Connection Profile Chap Administration Guide Conﬁguration About IPsec Tunnels DES Encryption Key Authentication Type Commit Cancel Advanced IP Proﬁle Options MS-CHAP V2 and 128-bit strong encryption Interoperation with other featuresEncryption Support ATMP/PPTP Default Answer Proﬁle QuickView VPN QuickView Windows Dial-Up Networking for VPN Windows NT Windows Windows ME Atmp conﬁguration About Atmp Tunnels Atmp Tunnel Options Atmp Partner IP Address Allowing VPNs through a Firewall Pptp example on Atmp example on Pptp example Change Input Filter EnabledYes ForwardYes Source IP Address Change Output Filter EnabledYes ForwardYes Source IP Address Atmp example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address User Accounts Chapter SecuritySuggested Security Measures Protecting the conﬁguration screens Protecting the Security Options screen Telnet Access How ﬁlter sets work About Filters and Filter SetsWhat’s a ﬁlter and what’s a ﬁlter set? Forward Filter priority ﬁltering rule How individual ﬁlters workParts of a ﬁlter Port numbers 161 Aurp AppleTalk 387 Internet service TCP portWho 513 Port number comparisons Putting the parts together Other ﬁlter attributesInternet Control Message Protocol Transmission Control Protocol Filtering example #1 Disadvantages of ﬁlters Design guidelinesFiltering example #2 Working with IP Filters and Filter Sets An approach to using ﬁlters Naming a new ﬁlter set Adding a ﬁlter set Adding ﬁlters to a ﬁlter set Input and output ﬁlters-source and destinationNetopia R-Series Router ADD this Filter NOW Cancel Viewing ﬁlters Viewing ﬁlter setsModifying ﬁlters Deleting ﬁlters Sample IP ﬁlter set Modifying ﬁlter setsDeleting a ﬁlter set TCP Icmp UDP Possible modiﬁcations Firewall Tutorial General ﬁrewall terms Example TCP/UDP Ports Basic IP packet componentsBasic protocol types Firewall design rules UDP Port ServiceAurp Firewall Logic Established connections Logical and functionImplied rules This is an example of the Netopia IP ﬁlter set screen Filter basicsExample IP ﬁlter set screen Example Example ﬁltersExample network Example Example LAN IP Filtersets Advanced Security Options Security Databases Security Radius Client Support Radius client configuration 1812 Continue Cancel Radius Server is available to authenticate you Administration Guide Quick View Status Overview Chapter Monitoring Tools ISP General status Status lights Current status Event Histories Statistics & Logs WAN Event History Device Event History Voice Logs Voice Accounting Log IP Routing Table Served IP Addresses General Statistics Network Interface Physical Interface Snmp System Information Community strings Snmp Setup screen Snmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receivers Chapter Utilities and Diagnostics Ping Receive return Ping packet Stop Ping Trace Route Telnet Client Disconnect Telnet Console Session Factory Defaults Updating ﬁrmware Transferring Conﬁguration and Firmware Files with Tftp Downloading conﬁguration ﬁles Uploading conﬁguration ﬁles Transferring Conﬁguration and Firmware Files with Xmodem Downloading conﬁguration ﬁles Restarting the System Part III Appendixes Administration Guide Conﬁguration Problems Appendix a Troubleshooting Network problems Console connection problems Power Outages How to Reset the Netopia 4753 to Factory Defaults Netopia Bulletin Board Service 1 How to reach usTechnical Support Before contacting Netopia FAX-Back Online product informationProduct information can be found in the following Administration Guide About IP Addressing What is IP?Appendix B Understanding IP Addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Background Example Working with a Class C subnetDistributing IP Addresses 255.255.255.192 Technical note on subnet masking255.255.255.224 Dhcp address serving Netopia 4753 Dhcp server characteristics Manually distributing IP addresses Using address servingMacIP serving Serve dynamic WAN clients Understanding IP Addressing B-9 Tips and rules for distributing IP addresses Dhcp example Internet Nested IP Subnets WAN Packet header types Broadcasts Administration Guide Appendix C Binary Conversion Table Decimal Binary Appendix D Further Reading Administration Guide No August Further Reading D-3 Administration Guide Power requirements Appendix E Technical Specifications and Safety InformationDescription Environment Regulatory notices Agency ApprovalsNorth America FCC Part 15 Class B Declaration for Canadian users Technical Speciﬁcations and Safety Information E-3 Telecommunication Installation Cautions Netopia 4753 Speciﬁcations Physical interface Data features Management Quality of serviceProtocols Voice feature support Voice featuresHardware speciﬁcations Pots support Administration Guide Glossary Administration Guide Glossary Remapping See network number remapping Glossary Administration Guide Numerics Index Account types 2-2 information to obtain Index-2 Index-3 Event history 14-5 statistics Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies Administration Guide