Allowing VPNs through a Firewall | Netopia 4753 specs

Virtual Private Networks (VPNs) 12-21

■You must specify a Key String of up to (and including) 20 characters when DES is selected. When encryption is None, this ﬁeld is invisible.

■You can specify that this router will Initiate Connections, acting as a foreign agent (Yes), or only answer them, acting as a home agent (No).

■Tunnels are normally initiated On Demand; however, you can disable this feature. When disabled, the tunnel must be manually established through the call management screens.

■You can specify the Idle Timeout, an inactivity timer, whose expiration will terminate the tunnel. A value of zero disables the timer. Because tunnels are subject to abrupt termination when the underlying datalink is torn down, use of the Idle Timeout is strongly encouraged.

■Return to the Connection Proﬁle screen by pressing Escape.

■Select IP Proﬁle Parameters and press Return. The IP Proﬁle Parameters screen appears.

IP Profile Parameters

Address Translation Enabled:	Yes
NAT Map List...	Easy-PAT
NAT Server List...	Easy-Servers
Local WAN IP Address:	0.0.0.0
Remote IP Address:	173.167.8.10
Remote IP Mask:	255.255.0.0
Filter Set...
Remove Filter Set
Receive RIP:	Both

Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx).

■Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.

Allowing VPNs through a Firewall

An administrator interested in securing a network will usually combine the use of VPNs with the use of a ﬁrewall or some similar mechanism. This is because a VPN is not a complete security solution, but rather a component of overall security. Using a VPN will add security to transactions carried over a public network, but a VPN alone will not prevent a public network from inﬁltrating a private network. Therefore, you should combine use of a ﬁrewall with VPNs, where the ﬁrewall will secure the private network from inﬁltration from a public network, and the VPN will secure the transactions that must cross the public network.

Image 163

Netopia 4753 manual Allowing VPNs through a Firewall

Contents

Netopia Shdsl Integrated Access Device Part Number Contents Part II Advanced Configuration Contents Vi Administration Guide Contents Snmp Part III Appendixes Administration Guide Part I Getting Started Administration Guide Chapter Introduction Features and CapabilitiesOverview How to Use This Guide Definition of Terms Chapter Setting Up Internet Services Endorsements Deciding on an ISP Account Finding an Internet Service ProviderUnique requirements Pricing and support SmartIP Setting up a Netopia 4753 account Obtaining an IP addressObtaining Information from the ISP Local LAN IP address information to obtain Without Network Address Translation Find a Location Chapter Making the Physical Connections What You Need Telecommunication Installation Cautions Important Safety instructions 10/100 Ethernet port Identify the Connectors and Attach the Cables Netopia 4753 Status Lights Administration Guide Chapter Sharing the Connection Dynamic conﬁguration recommended Conﬁguring TCP/IP on Windows-based Computers Static conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh Computers TCP/IP or MacTCP Sharing the Connection Administration Guide Chapter Connecting to Your Local Network Readying Computers on Your Local Network Telephone Extension ports Connecting to an IP and Telephone Network Administration Guide Chapter Console-Based Management Conﬁguring Telnet software Connecting through a Telnet SessionSnmp Simple Network Management Protocol. See Snmp on Connecting a Console Cable to Your Device Mac ANSI, VT-100, or VT-200 PC ANSI-BBS Navigating through the Console Screens Administration Guide Easy Setup Console Screens Chapter Easy SetupAccessing the Easy Setup console screens Screen similar to the following Main Menu appears See Appendix A, Troubleshooting, for more suggestions LLC Snap Quick Easy Setup Connection Path Administration Guide DSL Line Conﬁguration Voice Easy Setup Easy Setup Proﬁle IP Easy Setup Easy Setup Security Conﬁguration Previous Screen To Main Menu Introduction Chapter Voice Configuration Voice Conﬁguration screen appears Configuring the Voice Features Voice Configuration Voice Gateway Administration Guide Part II Advanced Configuration Administration Guide Chapter WAN and System Configuration Setup ConfigurationWAN Conﬁguration Multiple ATM PVC overview Multiple ATM Permanent Virtual Circuit Support Setup DSL Line Configuration Multiple ATM PVC configurationSelect Display/Change Circuit and press Return Changing a circuit Administration Guide Choosing Add Circuit displays the Add Circuit screen Adding a circuit Select VC Trafﬁc Statistics Monitoring multiple virtual circuits ATM VC Statistics screen appears Commit Creating a New Connection Proﬁle Datalink PPP/MP Options Data Compression 0.0 Default Profile Default Proﬁle screen appears WAN Default Proﬁle For details on setting up IP Parameters see IP Setup on IP Parameters Default Proﬁle screen System Conﬁguration Screens ATMP/PPTP Default ProﬁleNavigating through the System Conﬁguration screens System Conﬁguration Features Date and time Network Time Protocol Network protocols setupFilter sets IP address serving MM/DD/YY Console conﬁguration Logging Upgrade feature setSnmp Simple Network Management Protocol Security PPP PAP Installing the Syslog client Administration Guide Chapter IP Setup IP Setup IP Setup IP subnets For example Static routes Viewing static routes Static Routes screen will appear Adding a static route Modifying a static route Rules of static route installationDeleting a static route Main Menu System Configuration IP Address Serving IP Setup Dhcp NetBios Options Serve Bootp Clients IP Address Pools Administration Guide Dhcp NetBIOS Options NetBios Type More Address Serving Options Select Release BootP Leases and press Return Conﬁguring the IP Address Server options Scroll UP 192.168.1.112 192.168.1.113 Scroll Down Lease Management 192.168.1.101 Dhcp Dhcp Relay Agent IP Address Serving IP Address Serving Mode Connection Proﬁles Easy-PAT List WAN Configuration Administration Guide Chapter Multiple Network Address Translation Features Static mapping Following is a general description of these featuresPort Address Translation Server lists WAN Network Complex maps Supported trafﬁc MultiNAT Conﬁguration Easy Setup Proﬁle conﬁgurationServer Lists and Dynamic NAT conﬁguration Select Network Address Translation NAT and press Return NAT rules Network Address Translation screen appears Add NAT Public Range screen appears ADD NAT MAP Select Public Range Type is Pat Public Range Start Address is Show/Change NAT Map List screen appears Modifying map lists Change NAT MAP Moving maps Dynamic 206.1.1.252 192.168.1.252 Adding Server Lists ADD NAT Server Port Show/Change NAT Server List screen appears Modifying server lists Change NAT Server Deleting a server IP proﬁle parameters Binding Map Lists and Server Lists +--NAT Map List Name Toggle Address Translation Enabled to Yes IP Parameters WAN Default Proﬁle IP Parameters Default Profile NAT NAT Associations NAT Associations +NAT Map List Name-+ MultiNAT Conﬁguration Example Enter your ISP-supplied values as shown below Change NAT Public Range ADD NAT MAP Multiple Network Address Translation Administration Guide Chapter Virtual Private Networks VPNs Transit Internetwork Summary About Pptp Tunnels Pptp conﬁguration Configuration Add Connection Profile Chap Administration Guide Conﬁguration About IPsec Tunnels DES Encryption Key Authentication Type Commit Cancel Advanced IP Proﬁle Options Encryption Support Interoperation with other featuresMS-CHAP V2 and 128-bit strong encryption ATMP/PPTP Default Answer Proﬁle QuickView VPN QuickView Windows Dial-Up Networking for VPN Windows NT Windows Windows ME Atmp conﬁguration About Atmp Tunnels Atmp Tunnel Options Atmp Partner IP Address Allowing VPNs through a Firewall Pptp example on Atmp example on Pptp example Change Input Filter EnabledYes ForwardYes Source IP Address Change Output Filter EnabledYes ForwardYes Source IP Address Atmp example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address Suggested Security Measures Chapter SecurityUser Accounts Protecting the conﬁguration screens Protecting the Security Options screen Telnet Access What’s a ﬁlter and what’s a ﬁlter set? About Filters and Filter SetsHow ﬁlter sets work Forward Filter priority Port numbers How individual ﬁlters workﬁltering rule Parts of a ﬁlter Port number comparisons Internet service TCP port161 Aurp AppleTalk 387 Who 513 Transmission Control Protocol Other ﬁlter attributesPutting the parts together Internet Control Message Protocol Filtering example #1 Filtering example #2 Design guidelinesDisadvantages of ﬁlters Working with IP Filters and Filter Sets An approach to using ﬁlters Naming a new ﬁlter set Adding a ﬁlter set Netopia R-Series Router Input and output ﬁlters-source and destinationAdding ﬁlters to a ﬁlter set ADD this Filter NOW Cancel Deleting ﬁlters Viewing ﬁlter setsViewing ﬁlters Modifying ﬁlters Deleting a ﬁlter set Modifying ﬁlter setsSample IP ﬁlter set TCP Icmp UDP Possible modiﬁcations Firewall Tutorial General ﬁrewall terms Basic protocol types Basic IP packet componentsExample TCP/UDP Ports Firewall Logic UDP Port ServiceFirewall design rules Aurp Implied rules Logical and functionEstablished connections Example IP ﬁlter set screen Filter basicsThis is an example of the Netopia IP ﬁlter set screen Example network Example ﬁltersExample Example Example LAN IP Filtersets Advanced Security Options Security Databases Security Radius Client Support Radius client configuration 1812 Continue Cancel Radius Server is available to authenticate you Administration Guide Quick View Status Overview Chapter Monitoring Tools ISP General status Status lights Current status Event Histories Statistics & Logs WAN Event History Device Event History Voice Logs Voice Accounting Log IP Routing Table Served IP Addresses General Statistics Network Interface Physical Interface Snmp System Information Community strings Snmp Setup screen Snmp traps Deleting IP trap receivers Setting the IP trap receiversViewing IP trap receivers Modifying IP trap receivers Chapter Utilities and Diagnostics Ping Receive return Ping packet Stop Ping Trace Route Telnet Client Disconnect Telnet Console Session Factory Defaults Updating ﬁrmware Transferring Conﬁguration and Firmware Files with Tftp Downloading conﬁguration ﬁles Uploading conﬁguration ﬁles Transferring Conﬁguration and Firmware Files with Xmodem Downloading conﬁguration ﬁles Restarting the System Part III Appendixes Administration Guide Conﬁguration Problems Appendix a Troubleshooting Network problems Console connection problems Power Outages How to Reset the Netopia 4753 to Factory Defaults Before contacting Netopia How to reach usNetopia Bulletin Board Service 1 Technical Support Product information can be found in the following Online product informationFAX-Back Administration Guide Appendix B Understanding IP Addressing What is IP?About IP Addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Distributing IP Addresses Example Working with a Class C subnetBackground 255.255.255.224 Technical note on subnet masking255.255.255.192 Dhcp address serving Netopia 4753 Dhcp server characteristics Serve dynamic WAN clients Using address servingManually distributing IP addresses MacIP serving Understanding IP Addressing B-9 Tips and rules for distributing IP addresses Dhcp example Internet Nested IP Subnets WAN Packet header types Broadcasts Administration Guide Appendix C Binary Conversion Table Decimal Binary Appendix D Further Reading Administration Guide No August Further Reading D-3 Administration Guide Environment Appendix E Technical Specifications and Safety InformationPower requirements Description FCC Part 15 Class B Agency ApprovalsRegulatory notices North America Declaration for Canadian users Technical Speciﬁcations and Safety Information E-3 Telecommunication Installation Cautions Netopia 4753 Speciﬁcations Physical interface Data features Protocols Quality of serviceManagement Pots support Voice featuresVoice feature support Hardware speciﬁcations Administration Guide Glossary Administration Guide Glossary Remapping See network number remapping Glossary Administration Guide Numerics Index Account types 2-2 information to obtain Index-2 Index-3 Event history 14-5 statistics Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies Administration Guide