Pptp example | Netopia 4753 manual

Virtual Private Networks (VPNs) 12-23

PPTP example

To enable a ﬁrewall to allow PPTP trafﬁc, you must provision the ﬁrewall to allow inbound and outbound TCP packets speciﬁcally destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the ﬁrewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.

From the Main Menu navigate to Display/Change IP Filter Set, and from the pop-up menu select Basic Firewall.

Main			System
Menu			Configuration

Select Display/Change Input Filter.

Display/Change Input Filter screen

Filter Sets

IP Filter

Sets

Display/Change

IP Filter Set

Basic

Firewall

+-#----	Source IP Addr----	Dest IP Addr------	Proto-Src.Port-D.Port--			On?-Fwd-+
+-------------------------------------------------------------------------						+
1	0.0.0.0	0.0.0.0	TCP	NC	=1723	Yes Yes
2	0.0.0.0	0.0.0.0	GRE	--	--	Yes Yes

For Input Filter 1 set the Destination Port information as shown below.

Change Input Filter 1

Enabled:Yes

Forward:Yes

Source IP Address:	0.0.0.0
Source IP Address Mask:	0.0.0.0
Dest. IP Address:	0.0.0.0
Dest. IP Address Mask:	0.0.0.0
Protocol Type:	TCP
Source Port Compare...	No Compare
Source Port ID:	0
Dest. Port Compare...	Equal
Dest. Port ID:	1723
Established TCP Conns. Only:	No

Image 165

Netopia 4753 manual Pptp example

Contents

Netopia Shdsl Integrated Access Device Part Number Contents Part II Advanced Configuration Contents Vi Administration Guide Contents Snmp Part III Appendixes Administration Guide Part I Getting Started Administration Guide Features and Capabilities Chapter IntroductionOverview How to Use This Guide Definition of Terms Chapter Setting Up Internet Services Unique requirements Finding an Internet Service ProviderPricing and support Endorsements Deciding on an ISP Account Obtaining Information from the ISP Setting up a Netopia 4753 account Obtaining an IP addressLocal LAN IP address information to obtain SmartIP Without Network Address Translation Find a Location Chapter Making the Physical Connections What You Need Telecommunication Installation Cautions Important Safety instructions 10/100 Ethernet port Identify the Connectors and Attach the Cables Netopia 4753 Status Lights Administration Guide Chapter Sharing the Connection Dynamic conﬁguration recommended Conﬁguring TCP/IP on Windows-based Computers Static conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh Computers TCP/IP or MacTCP Sharing the Connection Administration Guide Chapter Connecting to Your Local Network Readying Computers on Your Local Network Telephone Extension ports Connecting to an IP and Telephone Network Administration Guide Chapter Console-Based Management Connecting through a Telnet Session Conﬁguring Telnet softwareSnmp Simple Network Management Protocol. See Snmp on Connecting a Console Cable to Your Device Mac ANSI, VT-100, or VT-200 PC ANSI-BBS Navigating through the Console Screens Administration Guide Chapter Easy Setup Easy Setup Console ScreensAccessing the Easy Setup console screens Screen similar to the following Main Menu appears See Appendix A, Troubleshooting, for more suggestions LLC Snap Quick Easy Setup Connection Path Administration Guide DSL Line Conﬁguration Voice Easy Setup Easy Setup Proﬁle IP Easy Setup Easy Setup Security Conﬁguration Previous Screen To Main Menu Introduction Chapter Voice Configuration Voice Conﬁguration screen appears Configuring the Voice Features Voice Configuration Voice Gateway Administration Guide Part II Advanced Configuration Administration Guide Chapter WAN and System Configuration Configuration SetupWAN Conﬁguration Multiple ATM PVC overview Multiple ATM Permanent Virtual Circuit Support Multiple ATM PVC configuration Setup DSL Line ConfigurationSelect Display/Change Circuit and press Return Changing a circuit Administration Guide Choosing Add Circuit displays the Add Circuit screen Adding a circuit Select VC Trafﬁc Statistics Monitoring multiple virtual circuits ATM VC Statistics screen appears Commit Creating a New Connection Proﬁle Datalink PPP/MP Options Data Compression 0.0 Default Profile Default Proﬁle screen appears WAN Default Proﬁle For details on setting up IP Parameters see IP Setup on IP Parameters Default Proﬁle screen ATMP/PPTP Default Proﬁle System Conﬁguration ScreensNavigating through the System Conﬁguration screens System Conﬁguration Features Filter sets Network protocols setupIP address serving Date and time Network Time Protocol MM/DD/YY Console conﬁguration Snmp Simple Network Management Protocol Upgrade feature setSecurity Logging PPP PAP Installing the Syslog client Administration Guide Chapter IP Setup IP Setup IP Setup IP subnets For example Static routes Viewing static routes Static Routes screen will appear Adding a static route Rules of static route installation Modifying a static routeDeleting a static route Main Menu System Configuration IP Address Serving IP Setup Dhcp NetBios Options Serve Bootp Clients IP Address Pools Administration Guide Dhcp NetBIOS Options NetBios Type More Address Serving Options Select Release BootP Leases and press Return Conﬁguring the IP Address Server options Scroll UP 192.168.1.112 192.168.1.113 Scroll Down Lease Management 192.168.1.101 Dhcp Dhcp Relay Agent IP Address Serving IP Address Serving Mode Connection Proﬁles Easy-PAT List WAN Configuration Administration Guide Chapter Multiple Network Address Translation Features Port Address Translation Following is a general description of these featuresServer lists Static mapping WAN Network Complex maps Supported trafﬁc Easy Setup Proﬁle conﬁguration MultiNAT ConﬁgurationServer Lists and Dynamic NAT conﬁguration Select Network Address Translation NAT and press Return NAT rules Network Address Translation screen appears Add NAT Public Range screen appears ADD NAT MAP Select Public Range Type is Pat Public Range Start Address is Show/Change NAT Map List screen appears Modifying map lists Change NAT MAP Moving maps Dynamic 206.1.1.252 192.168.1.252 Adding Server Lists ADD NAT Server Port Show/Change NAT Server List screen appears Modifying server lists Change NAT Server Deleting a server IP proﬁle parameters Binding Map Lists and Server Lists +--NAT Map List Name Toggle Address Translation Enabled to Yes IP Parameters WAN Default Proﬁle IP Parameters Default Profile NAT NAT Associations NAT Associations +NAT Map List Name-+ MultiNAT Conﬁguration Example Enter your ISP-supplied values as shown below Change NAT Public Range ADD NAT MAP Multiple Network Address Translation Administration Guide Chapter Virtual Private Networks VPNs Transit Internetwork Summary About Pptp Tunnels Pptp conﬁguration Configuration Add Connection Profile Chap Administration Guide Conﬁguration About IPsec Tunnels DES Encryption Key Authentication Type Commit Cancel Advanced IP Proﬁle Options Interoperation with other features Encryption SupportMS-CHAP V2 and 128-bit strong encryption ATMP/PPTP Default Answer Proﬁle QuickView VPN QuickView Windows Dial-Up Networking for VPN Windows NT Windows Windows ME Atmp conﬁguration About Atmp Tunnels Atmp Tunnel Options Atmp Partner IP Address Allowing VPNs through a Firewall Pptp example on Atmp example on Pptp example Change Input Filter EnabledYes ForwardYes Source IP Address Change Output Filter EnabledYes ForwardYes Source IP Address Atmp example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address Chapter Security Suggested Security MeasuresUser Accounts Protecting the conﬁguration screens Protecting the Security Options screen Telnet Access About Filters and Filter Sets What’s a ﬁlter and what’s a ﬁlter set?How ﬁlter sets work Forward Filter priority ﬁltering rule How individual ﬁlters workParts of a ﬁlter Port numbers 161 Aurp AppleTalk 387 Internet service TCP portWho 513 Port number comparisons Putting the parts together Other ﬁlter attributesInternet Control Message Protocol Transmission Control Protocol Filtering example #1 Design guidelines Filtering example #2Disadvantages of ﬁlters Working with IP Filters and Filter Sets An approach to using ﬁlters Naming a new ﬁlter set Adding a ﬁlter set Input and output ﬁlters-source and destination Netopia R-Series RouterAdding ﬁlters to a ﬁlter set ADD this Filter NOW Cancel Viewing ﬁlters Viewing ﬁlter setsModifying ﬁlters Deleting ﬁlters Modifying ﬁlter sets Deleting a ﬁlter setSample IP ﬁlter set TCP Icmp UDP Possible modiﬁcations Firewall Tutorial General ﬁrewall terms Basic IP packet components Basic protocol typesExample TCP/UDP Ports Firewall design rules UDP Port ServiceAurp Firewall Logic Logical and function Implied rulesEstablished connections Filter basics Example IP ﬁlter set screenThis is an example of the Netopia IP ﬁlter set screen Example ﬁlters Example networkExample Example Example LAN IP Filtersets Advanced Security Options Security Databases Security Radius Client Support Radius client configuration 1812 Continue Cancel Radius Server is available to authenticate you Administration Guide Quick View Status Overview Chapter Monitoring Tools ISP General status Status lights Current status Event Histories Statistics & Logs WAN Event History Device Event History Voice Logs Voice Accounting Log IP Routing Table Served IP Addresses General Statistics Network Interface Physical Interface Snmp System Information Community strings Snmp Setup screen Snmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receivers Chapter Utilities and Diagnostics Ping Receive return Ping packet Stop Ping Trace Route Telnet Client Disconnect Telnet Console Session Factory Defaults Updating ﬁrmware Transferring Conﬁguration and Firmware Files with Tftp Downloading conﬁguration ﬁles Uploading conﬁguration ﬁles Transferring Conﬁguration and Firmware Files with Xmodem Downloading conﬁguration ﬁles Restarting the System Part III Appendixes Administration Guide Conﬁguration Problems Appendix a Troubleshooting Network problems Console connection problems Power Outages How to Reset the Netopia 4753 to Factory Defaults Netopia Bulletin Board Service 1 How to reach usTechnical Support Before contacting Netopia Online product information Product information can be found in the followingFAX-Back Administration Guide What is IP? Appendix B Understanding IP AddressingAbout IP Addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Example Working with a Class C subnet Distributing IP AddressesBackground Technical note on subnet masking 255.255.255.224255.255.255.192 Dhcp address serving Netopia 4753 Dhcp server characteristics Manually distributing IP addresses Using address servingMacIP serving Serve dynamic WAN clients Understanding IP Addressing B-9 Tips and rules for distributing IP addresses Dhcp example Internet Nested IP Subnets WAN Packet header types Broadcasts Administration Guide Appendix C Binary Conversion Table Decimal Binary Appendix D Further Reading Administration Guide No August Further Reading D-3 Administration Guide Power requirements Appendix E Technical Specifications and Safety InformationDescription Environment Regulatory notices Agency ApprovalsNorth America FCC Part 15 Class B Declaration for Canadian users Technical Speciﬁcations and Safety Information E-3 Telecommunication Installation Cautions Netopia 4753 Speciﬁcations Physical interface Data features Quality of service ProtocolsManagement Voice feature support Voice featuresHardware speciﬁcations Pots support Administration Guide Glossary Administration Guide Glossary Remapping See network number remapping Glossary Administration Guide Numerics Index Account types 2-2 information to obtain Index-2 Index-3 Event history 14-5 statistics Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies Administration Guide