Netopia 6.3 Gateway, Internet

57

Section 4 Configure

Typical Network Diagram

A typical network utilizing the NAT Default Server looks like this:

NAT Combination Application

Cayman’s NAT security feature allows you to conﬁgure a sophisticated LAN

layout that uses both the Pinhole and Default Server capabilities.

With this topology, you conﬁgure the embedded administration ports as a

ﬁrst task, followed by the Pinholes and, ﬁnally, the NAT Default Server.

When using both NAT pinholes and NAT Default Server the Gateway works

with the following rules (in sequence) to forward trafﬁc from the Internet

to the LAN:

1. If the packet is a response to an existing connection created by outbound traf-

ﬁc from a LAN PC, forward to that station.

2. If not, check for a match with a pinhole conﬁguration and, if one is found, for-

ward the packet according to the pinhole rule.

3. If there’s no pinhole, the packet is forwarded to the Default Server.

WAN

LAN

Ethernet

Interface

192.168.1.3

192.168.1.2

192.168.1.1

LAN STN #3

LAN STN #2

NAT Default Server

Gateway

NAT

NAT Pinhole

Embedded

Web Server

210.219.41.20

210.219.41.20

(Port 80 default)

NAT protected

Ethernet

Interface

Internet

Contents

Main Disclaimers Table of Contents About Cayman Documentation Intended Audience Introduction Section 1 Documentation Conventions General Internal Web Interface Command Line Interface Icons Text Organization Section 2 Basic Product Structure Basic Product Structure About Cayman-series Gateways Section 2 Whats New in Version 6.3 New Embedded Web Server Maintenance Enhancements Computer Names Updater Capabilities Roadmap for COS 6.3 Capabilities Roadmap: Cayman Gateways with COS 6.3 General Feature Keys Overview of Major Capabilities Section 3 Management Embedded Web Server Diagnostics Local Area Network DHCP (Dynamic Host Conguration Protocol) Server DHCP (Dynamic Host Conguration Protocol) Relay Agent DNS Proxy Wide Area Network DHCP (Dynamic Host Conguration Protocol) Client PPPoE (Point-to-Point Protocol over Ethernet) Instant-On PPP Static IP Addresses IPMaps Security Password Protection Network Address Translation (NAT) Cayman Advanced Features for NAT Internal Servers NAT LAN Dual Ethernet Gateway Pinholes Default Server Combination NAT Bypass Conguration Security Monitor Event Details Page Page BreakWater Basic Firewall VPN IPSec Pass Through SafeHarbour VPN IPSec Tunnel Encrypted IPSec Tunnel SafeHarbour VPN IPSec Tunnel Termination IP Network Access the User Interface Web-based User Interface Section 4 Home page Section 4 Home page Home page - Information Toolbar Navigating the Web Interface Restart Page Help Congure Quickstart How to Use the Quickstart Page Setup Your Gateway using a DHCP Connection If you need to change either of these elds, use the following procedure. Change Procedure Save and Restart Enable MAC Override Page Setup Your Gateway using a PPP Connection Setup Your Gateway using a Static IP Address Page LAN WAN Advanced Page Congure Specic Pinholes TIPS Gateway Internet Page Page Pinholes Save and Restart Congure the IPMaps Feature Page NAT/PA T T able Cayman Gateway IPMaps: One-to-One Multiple Address Mapping WAN Interface LAN Interface 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.n Page Congure a Default Server Gateway Internet Page Page Page Page Page Page Override Page Security Create and Change Passwords Page Use a Cayman Firewall Page Page Page Congure a SafeHarbour VPN Page Page IPSec Tunnel Parameter Setup Worksheet Task 1: Ensure that you have SafeHarbour VPN enabled. Task2: Complete Parameter Setup Worksheet Task 3: Enable IPSec Task 4: Make the IPSec Tunnel Entries Task 5: Make the Tunnel Details entries Use the following steps: Using the Security Monitoring Log Page Timestamp Background Install Install Software Required Tasks Warnings: Software Upgrade Instructions Task 1 Required Files Task 2 Updater File Page Home Page Task 3 COS 6.3 Image File Verify Open Install Page Page Install Keys Use Cayman Software Feature Keys Page To check your installed features: Page Troubleshoot Page Page Troubleshoot NSLookup System Status Manage a Restricted Number of WAN Users User Status Disconnect Current WAN Users Exceeding the WAN User Limit Appendix A Overview Overview Tour: Command Line Interface Appendix A SHELL Commands Command Status and/or Description Appendix A Overview CONFIG Commands Command Verbs Status and/or Description Keywords Command Utilities Starting and Ending a CLI Session Connecting from telnet Connecting from the Maintenance Console Port Logging In Appendix A Using the CLI Help Facility Using the CLI Help Facility About SHELL Commands SHELL Prompt SHELL Command Shortcuts SHELL Commands vpi vci nnn.nnn.nnn.nnn vpi vci nnn.nnn.nnn.nnn Page message_string level size count vcc-id seconds Page Page port About CONFIG Commands CONFIG Mode Prompt Navigating the CONFIG Hierarchy Appendix A About CONFIG Commands BOTH set ip ethernet address Entering Commands in CONFIG Mode Guidelines: CONFIG Commands BOTH set ip ethernet address 192.31.222.57 Appendix A About CONFIG Commands Displaying Current Gateway Settings Step Mode: A CLI Conguration Technique option (off) [on | off]: on Validating Your Conguration CONFIG Commands ATM Settings Bridging Settings DHCP Settings lease-time DMT Settings Domain Name System Settings domain-name Ethernet MAC Address Settings mac_address IP Settings Basic Settings DSL set ip dsl vccn broadcast DSL Settings DSL set ip dsl vccn netmask Ethernet Settings Page Default IP Gateway Settings WAN-to-WAN Routing Settings IP-over-PPP Settings Page Static ARP Settings MAC_address Static Route Settings gate_address WAN Settings IPMaps Settings ip address Network Address Translation (NAT) Default Settings Network Address Translation (NAT) Pinhole Settings PPPoE Settings internal-ip internal-port Conguring Basic PPP Settings Conguring Port Authentication BOTH set PPP module [vccn] restart-timer BOTH set PPP module [vccn] time-out BOTH set PPP module [vccn] connection-type { instant-on | always-on } BOTH set PPP module [vccn] port-authentication chap-option { on | off } chap_name secret password pap_name Conguring Peer Authentication peer-name password peer-name secret Command Line Interface Preference Settings Port Renumbering Settings BOTH set servers web-http [ 0 - 32767 ] BOTH set preference verbose { on | off } set dene verbose { on | off } BOTH set preference more set dene more Security Settings Firewall Settings (for BreakWater Firewall). SafeHarbour IPSec Settings Page Internet Key Exchange (IKE) Settings SNMP Settings BOTH set snmp community BOTH set snmp sysgroup location BOTH set snmp sysgroup contact community-name level Trafc Shaping Settings Glossary Appendix B Page Page Page Internet Key Exchange (IKE) Page ASCII HEX MD5 SHA1 CAST 3DES 1 and 1,000,000 MB Page Page Index Symbols A B C H I K L M S T U V W Contact Information