Manuals / Netopia / Computer Equipment / Network Router

Netopia R910 manual IP Profile Parameters, Virtual Private Networks VPN

Models: R910

1 209

Download 209 pages 33.84 Kb

Page 83

Virtual Private Networks (VPN) 10-83

IP Profile Parameters

The following IP Proﬁle Options screen is displayed for an IPsec Connection Proﬁle.

IP Profile Options

SPI (Security Parameters Index):	123456789
Remote Tunnel Endpoint Address:	0.0.0.0
Remote Members Network:	0.0.0.0
Remote Members Mask:	0.0.0.0
Address Translation Enabled:	Yes
NAT Map List...	Easy-PAT List
NAT Server List...	Easy-Servers
PAT IP Address:	1.1.1.1
Filter Set...	<<None>>
Remove Filter Set
Advanced IP Profile Options...
COMMIT	CANCEL

■You must specify an SPI (Security Parameters Index), which is the ESP receive side SPI and the default SPI for ESP transmit, AH receive, and AH transmit. It must be unique relative to any other conﬁguration proﬁle “ESP Receive SPIs.” (See “Advanced IP Proﬁle Options” on page 10-84.)

■You must specify a Remote Tunnel Endpoint Address. Specify the IP address of your tunnel partner, the endpoint of the tunnel. The Remote Tunnel Endpoint Address may be 0.0.0.0, which implies that the IPsec tunnel will not be established until packets are received on the SPI speciﬁed. At that time the tunnel will be bound to the Remote Tunnel Endpoint until trafﬁc from the remote gateway ceases for a timeout period.

■You must specify a Remote Members Network address. This speciﬁes the subnet of the remote IPsec tunnel and will be used with the Remote Members Mask to determine and set the route.

■You must specify a Remote Members Mask. This is the subnet mask of the remote subnet to which the IPsec tunnel will route.

■You can specify Address Translation Enabled. For more information see Chapter 9, “IP Setup and Network Address Translation.” If Address Translation Enabled is set to Yes, you can specify the following three ﬁelds:

■NAT Map List

■NAT Server List

■PAT IP Address

(Note: Since there is no protocol to derive this address, 0.0.0.0 is not permitted.)

■You can specify a Filter Set. For more information see Chapter 13, “Security.”

■You can remove a Filter Set.

■You can choose to conﬁgure Advanced IP Proﬁle Options (see “Advanced IP Proﬁle Options,” in the

Image 83

Contents

User’s Reference Guide Netopia R910 Ethernet Router for DSL and Cable ModemsPrinted Copies CopyrightPart Number Chapter 2 - Setting Up Internet Services ContentsFeatures and capabilities How to use this guideAccessing the Easy Setup console screens Connecting a console cable to your routerChapter 7 - Easy Setup Easy Setup console screensInstalling the VPN Client DHCP NetBIOS OptionsVPN Default Answer Proﬁle Installing Dial-Up Networking12-109 The SNMP Setup screenTelnet access Chapter 12 - Monitoring ToolsConﬁguration problems Chapter 14 - Utilities and DiagnosticsFactory defaults Appendix A - TroubleshootingPower requirements Using address servingExported services Appendix F - Technical Speciﬁcations and SafetyOverview Features and capabilities“Features and capabilities” on page “How to use this guide” on page Chapter Introduction1-10 User’s Reference Guide How to use this guideDSL and cable modems Chapter Setting Up Internet ServicesSetting Up Internet Services Deciding on an ISP accountWithout Network Address Translation Local LAN IP address information to obtain2-12 User’s Reference Guide With Network Address TranslationMaking the Physical Connections “Identify the connectors and attach the cables” on pageChapter Making the Physical Connections Find a location3-14 User’s Reference Guide Identify the connectors and attach the cablesWhat you need Making the Physical Connections Netopia R910 Ethernet Router back panel portsyour router” on page 8 9 10 12 13 14 15 16 Netopia R910 Ethernet Router status lights3-16 User’s Reference Guide Network Model Chapter Connecting to Your Local Area NetworkConnecting to Your Local Area Network “Connecting to an Ethernet network” on pageAfter Readying computers on your local network4-18 User’s Reference Guide Application software TCP/IP stack Ethernet/EtherTalk Driver Your PC Connecting to Your Local Area Network4-20 User’s Reference Guide Connecting to an Ethernet network10Base-T The Netopia R910 in a 10Base-T network with a hub Connecting to Your Local Area NetworkThe Netopia R910 in a 10Base-T network 4-22 User’s Reference Guide “Hardware and operating system requirements” on page Chapter Configuring TCP/IPHardware and operating system requirements Conﬁguring TCP/IPDynamic conﬁguration recommended Conﬁguring TCP/IP on Windows 95 or5-24 User’s Reference Guide Conﬁguring TCP/IP Static conﬁguration optionalDynamic conﬁguration recommended Conﬁguring TCP/IP on a Macintosh Computer5-26 User’s Reference Guide 1. Go to the Apple menu. Select Conﬁguring TCP/IPStatic conﬁguration optional 5-28 User’s Reference Guide Dynamic conﬁguration using MacIP optionalConﬁguring TCP/IP 5-30 User’s Reference Guide Console-Based Management “Connecting through a Telnet session” on page“Connecting a console cable to your router” on page Chapter Console-Based ManagementFilter sets ﬁrewalls. See “About ﬁlters and ﬁlter sets” on page Connecting through a Telnet sessionUpgrade feature set. See “Upgrade feature set” on page 6-32 User’s Reference GuideConsole-Based Management Connecting a console cable to your routerConﬁguring Telnet software 6-34 User’s Reference Guide Navigating through the console screensEasy Setup Chapter Easy SetupEasy Setup console screens Accessing the Easy Setup console screens7-36 User’s Reference Guide See Appendix A, “Troubleshooting,” for more suggestionsEasy Setup Quick Easy Setup connection pathIf your ISP supports DHCP If your ISP doesn’t support DHCP7-38 User’s Reference Guide For more Easy Setup options see “More Easy Setup options” on pageEasy Setup More Easy Setup optionsWAN Ethernet Conﬁguration 7-40 User’s Reference Guide IP Easy SetupEasy Setup Easy Setup Security Conﬁguration1. Select RESTART DEVICE. A prompt asks you to conﬁrm your choice 7-42 User’s Reference GuideEasy Setup is now complete WAN and System Conﬁguration Chapter WAN and System Configuration“System conﬁguration features” on page WAN conﬁguration8-44 User’s Reference Guide System conﬁguration screensWAN and System Conﬁguration Navigating through the system conﬁguration screens8-46 User’s Reference Guide System conﬁguration featuresDate and time IP setupFilter sets ﬁrewalls IP address servingSecurity Upgrade feature setConsole conﬁguration SNMP Simple Network Management ProtocolWAN and System Conﬁguration Logging8-50 User’s Reference Guide Installing the Syslog client“Network Address Translation features” on page Chapter IP Setup and Network Address TranslationNetwork Address Translation features IP Setup and Network Address Translation192.168.1.100 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 9-52 User’s Reference GuideHOW NAT WORKS With NAT ISP 163.167.132.1 Without NAT or corporate intranet routerIP Setup and Network Address Translation Using Network Address TranslationNote See “Associating port numbers with nodes” on page 9-54 User’s Reference Guide IP Setup and Network Address Translation Associating port numbers with nodesNetwork Address Translation guideline IP setup 9-56 User’s Reference GuideIP Setup and Network Address Translation Exports, Add Export, and Delete Export 9-58 User’s Reference GuideSelect Add Export. The Add Exported Service screen appears CANCELSelect Service. A pop-up menu of services and ports appears IP Setup and Network Address Translation9-60 User’s Reference Guide IP subnetsFor example IP Setup and Network Address Translationpage Static routes9-62 User’s Reference Guide IP Setup and Network Address Translation Viewing static routesAdding a static route 9-64 User’s Reference GuideIP Setup and Network Address Translation Rules of static route installationModifying a static route Deleting a static routeIP address serving 9-66 User’s Reference GuideServe DHCP Clients Serve BootP Clients Serve Dynamic WAN Clients Follow these steps to conﬁgure IP Address Serving IP Setup and Network Address Translation9-68 User’s Reference Guide IP Address PoolsNumerous factors inﬂuence the choice of served address. It is difﬁcult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been conﬁgured, and the clients involved have no prior address serving interactions, the Netopia R910 will generally serve the ﬁrst unused address from the ﬁrst address pool with an available address. The Netopia R910 starts from the pool on the ﬁrst row and continues to the pool on the last row of this screen IP Setup and Network Address Translation9-70 User’s Reference Guide DHCP NetBIOS OptionsIP Setup and Network Address Translation You have ﬁnished your IP setup 9-72 User’s Reference GuideSelect Release BootP Leases and press Return Virtual Private Networks VPN “VPN Default Answer Proﬁle” on page “VPN QuickView” on page“Installing the VPN Client” on page “About ATMP Tunnels” on page Chapter Virtual Private Networks VPNTransi t In t ern etwor k 10-74 User’s Reference GuideVirtual Private Networks VPN “About PPTP Tunnels” on page “About IPsec Tunnels” on page“About ATMP Tunnels” on page Summary10-76 User’s Reference Guide PPTP configurationAbout PPTP Tunnels Virtual Private Networks VPN Note Proﬁles using PPTP do not offer a Telco Options screen10-78 User’s Reference Guide Virtual Private Networks VPN Encryption SupportMS-CHAP V2 and strong encryption 10-80 User’s Reference Guide ConfigurationAbout IPsec Tunnels The Add Connection Proﬁle screen appears Virtual Private Networks VPN10-82 User’s Reference Guide Virtual Private Networks VPN IP Profile Parameters10-84 User’s Reference Guide Advanced IP Profile OptionsVirtual Private Networks VPN VPN Default Answer Profile10-86 User’s Reference Guide Interoperation with other featuresVPN QuickView Proﬁle Name Lists the name of the Connection Proﬁle being used, if any Virtual Private Networks VPN10-88 User’s Reference Guide Installing Dial-Up NetworkingDial-Up Networking for VPN Virtual Private Networks VPN Creating a new Dial-Up Networking profile10-90 User’s Reference Guide Configuring a Dial-Up Networking profileVirtual Private Networks VPN 4. Click the TCP/IP Settings button10-92 User’s Reference Guide Installing the VPN ClientWindows 95 VPN installation Windows 98 VPN installationVirtual Private Networks VPN Connecting using Dial-Up Networking10-94 User’s Reference Guide ATMP configurationAbout ATMP Tunnels Virtual Private Networks VPN Note Proﬁles using ATMP do not offer a Telco Options screen10-96 User’s Reference Guide Virtual Private Networks VPN “PPTP example” on page “ATMP example” on page Allowing VPNs through a Firewall10-98 User’s Reference Guide Display/Change Input Filter screen PPTP exampleVirtual Private Networks VPN 10-100 User’s Reference Guide 0.0.0.0 Virtual Private Networks VPN0.0.0.0 0.0.0.010-102 User’s Reference Guide ATMP exampleVirtual Private Networks VPN 0.0.0.0 10-104 User’s Reference Guide0.0.0.0 0.0.0.0PPP over Ethernet Chapter PPP over Ethernet11-106 User’s Reference Guide PPP over Ethernet PPP Ethernet LAN ReconfigurationConfiguration The Netopia R910 offers the ability for PPP to reconﬁgure the router’s Ethernet LAN when establishing an unnumbered, non-NAT connection11-108 User’s Reference Guide Quick View“Quick View status overview” on page “Statistics & Logs” on page Chapter Monitoring ToolsQuick View status overview Monitoring Tools12-110 User’s Reference Guide General statusStatus lights Monitoring Tools Statistics & LogsGeneral Statistics Network Interface Event histories12-112 User’s Reference Guide Physical InterfaceMonitoring Tools WAN Event HistoryDevice Event History 12-114 User’s Reference Guide Routing tablesMonitoring Tools IP routing table12-116 User’s Reference Guide Served IP AddressesMonitoring Tools System Information12-118 User’s Reference Guide The SNMP Setup screenSNMP Monitoring Tools SNMP trapsCommunity strings Modifying IP trap receivers Setting the IP trap receivers12-120 User’s Reference Guide Viewing IP trap receiversMonitoring Tools Deleting IP trap receivers12-122 User’s Reference Guide User accounts “Telnet access” on page “About ﬁlters and ﬁlter sets” on pageChapter Security Suggested security measuresProtecting the conﬁguration screens 13-124 User’s Reference GuideProtecting the Security Options screen Security Telnet access13-126 User’s Reference Guide About ﬁlters and ﬁlter setsWhat’s a ﬁlter and what’s a ﬁlter set? How ﬁlter sets worksend to next filter yes pass or discard? discard delete pass Filter prioritySecurity packet first filter match?A ﬁltering rule How individual ﬁlters work13-128 User’s Reference Guide A ﬁlter’s actionsSecurity Parts of a ﬁlterPort numbers Port number comparisonsPutting the parts together 13-130 User’s Reference GuideOther ﬁlter attributes Security Filtering example #1Filtering example #2 Design guidelines13-132 User’s Reference Guide Security An approach to using ﬁltersWorking with IP ﬁlters and ﬁlter sets Disadvantages of ﬁlters13-134 User’s Reference Guide Adding a ﬁlter setSecurity Naming a new ﬁlter setAdding ﬁlters to a ﬁlter set 13-136 User’s Reference GuideInput and output ﬁlters-source and destination Security 1. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes. If Enabled is toggled to No, the ﬁlter can still exist in the ﬁlter set, but it will have no effectModifying ﬁlters Viewing ﬁlter sets13-138 User’s Reference Guide Viewing ﬁltersSecurity Modifying ﬁlter setsDeleting a ﬁlter set A sample IP ﬁlter set13-140 User’s Reference Guide Security Possible modiﬁcations13-142 User’s Reference Guide Security Firewall tutorial General ﬁrewall termsBasic IP packet components Basic protocol typesFirewall Logic Firewall design rules13-144 User’s Reference Guide Example TCP/UDP PortsSecurity Binary representationLogical AND function Implied rulesExample IP ﬁlter set screen Filter basics13-146 User’s Reference Guide Established connectionsInternet Example ﬁltersIncoming Packet Filter NetopiaExample 13-148 User’s Reference GuideExample Example SecurityExample 13-150 User’s Reference Guide Security RADIUS client configurationRADIUS Client Support Local then RADIUS 13-152 User’s Reference GuideRADIUS Server Authentication Port RADIUS then LocalAdvanced Security Options be unable to configure this device unless a Radius Server isSecurity 13-154 User’s Reference Guide “Ping” on page “Trace Route” on page “Telnet client” on page Chapter Utilities and DiagnosticsUtilities and Diagnostics “Factory defaults” on page14-156 User’s Reference Guide PingUtilities and Diagnostics 14-158 User’s Reference Guide Trace RouteUtilities and Diagnostics Telnet client14-160 User’s Reference Guide Factory defaultsDisconnect Telnet console session Transferring conﬁguration and ﬁrmware ﬁles with TFTPGET CONFIG FROM SERVER SEND CONFIG TO SERVER Updating ﬁrmwareUtilities and Diagnostics GET WAN MODULE FIRMWARE FROM SERVER Config File Name14-162 User’s Reference Guide Downloading conﬁguration ﬁlesUtilities and Diagnostics Uploading conﬁguration ﬁlesTransferring conﬁguration and ﬁrmware ﬁles with XMODEM Updating ﬁrmware 14-164 User’s Reference GuideUploading conﬁguration ﬁles Utilities and DiagnosticsDownloading conﬁguration ﬁles 14-166 User’s Reference Guide Restarting the system“Conﬁguration problems” on page A-167 Appendix A TroubleshootingConﬁguration problems Troubleshooting A-167Local routing problems Console connection problemsNetwork problems Problems communicating with remote IP hostsTroubleshooting A-169 How to reset the router to factory defaultsPower outages Reset Switch SlotBefore contacting Netopia How to reach usTechnical support A-170 User’s Reference GuideOnline Technical Support Troubleshooting A-171Online product information A-172 User’s Reference Guide About IP addressing What is IP?“What is IP?” on page B-173 “About IP addressing” on page B-173 Appendix B Understanding IP AddressingB-174 User’s Reference Guide Subnets and subnet masksSubnet masks Example Using subnets on a Class C IP internetUnderstanding IP Addressing B-175 ISP Network B-176 User’s Reference GuideNetwork conﬁguration Customer Site ABackground Example Working with a Class C subnetDistributing IP addresses Understanding IP Addressing B-177B-178 User’s Reference Guide Technical note on subnet maskingDHCP address serving Netopia R910 DHCP server characteristicsConﬁguration Understanding IP Addressing B-179B-180 User’s Reference Guide Using address servingManually distributing IP addresses Tips and rules for distributing IP addressesUnderstanding IP Addressing B-181 A DHCP example Nested IP subnetsB-182 User’s Reference Guide Internet Understanding IP Addressing B-183B-184 User’s Reference Guide Understanding IP Addressing B-185 BroadcastsPacket header types B-186 User’s Reference Guide ISP Network Appendix C Understanding Netopia NAT BehaviorNetwork conﬁguration BackgroundC-188 User’s Reference Guide Workstation A Understanding Netopia NAT Behavior C-189Workstations C-190 User’s Reference GuideUnderstanding Netopia NAT Behavior C-191 Exported servicesC-192 User’s Reference Guide Important notesConﬁguration Understanding Netopia NAT Behavior C-193C-194 User’s Reference Guide SummaryBinary Conversion Table D-195 Appendix D Binary Conversion TableDecimal D-196 User’s Reference GuideDecimal BinaryFurther Reading E-197 Appendix E Further ReadingE-198 User’s Reference Guide Further Reading E-199 E-200 User’s Reference Guide Description Appendix F Technical Specifications and Safety InformationPower requirements Technical Speciﬁcations and Safety Information F-201Declaration for Canadian users Regulatory noticesF-202 User’s Reference Guide Battery Important safety instructionsTechnical Speciﬁcations and Safety Information F-203 Telecommunication installation cautionsF-204 User’s Reference Guide Index-205 IndexNumerics Index-206 Index-207 Index-208 13-131Index-209