IP Profile Parameters | Netopia R910 specs

Virtual Private Networks (VPN) 10-83

IP Profile Parameters

The following IP Proﬁle Options screen is displayed for an IPsec Connection Proﬁle.

IP Profile Options

SPI (Security Parameters Index):	123456789
Remote Tunnel Endpoint Address:	0.0.0.0
Remote Members Network:	0.0.0.0
Remote Members Mask:	0.0.0.0
Address Translation Enabled:	Yes
NAT Map List...	Easy-PAT List
NAT Server List...	Easy-Servers
PAT IP Address:	1.1.1.1
Filter Set...	<<None>>
Remove Filter Set
Advanced IP Profile Options...
COMMIT	CANCEL

■You must specify an SPI (Security Parameters Index), which is the ESP receive side SPI and the default SPI for ESP transmit, AH receive, and AH transmit. It must be unique relative to any other conﬁguration proﬁle “ESP Receive SPIs.” (See “Advanced IP Proﬁle Options” on page 10-84.)

■You must specify a Remote Tunnel Endpoint Address. Specify the IP address of your tunnel partner, the endpoint of the tunnel. The Remote Tunnel Endpoint Address may be 0.0.0.0, which implies that the IPsec tunnel will not be established until packets are received on the SPI speciﬁed. At that time the tunnel will be bound to the Remote Tunnel Endpoint until trafﬁc from the remote gateway ceases for a timeout period.

■You must specify a Remote Members Network address. This speciﬁes the subnet of the remote IPsec tunnel and will be used with the Remote Members Mask to determine and set the route.

■You must specify a Remote Members Mask. This is the subnet mask of the remote subnet to which the IPsec tunnel will route.

■You can specify Address Translation Enabled. For more information see Chapter 9, “IP Setup and Network Address Translation.” If Address Translation Enabled is set to Yes, you can specify the following three ﬁelds:

■NAT Map List

■NAT Server List

■PAT IP Address

(Note: Since there is no protocol to derive this address, 0.0.0.0 is not permitted.)

■You can specify a Filter Set. For more information see Chapter 13, “Security.”

■You can remove a Filter Set.

■You can choose to conﬁgure Advanced IP Proﬁle Options (see “Advanced IP Proﬁle Options,” in the

Image 83

Contents

Netopia R910 Ethernet Router for DSL and Cable Modems Part Number Contents Iv User’s Reference Guide Contents Snmp Contents Index Overview Features and capabilitiesChapter Introduction How to use this guide Obtaining information from the ISP Chapter Setting Up Internet ServicesDeciding on an ISP account DSL and cable modems Without Network Address Translation Local LAN IP address information to obtainWith Network Address Translation Find a location Chapter Making the Physical Connections Line 1 port Identify the connectors and attach the cablesWhat you need Your router on Netopia R910 Ethernet Router back panel ports 10 12 13 14 15 16 Netopia R910 Ethernet Router status lights Before Chapter Connecting to Your Local Area NetworkNetwork Model After Readying computers on your local network Connecting to Your Local Area Network 10Base-T Connecting to an Ethernet networkPower port Console port Netopia R910 in a 10Base-T network User’s Reference Guide Hardware and operating system requirements Chapter Configuring TCP/IP Dynamic conﬁguration recommended Conﬁguring TCP/IP on Windows 95 or Static conﬁguration optional Conﬁguring TCP/IP on a Macintosh Computer Static conﬁguration optional Dynamic conﬁguration using MacIP optional Conﬁguring TCP/IP User’s Reference Guide Chapter Console-Based Management Snmp Simple Network Management Protocol. See Snmp on Connecting through a Telnet session Conﬁguring Telnet software Connecting a console cable to your router Mac ANSI, VT-100, or VT-200 Navigating through the console screens Accessing the Easy Setup console screens Chapter Easy SetupEasy Setup console screens Screen similar to the following Main Menu appears If your ISP doesn’t support Dhcp Quick Easy Setup connection pathIf your ISP supports Dhcp Main Menu appears WAN Ethernet Conﬁguration More Easy Setup options Previous Screen Next Screen IP Easy Setup Easy Setup Security Conﬁguration User’s Reference Guide WAN conﬁguration Chapter WAN and System Configuration System conﬁguration screens Navigating through the system conﬁguration screens System conﬁguration features Date and time IP setupFilter sets ﬁrewalls IP address serving Security Upgrade feature setConsole conﬁguration Snmp Simple Network Management Protocol Logging Installing the Syslog client Network Address Translation features Chapter IP Setup and Network Address Translation HOW NAT Works Using Network Address Translation To Main Menu Network Address Translation guideline Associating port numbers with nodes IP Setup Ethernet IP Address IP Setup and Network Address Translation Exports, Add Export, and Delete Export Select Add Export. The Add Exported Service screen appears Select Service. a pop-up menu of services and ports appears IP subnets IP Setup and Network Address Translation Static routes Viewing static routes Static Routes screen will appear Adding a static route Deleting a static route Rules of static route installationModifying a static route Main Menu System Configuration IP Address Serving Dhcp NetBios Options Serve Bootp Clients IP Address Pools IP Setup and Network Address Translation Dhcp NetBIOS Options NetBios Type User’s Reference Guide Chapter Virtual Private Networks VPN Transi t In t ern etwor k Summary About Pptp Tunnels Pptp configurationConfiguration Add Connection Profile Chap User’s Reference Guide MS-CHAP V2 and strong encryption Encryption SupportIP Proﬁle Parameters screen appears About IPsec Tunnels Configuration Add Connection Proﬁle screen appears IPsec Encryption & Authentication Options IP Profile Parameters Following section Advanced IP Profile Options VPN Default Answer Profile QuickView Interoperation with other featuresVPN QuickView Virtual Private Networks VPN Dial-Up Networking for VPN Installing Dial-Up Networking Creating a new Dial-Up Networking profile Configuring a Dial-Up Networking profile Virtual Private Networks VPN Windows 98 VPN installation Installing the VPN ClientWindows 95 VPN installation Connecting using Dial-Up Networking About Atmp Tunnels Atmp configuration Pptp Commitcancel User’s Reference Guide Local WAN IP Address 0.0 Remote IP Address Pptp example on Atmp example on Allowing VPNs through a Firewall Pptp example Change Input Filter EnabledYes ForwardYes Source IP Address Change Output Filter EnabledYes ForwardYes Source IP Address Atmp example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address Chapter PPP over Ethernet Setup EN WAN Module Add Connection PPP Ethernet LAN Reconfiguration Quick View Quick View status overview Chapter Monitoring Tools Status lights General status General Statistics Statistics & Logs Network Interface Event historiesPhysical Interface Device Event History WAN Event History Routing tables Scroll Down IP routing table Served IP Addresses System Information Snmp Snmp Setup screen Community strings Snmp traps Modifying IP trap receivers Setting the IP trap receiversViewing IP trap receivers Deleting IP trap receivers User’s Reference Guide User accounts Chapter SecuritySuggested security measures Protecting the conﬁguration screens Protecting the Security Options screen Telnet access How ﬁlter sets work About ﬁlters and ﬁlter setsWhat’s a ﬁlter and what’s a ﬁlter set? Filter priority ﬁltering rule How individual ﬁlters workﬁlter’s actions Who 513 Parts of a ﬁlterPort numbers 161 Aurp AppleTalk 387 Putting the parts together Other ﬁlter attributes Filtering example #1 Internet Control Message ProtocolTransmission Control Protocol User Datagram Protocol Filtering example #2 Design guidelines Disadvantages of ﬁlters An approach to using ﬁltersWorking with IP ﬁlters and ﬁlter sets Adding a ﬁlter set Naming a new ﬁlter set Adding ﬁlters to a ﬁlter set Input and output ﬁlters-source and destinationNetopia R910 Router ADD this Filter NOW Cancel Deleting ﬁlters Viewing ﬁlter setsViewing ﬁlters Modifying ﬁlters Sample IP ﬁlter set Modifying ﬁlter setsDeleting a ﬁlter set TCP Icmp UDP Possible modiﬁcations User’s Reference Guide ACK Bit Yes Firewall tutorial General ﬁrewall termsBasic IP packet components Basic protocol types Firewall Logic Firewall design rulesExample TCP/UDP Ports Implied rules Binary representationLogical and function This is an example of the Netopia IP ﬁlter set screen Filter basicsEstablished connections Example IP ﬁlter set screen Example Example ﬁltersExample network Example Example User’s Reference Guide Radius Client Support Radius client configuration Radius Server Secret Continue Cancel Continue Chapter Utilities and Diagnostics Start Ping Ping Receive return Ping packet Stop Ping Trace Route Telnet client Transferring conﬁguration and ﬁrmware ﬁles with Tftp Factory defaultsDisconnect Telnet console session Updating ﬁrmware Press Return. You will see the following dialog box Downloading conﬁguration ﬁles Transferring conﬁguration and ﬁrmware ﬁles with Xmodem Uploading conﬁguration ﬁles Idle Do you want to send a saved configuration to your Netopia? Restarting the system Conﬁguration problems Appendix a Troubleshooting Network problems Console connection problems Power outages How to reset the router to factory defaults Environment proﬁle How to reach usTechnical support Before contacting Netopia Online Technical Support Online product informationProduct information can be found in the following User’s Reference Guide About IP addressing What is IP?Appendix B Understanding IP Addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Background Example Working with a Class C subnetDistributing IP addresses 255.255.255.224 Technical note on subnet masking Dhcp address serving Netopia R910 Dhcp server characteristicsConﬁguration 255.255.255.0 MacIP serving Using address servingManually distributing IP addresses Tips and rules for distributing IP addresses Understanding IP Addressing B-181 Dhcp example Nested IP subnets Internet 0.0 C.1 WAN 3719 Packet header types Broadcasts User’s Reference Guide Background Appendix C Understanding Netopia NAT BehaviorNetwork conﬁguration User’s Reference Guide Understanding Netopia NAT Behavior C-189 Router Netopia Understanding Netopia NAT Behavior C-191 Exported services Important notes Understanding Netopia NAT Behavior C-193 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide Further Reading E-199 User’s Reference Guide Appendix F Technical Specifications and Safety Information Declaration for Canadian users Regulatory notices Battery Important safety instructionsTelecommunication installation cautions User’s Reference Guide Deﬁned B-180 Index Index-206 Index-207 SmartIP Index-208 Index-209