4.5
DMZ
Alternately, DMZ can be enabled on the Vanguard router. When DMZ is enabled, all traffic destined to the Vanguard’s
cellular IP address that is received from the Internet is forwarded to the DMZ host. The IP address of the DMZ host is
specified by the user. Using DMZ can eliminate the need to specify many individual port forwarding rules. However, by
exposing all the ports on the local device, the local device may become more susceptible to attacks.
If specific Port Forwarding rules exist in the IP Mapping Table, they will take precedence over the DMZ host.
4.6
FRIENDLY IP ADDRESS
Friendly IP addresses can be used with either port forwarding or DMZ to provide an additional layer of security. When
Friendly IP addresses are used, the Vanguard will only forward packets to the LAN if the source IP address of the
received packet matches either the specific IP address or range of IP addresses specified in the Friendly IP address field.
This feature can be disabled by entering 0.0.0.0 in the friendly IP address field. In this case, packets from any host on
the Internet can be forwarded to the LAN when either DMZ or Port Forwarding is enabled.
5
IPSEC AND VPN PASS-THROUGH DEPLOYMENT GUIDE
This chapter will help anyone who wants to build a secure IP network using IPsec and the Calamp Vanguard 3000
Cellular Modem. Case #1: Vanguard Configured IPsec Client will demonstrate the Vanguard 3000 when used as an
IPsec client. Case #2 Vanguard Configured to use a DMZ for VPN Pass-Throughwill show the Vanguard 3000 passing an
IPsec connection from WAN to LAN. (VPN Pass-through).
5.1
BENEFITS OF IPSEC
IPsec (Internet Protocol Security Standard) is an industry driven standard that ensures confidentiality, integrity, and
authenticity of an IP network. IPsec is a key component of this standard-based, flexible solution for deploying a
network-wide policy.
There are two significant benefits to IPsec compliance for our customers: enhanced security features and
interoperability.
―
Enhanced security features
give our customers the comfort of knowing that IP based communications are using
the most secure and comprehensive standard available today for encryption and authentication.
The Vanguard IPsec encryption support: AES-128, AES-256 and 3DES.
The Vanguard IPsec authentication support: MD5 and SHA1.
All tunnels are created using the ESP (Encapsulating Security Payload) protocol.
―
Protocol interoperability
means that an IPsec compliant device, such as the Vanguard 3000, will be able to
exchange keys and encrypted communications with another IPsec compliant product such as a CISCO router.
IPSEC compliance ensures that these two different products can negotiate and maintain a secure communication
with each other.
Vanguard 3000 Series Multicarrier Cellular Data Modem & IP Router PN 001-7300-100 Rev. B
| Page 90