manualshive.com logo in svg

Linksys BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router, User Manual

The Linksys BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router is a powerful networking device that offers high-speed connectivity and enhanced security features. Its specifications include advanced firewall protection and four-port Ethernet switch for seamless data transfer. Download the free user manual from our website for complete setup instructions and detailed product information.

Share
Download
background image

28

Chapter 5: Using The Router’s Web-based Utility
The Security Tab

Broadband Firewall Router with 4-Port Switch/VPN Endpoint

IP Address

. If you select IP Address, enter the IP Address of the VPN device at the other end of the tunnel. 

The remote VPN device can be another VPN Router, a VPN Server, or a computer with VPN client software that 
supports IPSec.  The IP Address may either be static (permanent) or dynamic (changing), depending on the 
settings of the remote VPN device.  Make sure that you have entered the IP Address correctly, or the 
connection cannot be made.  Remember, this is NOT the IP Address of the local VPN Router, but the IP Address 
of the remote VPN Router or device with which you wish to communicate.

FQDN

 (Fully Qualified Domain Name). If you select FQDN, enter the FQDN of the VPN device at the other end of 

the tunnel. The remote VPN device can be another VPN Router, a VPN Server, or a computer with VPN client 
software that supports IPSec.  The FQDN is the host name and domain name for a specific computer on the 
Internet, for example, vpn.myvpnserver.com.

Any

. If you select Any for the Remote Security Gateway, the VPN device at the other end of the tunnel will 

accept a request from any IP address. The remote VPN device can be another VPN Router, a VPN Server, or a 
computer with VPN client software that supports IPSec. If the remote user has an unknown or dynamic IP 
address (such as a professional on the road or a telecommuter using DHCP or PPPoE), then Any should be 
selected.

Encryption

. Using Encryption also helps make your connection more secure.  There are two different types of 

encryption: DES or 3DES (3DES is recommended because it is more secure).  You may choose either of these, 
but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel.  
Or, you may choose not to encrypt by selecting Disable. 

Authentication

. Authentication acts as another level of security.  There are two types of authentication: MD5 

and SHA (SHA is recommended because it is more secure).  As with encryption, either of these may be 
selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication.  
Or, both ends of the tunnel may choose to Disable authentication.  

Key Management

In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way 
the data will be decrypted.  This is done by sharing a “key” to the encryption code.  Under Key Management, you 
may choose automatic or manual key management.

Automatic Key Management

. Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared 

Key field. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE 
proposals are secure. In the example shown the word 

chappy

 is used.  Based on this word, which MUST be 

entered at both ends of the tunnel if this method is used, a key is generated to scramble (encrypt) the data 
being transmitted over the tunnel, where it is unscrambled (decrypted).  You may use any combination of up 
to 24 numbers or letters in this field. No special characters or spaces are allowed. In the Key Lifetime field, 

Figure 5-22: Key Management

Figure 5-21: Remote Security Gateway

Summary of Contents for BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router

Page 1: ...A Division of Cisco Systems Inc Model No WIRED with 4 Port Switch VPN Broadband Firewall Router BEFSX41 User Guide Endpoint ...

Page 2: ...r technical terms that are presented like this Also each figure diagram screenshot or other image is provided with a figure number and description like this Figure numbers and descriptions can also be found in the List of Figures section in the Table of Contents This exclamation point means there is a Caution or Warning and is something that could damage your property or the Router word definition...

Page 3: ...el 8 Chapter 4 Connecting the Router 9 Overview 9 Connection Instructions 10 Chapter 5 Using The Router s Web based Utility 11 Overview 11 Navigating the Utility 11 Accessing the Utility 13 The Setup Tab 13 The Security Tab 25 The Restrict Access Tab 31 The Applications Gaming Tab 33 Port Triggering 34 UPnP Forwarding 35 DMZ 37 The Administration Tab 38 The Status Tab 42 Appendix A Troubleshooting...

Page 4: ...p 60 Appendix E Maximizing VPN Security 61 Appendix F Configuring IPSec between a Windows 2000 or XP Computer and the Gateway 63 Introduction 63 Environment 63 How to Establish a Secure IPSec Tunnel 64 Appendix G SNMP Functions 74 Appendix H Glossary 75 Appendix I Specifications 79 Appendix J Warranty Information 80 Appendix K Regulatory Information 81 Appendix L Contact Information 82 ...

Page 5: ...etup 13 Figure 5 4 DHCP Connection Type 14 Figure 5 5 Static IP Connection Type 14 Figure 5 6 PPPoE Connection Type 15 Figure 5 7 RAS Connection Type 16 Figure 5 8 PPTP Connection Type 17 Figure 5 9 Heart Beat Signal Connection Type 18 Figure 5 10 L2TP Connection Type 19 Figure 5 11 Network Setup 20 Figure 5 12 Setup Tab DynDNS org 21 Figure 5 13 Setup Tab TZO com 21 Figure 5 14 Setup Tab MAC Addr...

Page 6: ...32 Administration Tab Management 38 Figure 5 33 Administration Tab Log 39 Figure 5 34 View Log 39 Figure 5 35 Administration Tab Diagnostics 40 Figure 5 36 Administration Tab Factory Defaults 41 Figure 5 37 Administration Tab Firmware Upgrade 41 Figure 5 38 Status Tab Router 42 Figure 5 39 Status Tab Local Network 43 Figure 5 40 DHCP Active IP Table 43 Figure B 1 Upgrade Firmware 57 Figure C 1 IP ...

Page 7: ...Tab 67 Figure F 13 Authentication Methods 68 Figure F 14 Preshared Key 68 Figure F 15 New Preshared Key 68 Figure F 16 Tunnel Setting Tab 69 Figure F 17 Connection Type Tab 69 Figure F 18 Properties Screen 69 Figure F 19 IP Filter List Tab 70 Figure F 20 Filter Action Tab 70 Figure F 21 Authentication Methods Tab 70 Figure F 22 Preshared Key 71 Figure F 23 New Preshared Key 71 Figure F 24 Tunnel S...

Page 8: ... 100 Switch The four ports in the back of the Router are all auto detecting meaning that the Router can tell if you re connecting a straight through or cross over cable making this easier to use than ever Finally adding VPN network security to the Router allows you to secure data not just behind the Router but as it is transmitted over the Internet VPNs or Virtual Private Networks create virtual t...

Page 9: ...ppendix A Troubleshooting This appendix describes some possible problems and solutions as well as frequently asked questions regarding installation and use of the Router Appendix B Upgrading Firmware This appendix explains how you can upgrade the Router s firmware Appendix C Finding the MAC Address and IP Address for Your Ethernet Adapter This appendix instructs you on how to find the MAC address ...

Page 10: ...tworking Appendix I Specifications This appendix provides the technical specifications for the Router Appendix J Warranty Information This appendix supplies the warranty information for the Router Appendix K Regulatory Information This appendix supplies the regulatory information regarding the Router Appendix L Contact Information This appendix provides contact information for a variety of Linksys...

Page 11: ...the Internet the firewall will no longer protect that data At this point your data becomes open to hackers using a variety of methods to steal not only the data you are transmitting but also your network login and security data Some of the most common methods are as follows 1 MAC Address Spoofing Packets transmitted over a network either your local network or the Internet are preceded by a packet ...

Page 12: ...t between the two networks VPN was created as a cost effective alternative to using a private dedicated leased line for a private network Using industry standard encryption and authentication techniques IPSec short for IP Security the VPN creates a secure connection that in effect operates as if you were directly connected to your local network Virtual Private Networking can be used to create secu...

Page 13: ...example of a computer to VPN Router VPN In her hotel room a traveling businesswoman dials up her ISP Her notebook computer has VPN client software that is configured with her office s VPN settings She accesses the VPN client software that supports IPSec and connects to the VPN Router at the central office As VPNs utilize the Internet distance is not a factor Using the VPN the businesswoman now has...

Page 14: ...can be used in one of two ways If the Router is having problems connecting to the Internet press the Reset button for just a second with a paper clip or a pencil tip This is similar to pressing the Reset button on your PC to reboot it If you are experiencing extreme problems with the Router and have tried all other troubleshooting measures press and hold in the Reset button for 30 seconds This wil...

Page 15: ...stic test DMZ Green The DMZ LED indicates when the DMZ function is being used This LED will remain lit as long as DMZ is enabled Ethernet Green The Ethernet LED serves two purposes If the LED is continuously lit the Router is connected to a device through the corresponding port 1 2 3 or 4 If the LED is flashing the Router is actively sending or receiving data over that port Internet Green The Inte...

Page 16: ...e your PCs Configure the Router with the setting s provided by your Internet Service Provider ISP The installation technician from your ISP should have left the setup information with you after installing your broadband connection If not you can call your ISP to request the information Once you have the setup information for your specific type of Internet connection then you can begin installation...

Page 17: ...is step to connect more PCs or other network devices to the Router 3 Connect your cable or DSL modem s Ethernet cable to the Router s Internet port 4 Power on the cable or DSL modem 5 Connect the included power adapter to the Router s Power port and then plug the power adapter into an electrical outlet The Power LED on the front panel will light up as soon as the power adapter is connected properl...

Page 18: ...default password is admin To secure the Router change the password from its default Navigating the Utility There are six main tabs Setup Security Access Restrictions Applications Gaming Administration and Status Additional screens will be available from the main tabs Setup Basic Setup Enter the Internet connection and network settings on this screen DDNS To enable the Router s Dynamic Domain Name ...

Page 19: ...rding Use this screen to alter UPnP forwarding settings DMZ To allow one local user to be exposed to the Internet for use of special purpose services use this screen Administration Management On this screen alter the Router s password access privileges and UPnP settings Log You can view or save even email activity logs from this screen Diagnostics From this screen you can test network performance ...

Page 20: ...utton The Setup Tab The Setup tab is the first tab you see when you access the Web based Utility This tab is divided into four screens Basic Setup DDNS MAC Address Clone and Advanced Routing Each of these screens are described in detail below Basic Setup Internet Setup This section allows you to select the type of Internet setup and connection your network employs The Router supports six connectio...

Page 21: ...om your ISP IP Address This is the IP address that the Router has when seen from the Internet Your ISP will provide you with the IP Address you need to specify here Subnet Mask This is the Router s Subnet Mask as seen by external users on the Internet including your ISP Your ISP will provide you with the Subnet Mask Default Gateway Your ISP will provide you with the Default Gateway Address Primary...

Page 22: ... Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your PPPoE enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to Keep Alive The default Redial ...

Page 23: ...io button If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your RAS enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to Keep A...

Page 24: ...cally re establish your connection as soon as you attempt to access the Internet again If you wish to activate Connect on Demand click the radio button If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option...

Page 25: ...ton If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your PPPoE enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to Keep Alive...

Page 26: ...radio button If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your PPPoE enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to K...

Page 27: ...be 192 168 1 2 or greater because the default IP address for the Router is 192 168 1 1 Number of Address Optional Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to This number cannot be greater than 253 In order to determine the DHCP IP Address range add the starting IP address e g 100 to the number of DHCP users By default add 100 to 50 and the range is 192 1...

Page 28: ...use If you do not want to use this feature keep the default setting Disable DynDNS org User Name Password and Host Name Enter the User Name Password and Host Name of the account you set up with DynDNS org Internet IP Address The Router s current Internet IP Address is displayed here Because it is dynamic it will change Status The status of the DDNS service connection is displayed here TZO com Tab ...

Page 29: ...address cloning select Enable MAC Address To manually clone a MAC address enter the 12 digits of your adapter s MAC address in the on screen fields Then click the Save Settings button Clone If you want to clone the MAC address of the PC you are currently using to configure the Router then click the Clone button The Router will automatically detect your PC s MAC address so you do NOT have to call y...

Page 30: ...t the protocol you want RIP1 or RIP2 Static Routing If the Router is connected to more than one network it may be necessary to set up a static route between them A static route is a pre determined pathway that network information must travel to reach a specific host or network To create a static route alter the following settings Select Entry Select the number of the static route from the drop dow...

Page 31: ...ote network or host Hop Count This determines the maximum number of steps between network nodes that data packets will travel A node is any device on the network such as PCs print servers routers etc Interface Select LAN or Internet depending on the location of the static route s final destination Show Routing Table Click the Show Routing Table button to open a screen displaying how data is routed...

Page 32: ...ter Proxy Use of WAN proxy servers may compromise the Router s security Denying Filter Proxy will disable access to any WAN proxy servers To enable proxy filtering click Enabled Filter Cookies A cookie is data stored on your PC and used by Internet sites when you interact with them To enable cookie filtering click Enabled Filter Java Applets Java is a programming language for websites If you deny ...

Page 33: ...s the security The VPN tab allows you to configure your VPN settings to make your network more secure VPN Passthrough IPSec Passthrough Internet Protocol Security IPSec is a suite of protocols used to implement secure exchange of packets at the IP layer To allow IPSec Passthrough click the Enabled button To disable IPSec Passthrough click the Disabled button PPPoE Passthrough Point to Point Protoc...

Page 34: ...d Any Subnet If you select Subnet which is also the default this will allow all computers on the local subnet to access the tunnel When using the Subnet setting the default values of 0 should remain in the last fields of the IP and Mask settings IP Address If you select IP Address only the computer with the specific IP Address that you enter will be able to access the tunnel IP Range If you select...

Page 35: ... Encryption also helps make your connection more secure There are two different types of encryption DES or 3DES 3DES is recommended because it is more secure You may choose either of these but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel Or you may choose not to encrypt by selecting Disable Authentication Authentication acts as another ...

Page 36: ... screen will show when a tunnel is active To connect a VPN tunnel click the Connect button The View Logs button when logging is enabled on the Log screen of the Administration tab will show you VPN activity on a separate screen The VPN Log screen displays successful connections transmissions and receptions and the types of encryption used For more advanced VPN options click the Advanced Setting bu...

Page 37: ...eld you may optionally select to have the key expire at the end of a time period of your choosing Enter the number of seconds you d like the key to be used until a re key negotiation between each endpoint is completed Other Settings NetBIOS broadcast Check the box next to NetBIOS broadcast to enable NetBIOS traffic to pass through the VPN tunnel Anti replay Check the box next to Anti replay to ena...

Page 38: ...your changes Days Times When will this policy be in effect On every day At certain times Select if you wish to Allow or Deny access during the times in this section Select the individual days or select Everyday Select 24 Hours or enter a range of hours in which the policy will be in effect Blocked Services To block specific port services such as POP3 SNMP etc select the service you wish to block f...

Page 39: ...astly click the Save Settings button to activate the policy To Create an Inbound Traffic Policy 1 Enter a Policy Name in the field provided Select Inbound Traffic as the Policy Type 2 Enter the IP Address from which you want to block Select the Protocol TCP UDP or Both Enter the port number or select Any Enter the IP Address to which you want to block 3 Select Deny or Allow as appropriate 4 By sel...

Page 40: ...e using Forwarding you should assign a static IP address to the designated PC If you need to forward all ports to one PC click the DMZ tab To add a server using Port Range Forwarding complete the following fields Application Enter the name of the application Start and End Enter the number or range of external port s used by the server or Internet application Check with the Internet application sof...

Page 41: ...tart Port Enter the starting port number of the Triggered Range End Port Enter the ending port number of the Triggered Range Forwarded Range For each application list the forwarded port number range Check with the Internet application documentation for the port number s needed Start Port Enter the starting port number of the Forwarded Range End Port Enter the ending port number of the Forwarded Ra...

Page 42: ...r Protocol A version of the TCP IP FTP protocol that has no directory or password capability Finger A UNIX command widely used on the Internet to find out information about a particular user such as a telephone number whether the user is currently logged on and the last time the user was logged on The person being fingered must have placed his or her profile on the system in order for the informat...

Page 43: ... the server in the Ext Port column Check with the Internet application documentation for more information TCP or UDP Select the protocol UDP or TCP for each application You cannot select both protocols Int Port Enter the number of the internal port used by the server in the Int Port column Check with the Internet application software documentation for more information IP Address Enter the IP addre...

Page 44: ...ecify an IP Address behind the DMZ Port If you have multiple PCs connected to Port 4 DMZ via a hub or switch you can specify which PC is the DMZ host To expose a computer with a specific IP address enter that computer s IP address in this field To get the IP address of a computer refer to Appendix G Finding the MAC Address and IP Address for Your Ethernet Adapter Specify a MAC Address behind the D...

Page 45: ...er Access This feature allows you to access the Router from a remote location via the Internet Remote Administration This feature allows you to manage the Router from a remote location via the Internet To enable Remote Administration click the Enabled radio button Administration Port Enter the port number you will use to remotely access the Router SNMP The Router supports Simple Network Management...

Page 46: ...is is the IP Address or full mail server name e g mail domain com of your mail server Email address for alert logs This is the email address where you would like the email alerts sent Return email address Your mail server may require a return email address Enter that here If you re unsure as to what address to enter enter the same email address for Email address for alert logs Log To access activi...

Page 47: ...een 1 and 4 and should be entered here Ping Interval How long in milliseconds would you like the Router to wait between pings This number can be between 0 and 9999 milliseconds Ping Timeout How long should the Router wait before it times out after an unsuccessful test An unsuccessful test is determined when a location does not respond to a ping This number can be between 0 and 9999 milliseconds St...

Page 48: ... Before upgrading the firmware download the Router s firmware upgrade file from the Linksys website www linksys com Then extract the file File Path In the field provided enter the name of the extracted firmware upgrade file or click the Browse button to find this file Upgrade After you have selected the appropriate file click the Upgrade button located at the bottom of the screen and follow the on...

Page 49: ...n is displayed here Internet IP Address Your current IP address is shown here Subnet Mask and Default Gateway The Router s Subnet Mask and Default Gateway addresses are displayed here for DHCP and static IP connections DNS 1 3 Shown here is the DNS Domain Name System IP address currently used by the Router Current Time As selected from the Setup tab this will show the current time in your time zon...

Page 50: ...own here DHCP Server If the Router is being utilized as a DHCP server will be displayed here DHCP Client Table Click the DHCP Clients Table button to view a list of PCs that have been assigned IP addresses by the Router The DHCP Active IP Table screen lists the DHCP Server IP Address Client Hostnames IP Addresses and MAC Addresses To delete a DHCP Client select the box beside their information and...

Page 51: ... Click Start Settings and open the Control Panel Double click Network B In The following network components are installed box select the TCP IP associated with your Ethernet adapter If you only have one Ethernet adapter installed you will only see one TCP IP line with no association to an Ethernet adapter Highlight it and click the Properties button C In the TCP IP properties window select the IP ...

Page 52: ...perties window I Restart the computer if asked The following instructions assume you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like previous Windows versions please follow the instructions for Windows 2000 A Click Start and select the Control Panel B Click the Network and Internet Connections icon and then select the Net...

Page 53: ...f you cannot open a webpage try the ping command from a different computer to verify that your original computer is not the cause of the problem If you do NOT get a reply there may be a problem with the connection Try the ping command from a different computer to verify that your original computer is not the cause of the problem 3 I cannot get an Internet connection through the Router A Refer to P...

Page 54: ...hange the Router s IP address to another subnet to avoid a conflict between the VPN IP address and your local IP address For example if your VPN server assigns an IP address 192 168 1 X X is a number from 1 to 254 and your network PC s IP address is 192 168 1 X X is the same number used in the VPN IP address the Router will have difficulties routing information to the right location If you change ...

Page 55: ...hosting or use other Internet applications If you want to play online games or use Internet applications most will work without doing any port forwarding or DMZ hosting There may be cases when you want to host an online game or Internet application This would require you to set up the Router to deliver incoming packets or data to a specific computer This also applies to the Internet applications y...

Page 56: ...cessfully use DMZ hosting since forwarding has priority over DMZ hosting In other words data that enters the Router will be checked first by the forwarding settings If the port number that the data enters from does not have port forwarding then the Router will send the data to whichever PC or network device you set for DMZ hosting Follow these steps to set DMZ hosting A Access the Router s Web bas...

Page 57: ... the gateway for the Internet connection the computer does not need any proxy settings to gain access Please follow these directions to verify that you do not have any proxy settings and that the browser you use is set to connect directly to the network For Microsoft Internet Explorer 5 0 or higher A Click Start Settings and Control Panel Double click Internet Options B Click the Connections tab C...

Page 58: ...ddress settings for the computer you are using IP Address 192 168 1 50 Subnet Mask 255 255 255 0 Gateway 192 168 1 1 C Perform the upgrade using the TFTP program or the Router s Web based Utility through Firmware Upgrade screen of the Administration tab 14 My DSL service s PPPoE is always disconnecting PPPoE is not actually a dedicated or always on connection The DSL ISP can disconnect the service...

Page 59: ... asked The default password is admin C Click the Applications Gaming Port Triggering tab D Enter any name you want to use for the Application Name E Enter the Start and End Ports of the Triggered Port Range Check with your Internet application provider for more information on which outgoing port services it is using 17 When I enter a URL or IP address I get a time out error or am prompted to retry...

Page 60: ...idely used network monitoring and control protocol For more information on SNMP see Appendix G SNMP Functions What is the maximum number of IP addresses that the Router will support The Router will support up to 253 IP addresses Does the Router support IPSec Pass Through Yes it is a built in feature that the Router automatically enables Where is the Router installed on the network In a typical env...

Page 61: ...annot join What do I need to do If you have a dedicated Unreal Tournament server running you need to create a static IP for each of the network s computers and forward ports 7777 7778 7779 7780 7781 and 27900 to the IP address of the server You can also use a port forwarding range of 7777 27900 If you want to use the UT Server Admin forward another port 8080 usually works well but is used for remo...

Page 62: ...ownloaded for free The Router s firmware can be upgraded with TFTP programs If the Router s Internet connection is working well there is no need to download a newer firmware version unless that version contains new features that you would like to use Downloading a more current version of Router firmware will not enhance the quality or speed of your Internet connection and may disrupt your current ...

Page 63: ...er cross platform compatible Any platform that supports Ethernet and TCP IP is compatible with the Router How many ports can be simultaneously forwarded Theoretically the Router can establish 520 sessions at the same time but you can only forward 10 ranges of ports Does the Router replace a modem Is there a cable or DSL modem in the Router No this version of the Router must work in conjunction wit...

Page 64: ...er s firmware follow these instructions 1 Download the Router s firmware upgrade file from the Linksys website www linksys com 2 Extract the file on your computer 3 Click the Administration tab and then the Firmware Upgrade tab of the Router s Web based Utility 4 On the Upgrade Firmware screen enter the location of the extracted firmware upgrade file or click the Browse button to find this file 5 ...

Page 65: ...ct Run In the Open field enter winipcfg Then press the Enter key or the OK button 2 When the IP Configuration screen appears select the Ethernet adapter you have connected to the Router via a CAT 5 Ethernet network cable 3 Write down the Adapter Address as shown on your computer screen This is the MAC address for your Ethernet adapter and is shown as a series of numbers and letters The MAC address...

Page 66: ...s what you will use for MAC address cloning or MAC filtering The example shows the Ethernet adapter s IP address as 192 168 1 100 Your computer may show something different For the Router s Web based Utility For MAC filtering enter the 12 digit MAC address in this format XXXXXXXXXXXX WITHOUT the hyphens For MAC address cloning enter the 12 digit MAC address in the MAC Address fields provided two d...

Page 67: ...ommunicate over a wired or wireless network Your PCs will not be able to utilize networking without having TCP IP enabled Windows Help provides complete instructions on enabling TCP IP Shared Resources If you wish to share printers folders or files over your network Windows Help provides complete instructions on utilizing shared resources Network Neighborhood My Network Places Other PCs on your ne...

Page 68: ...FS Perfect Forward Secrecy not only are the IP headers encrypted but the secret keys used to secure the tunnel are encrypted as well All of this protection actually comes at a lower cost than most VPN endpoint software packages The VPN Router will allow the users on your network to secure their data over the Internet without having to purchase the extra client licenses that other VPN hardware manu...

Page 69: ...S encryption and SHA authentication whenever possible 5 Manage your pre shared keys Change pre shared keys regularly Data transmission over the Internet is a hole in network security that is often overlooked With VPN maximized along with the use of a firewall router and wireless security you can secure your data even when it leaves your network ...

Page 70: ... asp Microsoft KB Q257225 Basic IPSec Troubleshooting in Windows 2000 http support microsoft com support kb articles Q257 2 25 asp Environment The IP addresses and other specifics mentioned in this appendix are for illustration purposes only Windows 2000 or Windows XP IP Address 140 111 1 2 User ISP provides IP Address this is only an example Subnet Mask 255 255 255 0 WAG54G WAN IP Address 140 111...

Page 71: ...xt button 5 Click the Finish button making sure the Edit check box is checked Step 2 Build Filter Lists Filter List 1 win Router 1 In the new policy s properties screen verify that the Rules tab is selected as shown in Figure F 2 Deselect the Use Add Wizard check box and click the Add button to create a new rule 2 Make sure the IP Filter List tab is selected and click the Add button See Figure F 3...

Page 72: ...d Subnet mask 255 255 255 0 These are the Router s default settings If you have changed these settings enter your new values 4 If you want to enter a description for your filter click the Description tab and enter the description there 5 Click the OK button Then click the OK or Close button on the IP Filter List window Filter List 2 Router win 6 The New Rule Properties screen will appear as shown ...

Page 73: ... specific IP Subnet and enter the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 Enter your new values if you have changed the default settings In the Destination address field select My IP Address 9 If you want to enter a description for your filter click the Description tab and enter the description there 10 Click the OK or Close button and the New Rule Properties screen should appear with...

Page 74: ... Router 2 Click the Filter Action tab as in Figure F 11 and click the filter action Require Security radio button Then click the Edit button 3 From the Security Methods tab shown in Figure F 12 verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK butt...

Page 75: ...on 5 Change the authentication method to Use this string to protect the key exchange preshared key as shown in Figure F 14 and enter the preshared key string such as XYZ12345 Click the OK button 6 This new Preshared key will be displayed in Figure F 15 Click the Apply button to continue if it appears on your screen otherwise proceed to the next step Figure F 13 Authentication Methods Figure F 14 P...

Page 76: ... enter the Router s WAN IP Address 8 Select the Connection Type tab as shown in Figure F 17 and click All network connections Then click the OK or Close button to finish this rule Tunnel 2 Router win 9 In the new policy s properties screen shown in Figure F 18 make sure that win Router is selected and deselect the Use Add Wizard check box Then click the Add button to create the second IP filter Fi...

Page 77: ... F 20 Then click the Edit button From the Security Methods tab shown in Figure F 12 verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK button 12 Click the Authentication Methods tab and verify that the authentication method Kerberos is selected as s...

Page 78: ... is a sample key string Yours should be a key that is unique but easy to remember Then click the OK button 14 This new Preshared key will be displayed in Figure F 23 Click the Apply button to continue if it appears on your screen otherwise proceed to the next step 15 Click the Tunnel Setting tab shown in Figure F 24 click the radio button for The tunnel endpoint is specified by this IP Address and...

Page 79: ... connections Then click the OK or Close button to finish 17 From the Rules tab shown in Figure F 26 click the OK or Close button to return to the secpol screen Step 4 Assign New IPSec Policy In the IP Security Policies on Local Computer window shown in Figure F 27 right click the policy named to_Router and click Assign A green arrow appears in the folder icon Figure F 25 Connection Type Figure F 2...

Page 80: ...urity Router fields 7 Select fromtwo different types of encryption DES or 3DES 3DES is recommended because it is more secure You may choose either of these but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel Or you may choose not to encrypt by selecting Disable 8 Select from two types of authentication MD5 and SHA SHA is recommended becaus...

Page 81: ...N Router to the workstation console used to oversee the network The Router then returns information contained in a MIB Management Information Base which is a data structure that defines what is obtainable from the device and what can be controlled turned off on etc SNMP functions such as statistics configuration and device information are not available without third party Management Software The R...

Page 82: ... A device that connects a computer to the cable television network which in turn connects to the Internet DDNS Dynamic Domain Name System Allows the hosting of a website FTP server or e mail server with a fixed domain name e g www xyz com and a dynamic IP address DHCP Dynamic Host Configuration Protocol A networking protocol that allows administrators to assign temporary IP addresses to network co...

Page 83: ...nects networks with different incompatible communications protocols Hardware The physical aspect of computers telecommunications and other information technology devices HTTP HyperText Transport Protocol The communications protocol used to connect to servers on the World Wide Web IEEE The Institute of Electrical and Electronics Engineers An independent institute that develops networking standards ...

Page 84: ... Protocol 3 A standard mail server commonly used on the Internet Port The connection point on a computer or networking device used for plugging in cables or adapters PPPoE Point to Point Protocol over Ethernet A type of broadband connection that provides authentication username and password in addition to data transport PPTP Point to Point Tunneling Protocol A VPN protocol that allows the Point to...

Page 85: ...municate over a network Telnet A user command and TCP IP protocol used for accessing remote PCs TFTP Trivial File Transfer Protocol A version of the TCP IP FTP protocol that has no directory or password capability Throughput The amount of data moved successfully from one node to another in a given time period UDP User Datagram Protocol A network protocol for transmitting data that does not require...

Page 86: ...s One Power Port Buttons Reset Cabling Type UTP Category 5 or better LEDs Power DMZ Ethernet Internet Dimensions 7 32 x 1 88 x 6 06 186 mm x 48 mm x 154 mm Unit Weight 13 40 oz 0 38 kg Power External 12V DC 1000mA Certifications FCC Class B CE Mark VCCI Operating Temp 0ºC to 40ºC 32ºF to 104ºF Storage Temp 20ºC to 70ºC 4ºF to 158ºF Operating Humidity 0 to 85 Non Condensing Storage Humidity 5 to 90...

Page 87: ... REPRESENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF NON INFRINGEMENT ARE DISCLAIMED Some jurisdictions do not allow limitations on how long an implied warranty lasts so the above limitation may not apply to You This warranty gives You specific legal rights and You may also have other rights which vary by jurisdiction This warranty does not apply if the Product a has been altered exce...

Page 88: ...ce by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment or devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an experienced radio TV technician for assistance FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled env...

Page 89: ...ore about networking with Linksys products Give our advice line a call at 800 546 5797 LINKSYS Or fax your request in to 949 261 8868 If you experience problems with any Linksys product you can call us at 800 326 7114 Don t wish to call You can e mail us at support linksys com If any Linksys product proves defective during its warranty period you can call the Linksys Return Merchandise Authorizati...

Reviews:

No comments

Related manuals for BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router

Patton electronics 4520 Specification Sheet preview
4520
Brand: Patton electronics Pages: 2
Patton electronics 4520 Getting Started Manual preview
4520
Brand: Patton electronics Pages: 86
LaCie 5big Network 2 Datasheet preview
5big Network 2
Brand: LaCie Pages: 4
LaCie d2 Network 2 Datasheet preview
d2 Network 2
Brand: LaCie Pages: 4
LaCie 2big Network 2 Datasheet preview
2big Network 2
Brand: LaCie Pages: 4
FOR-A MFR-4000 Operation Manual preview
MFR-4000
Brand: FOR-A Pages: 72
red lion Yaskawa 2000 Information Sheet preview
Yaskawa 2000
Brand: red lion Pages: 5
QTech QSW-2900 User Manual preview
QSW-2900
Brand: QTech Pages: 406
TRENDnet TEW-823DRU Quick Installation Manual preview
TEW-823DRU
Brand: TRENDnet Pages: 10
Net Optics Phantom HD Quick Install Manual preview
Phantom HD
Brand: Net Optics Pages: 2
Proxim 68568r1 Installation And Management Manual preview
68568r1
Brand: Proxim Pages: 65
Proxim Stratum Installation And Maintenance Manual preview
Stratum
Brand: Proxim Pages: 89
Planet IEEE 802.3at User Manual preview
IEEE 802.3at
Brand: Planet Pages: 2
Billion BiPAC 7500G Specifications preview
BiPAC 7500G
Brand: Billion Pages: 2
NETGEAR Insight WAC540 User Manual preview
Insight WAC540
Brand: NETGEAR Pages: 232
Ubiquiti 3GStation Carrier Quick Start Manual preview
3GStation Carrier
Brand: Ubiquiti Pages: 24
Digi TransPort WR54 Hardware Reference Manual preview
TransPort WR54
Brand: Digi Pages: 33
ADTRAN JOBAID T200 IDSL Quick Start Manual preview
JOBAID T200 IDSL
Brand: ADTRAN Pages: 2

Brands by name

Popular brands

Load more brands