manualshive.com logo in svg

Siemens 5881, User Manual

The Siemens 5881 User Manual is a comprehensive guide that provides step-by-step instructions for the optimal use of this state-of-the-art product. It is available for free download on our website, ensuring easy access to the manual anytime, anywhere. Maximize your product experience by obtaining the manual from manualshive.com.

Share
Download
background image

SIEMENS 5881 Broadband Internet Router
User’s Guide

Chapter 6  Security Setup

NAT

SIEMENS

50

Configure the NAT Server

To configure NAT for inbound traffic:

1. Click 

NAT Server

 on the left navigation pane. This displays the NAT Server Settings page. 

2. Select the interface you want to configure from the 

Source Interface

 drop-down menu.

3. Do one of the following:

Select the network service you are configuring from the 

Service 

drop-down menu for Easy Setup.

 

This 

configures NAT to support the most common network services.

 

For Advanced Setup, select a protocol from the 

Protocol

 drop-down menu and specify a 

First Port # 

to 

assign a port number for the protocol to use. To assign a range of port numbers,

 

specify a 

Last Port # 

as well. 

4. Enter the IP address of the local machine in 

IP Address

5. Do one of the following to enter port

 

Information for the selected service:

Click 

Add

 next to 

Default Port #

 to use the default port for the specified service.

Enter the port number on the local machine you want the specified service to use in 

Port #

, and click 

Add

. Leave this field blank if you want the local machine to use the same port number as the WAN.

Summary of Contents for 5881

Page 1: ...Part No 107 5883 001 SIEMENS Business Class 5881 Broadband Internet Router User s Guide ...

Page 2: ...iber Networks warrants that the Hardware will be free from defects in materials and workmanship and will perform substantially in compliance with the user documentation relating to the Hardware for a period of one year from the date the original end user received the Hardware 2 Software Siemens Subscriber Networks warrants that the Software will perform substantially in compliance with the end use...

Page 3: ...r authorizes any authorized service center or any other person or entity to assume for it any other obligation or liability beyond that which is expressly provided for in this Limited Warranty including the provider or seller of any extended warranty or service agreement The Limited Warranty period for Siemens Subscriber Networks supplied attachments and accessories is specifically defined within ...

Page 4: ...rentiated Services Quality of Service provisioning 4 IP Address Translation 4 PPP RFC 1661 4 Security 5 Chapter 2 Installation Installation Requirements 6 Package Contents 6 PC Requirements 6 Network Service Provider Requirements 6 Hardware Installation 7 PC Configuration 8 Windows 98 ME 8 Windows NT 4 9 Windows 2000 10 Windows XP 11 Mac OS 9 x 12 Mac OSX 13 Linux 14 Configuring the Router 15 Esta...

Page 5: ...ighted Fair Queuing 37 Configure QoS Policy 39 Reorder QoS Policies 41 Routing Table Configuration 42 Dial Backup 43 Switch Management 44 Switch Age Time 45 Command Line Interface 46 File Editor 47 Chapter 6 Security Setup NAT 49 Configure NAT 49 Configure the NAT Server 50 Configure Host Mapping 51 SNMP 52 SNMP IP Filter 53 SNMP Password 53 Secure Shell 54 Configure SSH 55 Load Keys 56 Key Genera...

Page 6: ...System Summary 75 Ethernet Interface Information 76 Remote Connection Information 76 IP Routing Information 77 System Information 77 Diagnostics 78 PPPoE Session 78 Interface Information 79 Routing Table Information 79 Files Information 80 Memory Usage 80 List All Configuration Data 81 TCP IP Statistics 81 ...

Page 7: ...heartbeat Router is shut down U TX Green Green blinking Yellow blinking Off Ethernet link detected Traffic on Untrusted interface Traffic on DMZ port No current transmit traffic on Untrusted interface U RX Green Green blinking Yellow blinking Off Ethernet link detected Receiving data on Untrusted interface Receiving data on DMZ port No current recieve traffic on Untrusted interface T TX Green Gree...

Page 8: ... 5881 router Connection Function Power Switch Enables and disables power to the system Power Connector Power cord connection for internal power supply Trusted Four port full duplex 10 100 BaseT Ethernet Switch RJ 45 Untrusted Single full duplex 10 100 BaseT switched Ethernet port RJ 45 MGMT This 8 pin RJ 45 port provides RS232 connectivity for console connections or a dial backup analog modem conn...

Page 9: ...uirements AC Voltage 100 to 120V AC or 220 to 240V AC Frequency 50 60 Hz Consumption 10W maximum Built in power supply with on off switch Processor Motorola 64 MHz MPC875 8 MB DRAM 4 MB Flash Memory 3DES DES MD5 SHA hardware assist AES hardware encryption assist Ethernet Interfaces Trusted Ethernet Interface Four port full duplex 10 100 BaseT Ethernet switch 8 pin RJ 45 Untrusted WAN Ethernet Inte...

Page 10: ...terface User selectable fail restore criteria Supports L2TP and IPSec tunnel failover Optional modem connector DB9 or DB25 Routing TCP IP with RIP1 RFC 1058 RIP1 compatible and RIP2 RFC 1389 or static routing on the LAN or WAN Novell IPX with RIP SAP RFC 1552 DHCP client RFC 2132 DHCP server Automatic assignment of IP address mask default gateway and DNS server addresses to workstations RFC 2131 2...

Page 11: ... 1334 RFC 1994 Password control for Configuration Manager SNMP password and community name reassignment HTTP Syslog SNMP Telnet port reassignment access control list VPN support L2TP IPSec IKE DES 3DES AES Firewall IP filtering Stateful Firewall ICSA Compliant Secure Management Communications IPsec and SSH Radius Server support TACACS Server support VPN Hardware Acceleration support SNMP V3 ...

Page 12: ... contact the dealer from whom the equipment was purchased One Siemens 5881 Ethernet Wireless LAN Router One Siemens Documentation CD ROM One AC power supply module w cord Two RJ 45 Ethernet cables One RJ 45 to DB 9 serial port adapter console PC Requirements At a minimum your computer must be equipped with the following to successfully install the broadband Internet router CD ROM Drive Ethernet ne...

Page 13: ...e harware connections 1 With the PC powered off connect your PC directly to any of the router s Ethernet ports on the back panel labeled TRUSTED using one of the RJ 45 cables provided You may also connect additional Ethernet devices to the router s Ethernet ports using additional RJ 45 cables not provided 2 Connect the other end of the Ethernet cable to the Ethernet port on the PC 3 Connect your E...

Page 14: ...nted Select the Operating System installed on the PC connected to the router from the list below and follow the associated procedure Windows 98 ME 1 Click Start Control Panel Network This displays the Configuration tab on the Network window 2 Select TCP IP protocol for your network card 3 Click Properties This displays the TCP IP Properties window 4 Click the IP Address tab 5 Ensure that the Obtai...

Page 15: ...the Network window 2 Click the Protocols tab 3 Select TCP IP Protocol from the Network Protocols list 4 Click Properties This displays the Microsoft TCP IP Properties window 5 Click the IP Address tab 6 On the IP Address tab select Obtain an IP address from a DHCP server 7 Click OK to close each dialog 8 Restart the PC to ensure it obtains an IP address from the router 9 Configure the router ...

Page 16: ...w 3 Right click Local Area Connections and select Properties This displays the Local Area Connections Properties window 4 Select Internet Protocol TCP IP from the list of components 5 Click Properties This displays the Internet Protocol TCP IP Properties window 6 Ensure that the Obtain an IP address automatically and Obtain DNS server address automatically options are selected 7 Click OK to close ...

Page 17: ... Connection window 3 Right click Local Area Connection then click Properties This displays the Local Area Connection Properties window 4 Select Internet Protocol TCP IP 5 Click Properties This displays the Internet Protocol TCP IP Properties window 6 Ensure the Obtain an IP address automatically and Obtain DNS server address automatically options are selected 7 Restart the PC to ensure it obtains ...

Page 18: ...pple Control Panels TCP IP This displays the TCP IP Control Panel window 2 Select Ethernet from the Connect via drop down menu 3 Select Using DHCP Server from the Configure drop down menu 4 Complete the fields shown with any information supplied by your service provider 5 Close window and save changes 6 Configure the router ...

Page 19: ... Preferences window 2 Double click the Network icon under the Internet Network section This displays the Network window 3 Select Ethernet from the Connect via drop down menu 4 Select Using DHCP Server from the Configure drop down menu 5 Enter any information supplied by your service provider 6 Click Apply Now to save and exit the Network window 7 Configure the router ...

Page 20: ...e Config window 2 Click the Adaptor tab 3 Enter any information specified by your service provider in the fields under the appropriate Adapter tab 4 When settings are completed click Accept This displays the Status of the system tab 5 To update the system status ensure that the Activate the changes button is highlighted then click Act Changes 6 Configure the router ...

Page 21: ...gement Interface is accessible through most HTML browsers though Internet Explorer 4 0 or Netscape 4 0 and higher are recommended Refer to the Technical Reference Guide for details on managing the router through the CLI Establish Connection To establish a connection from your computer to the router through your Web browser 1 Open your Internet Explorer or Netscape Navigator Web browser 2 In the Ad...

Page 22: ...work settings Wireless Status Displays the status of the wireless LAN In the left navigation pane of this page there are configuration diagnostic and status and statistic options for the router In this document these features are grouped according to User Access Control Advanced Router Functions Security and Monitoring Health and Status Use the table below to locate detailed instructions for the d...

Page 23: ... the router You can exit the Easy Setup Wizard at anytime by clicking Cancel on the bottom of the configuration page If the wizard is cancelled no changes will be made and you will need to begin again Select Protocol When you click Easy Setup in the left navigation pane of the Router Information page the Untrusted Interface Configuration page is displayed This page is used to enter information for...

Page 24: ...single public IP address All outgoing traffic appears to originate from the router s IP address 5 Click Next This displays the Dynamic Host Configuration Protocol page Not Using PPPoE If you will establish the connection based on IP addressing you selected Not Using PPPoE Perform the following steps to complete setting up the router 1 IP Routing routes all IP packets for remote hosts to the WAN Sp...

Page 25: ... Select one of the following to configure the Domain Name Service Obtain DNS information automatically The DNS server address will be learned when DHCP client requests are placed over the WAN link Configure DNS manually Define DNS server address manually from information you get from your service provider If you select this option provide the following information Domain Name The router s DNS doma...

Page 26: ...rotocol SIEMENS 20 3 Click Next This displays the Trusted Interface Configuration page 4 Enter the IP Address and Subnet Mask of the router The IP address must be unique unless Network Address Translation NAT is enabled 5 Click Save and Reboot You are prompted to confirm the reboot ...

Page 27: ...figure the Radius Server and configure the Tacplus Server Click Home at anytime to return to the Router Information page To access one of these options click its link on the User Management page Use the table below to locate detailed instructions for the desired function User Management Manage user accounts Change Password Change user password Access Control Configure remote access to the router c...

Page 28: ...s user account Select one of the buttons at the top of this page to automatically assign pre set privileges to the user based on common user roles Refer to Management Classes for details on the privileges automatically assigned to each role Manually select the management activity you want to assign to this user account For each management activity class click to select Read Read Write privileges f...

Page 29: ...r Setup User Management SIEMENS 23 Deleting A User Account To delete a user account 1 Select the name of the account you want to delete in the Select User list on the User Management page then click Delete User 2 When prompted click OK to confirm the account deletion ...

Page 30: ...ou specify both a primary and secondary database and the user is not found in the primary database the secondary database is searched To configure where user s are authenticated identified 1 Click User Lookup Config on the left navigation pane of the User Management page This displays the User Lookup Configuration page 2 Specify one of the following databases for Primary and for Secondary If the u...

Page 31: ... displays the Secure Mode Configuration page 2 Do one of the following for Secure Mode Click the box next to Enabled so a check mark appears This enables secure mode Click the box next to Enabled so there is no check mark This disables secure mode 3 If you enabled secure mode select one of the following for Ethernet 0 Interface and Ethernet 1 Interface Trusted A trusted interface does not have to ...

Page 32: ...e password is hidden using a method based on the RSA Message Digest Algorithm MD5 3 The access request is submitted to the RADIUS server via the network If no response is returned within a length of time the request is re sent a specified number of times The router s RADIUS client can also forward requests to a secondary server in the event that the primary server is down or unreachable Once the R...

Page 33: ... Tacplus Server Configuration page 2 In Timeout enter the number of seconds to between retry attempts when the Tacplus Server cannot be reached 3 In Retry enter the number of times the Tacplus Server should be contacted before attempting to connect to the secondary server 4 In CACHE Timeout enter the number of seconds that must pass before the user must be authenticated again 5 For Primary and opt...

Page 34: ...ccount by issuing multiple commands or you can use one of the pre defined templates that group multiple management classes for a logically defined user type When using the template method Access privileges for WAN LAN and Console are granted by default The following table lists the privileges given to each logically defined user type Super User Mgmt Class read Network System Admin Voice Security D...

Page 35: ...ds are changed from the Change Password page To change a user password 1 Click Change Password from the left navigation pane on the Router Information page This displays the Change Password page 2 Enter the new password for the Current User in Enter New Password and New Password again boxes 3 Click Apply to save the new password ...

Page 36: ...ck in the box next to the method specifies enabled If disabled any access restriction specification is disregarded Telnet Web SNMP 3 For each remote access method selected specify any access restrictions This can be one of the following No access restrictions Remote access method is enabled and not restricted This setting allows access from all hosts Allowed from LAN Limits access to the host from...

Page 37: ... actively manages network resources to sustain service levels for priority applications Routing Table Configuration Configure multiple routing tables for a single host Dial Backup Enable a backup connection to the Internet through an internal V 90 model 5835 only or an external asynchronous modem connected to the Console port Switch Management Manage the Ethernet 10 100 switching ports located on ...

Page 38: ...nly when you require this special level of unrestricted access as it leaves your router and network exposed to the Internet with no firewall protection To configure DMZ 1 Click DMZ on the left navigation pane of the Router Information page This displays the DMZ Configuration page 2 Select enable or disable to enable or disable DMZ Port 3 If you selected enable enter the IP Address and Subnet Mask ...

Page 39: ...Note that a list of network clients that are currently leasing their IP addresses from the pool are shown in Current DHCP Leases List From left to right the following information is presented for each client Client IP The leased IP address assigned to the specific client State Whether the IP address is enabled or disabled Host Name Name of the host leasing the specific IP address Expires mm dd yy ...

Page 40: ...set the current date and time on the router 1 Click Router Clock on the left navigation pane of the Router Information page This displays the Current Date and Time page 2 The current date and time from your PC are displayed in the field labeled Current Date and Time To synchronize the date and time on your router with the current date and time displayed click Synchronize Router Clock ...

Page 41: ...d the router s DHCP server disables itself As a DHCP client by requesting that an IP address be assigned to the WAN side port of the router As a relay by passing through client requests from the LAN side onto the WAN asking for IP address assignment and relaying responses back to the appropriate client DHCP Dynamic Host Configuration Protocol is a TCP IP service protocol that provides dynamic leas...

Page 42: ...rom the pool are shown in Current DHCP Leases List From left to right the following information is presented for each client Client IP The leased IP address assigned to the specific client State Whether the IP address is enabled or disabled Host Name Name of the host leasing the specific IP address Expires mm dd yy Date when the IP address lease will expire At that time if not before the leased IP...

Page 43: ...ple e mail streaming video voice according to defined policies DiffServ is suited to Metropolitan Area Networks or private networks where control over the infrastructure is guaranteed and differentiated services can be deployed end to end To employ DiffServ each packet of data is tagged with a six bit pattern known as the DiffServ CodePoint DSCP replacing the three IP precedence bits in the ToS by...

Page 44: ...page shows the current settings as well as provides a means to change the current settings 2 Select one of the following from QoS Status to enable or disable QoS On QoS will forward packets and set diffserv marking based on user defined mapping rules and enabled QoS policies Off QoS will forward packets based on pre defined mapping rules and enabled QoS policies 3 To enable or disable marking of t...

Page 45: ...navigation pane of the QoS Configuration page This displays the QoS Policy Setting page 2 Click Create This expands the QoS Policy Setting page To modify or delete an existing policy select the policy in the IP Policy List drop down menu and click Modify or Delete 3 In Policy Name enter a unique name to identify the policy 4 In Status select Enable or Disable to enable or disable the QoS policy Di...

Page 46: ...ce port checking 9 In Destination Port select one of the following From To Enter the destination port or range of destination ports to match in the destination port check From the drop down menu select the application to match in the destination port check Do not care Disables destination port checking 10 From the Priority drop down menu select the priority to place on this policy if match criteri...

Page 47: ... List drop down menu and click Move This expands the QoS Policy Setting page 2 To specify the new location select one of the following to the end Moves the policy to the end of the policy list before policy Select the name of the policy where you want to move the Policy in the policy name drop down menu The policy will be moved to the location immediately preceding the policy specified in before p...

Page 48: ...source address is 192 168 254 10 it checks if that address is within the address range defined for a virtual routing table If it is the virtual routing table is used to route the packet If it is not the default routing table is used instead To configure additional routing tables 1 Click Routing Table Configuration on the left navigation pane of the Router Information page This displays the Routing...

Page 49: ...nnected to the console port This backup connection can be activated in the event of WAN service interruption During an interruption to the WAN interface connection the router will use the dial backup modem connection while waiting for WAN service to be restored Once the WAN link is active again Dial Backup will automatically switch back to the WAN service This feature may also be useful for a cust...

Page 50: ...rovide port status and link activity Labeling is provided for port identification To manage the switches using the web interface click Switch Management on the left navigation pane of the Router Information page This displays the Switch Status page The Switch Status page provides a graphical representation of the switch port information including connection speed mode and port status and provides ...

Page 51: ...C address entry is removed from the table containing this information To configure Switch Age Time 1 Click Aging Time Configuration from the left navigation pane of the Switch Status page This displays the Switch Aging Time Configuration page 2 In Ageing Time enter the number of seconds that must pass before the port MAC address entry is removed from the table This can be a number between 10 and 1...

Page 52: ...face to enter CLI commands Refer to the Command Line Interface Guide for available commands To execute a CLI command from the web interface 1 Click Command Line Interface on the left navigation pane of the Router Information window This displays the Execute a CLI command page 2 In the field provided enter the desired command 3 Click Execute The response will be displayed in the Output Window ...

Page 53: ... on the left navigation pane of the Router Information window This displays the File Editor page with a list of stored files in the left navigation pane 2 Do one of the following To create a new file enter file text in the editing window and the name of the file in File name using filename txt format then click Save To edit an existing file click the file you want to edit on the left navigation pa...

Page 54: ...nt and a management agent Secure Shell Secure Shell SSH secures network services over an insecure network such as the public Internet Firewall Scripts Secures network and data communications with built in firewall capabilities A firewall is any combination of hardware and software that secures a network and traffic on the network to prevent interception or intrusion Stateful Firewall An IP filteri...

Page 55: ...NAT To configure NAT for outbound traffic 1 Click NAT on the left navigation pane of the Router Information page This displays the NAT Configuration page 2 For NAT Passthrough select Enable or Disable to specify whether or not multiple VPN clients are allowed Enabled multiple VPN clients are allowed disabled only a single VPN client is allowed 3 Click Apply 4 In the Outbound NAT Setting section of...

Page 56: ...s NAT to support the most common network services For Advanced Setup select a protocol from the Protocol drop down menu and specify a First Port to assign a port number for the protocol to use To assign a range of port numbers specify a Last Port as well 4 Enter the IP address of the local machine in IP Address 5 Do one of the following to enter port Information for the selected service Click Add ...

Page 57: ... to configure from the Interface drop down menu 3 In Beginning LAN IP enter the first private IP address you want to map to a public address 4 In Ending LAN IP enter the last private IP address you want to map to a public address 5 In Beginning WAN IP enter the first public IP address you want to map to a private IP address It is only necessary to specify a starting IP address The rest of the addr...

Page 58: ...to request information from a community rather than each node agent individually 3 In Write Communicty String enter the name of the SNMP write community to which the router belongs 4 In Port Number select one of the following Port Number Enter the desired number in the field next to Port Number Disable Disables the SNMP port Default Sets the port to the default port of 161 5 In Enabled Interfaces ...

Page 59: ...ge The current IP filter ranges are displayed in the IP Addresses 2 In Start IP Range enter the first IP address in the range to be filtered 3 In End IP Range enter the last IP address in the range to be filtered 4 Optionally click LAN 5 Click Add IP Range SNMP Password An SNMP password is used to authenticate an SNMP Manager Once authenticated SNMP set requests will be performed To set the SNMP P...

Page 60: ...of traffic to and from the system including passwords SSH also provides secure FTP type file transfers To access the Secure Shell configuration pages click Secure Shell from the left navigation pane on the Router Information page This displays the Secure Shell SSH Configuration List page This page displays the current SSH configuration settings as well as provides links to the other SSH configurat...

Page 61: ...ption type is realized and the client adheres to the server encryption mode If the encryption method is not supported on the client side the connection will fail 4 For MAC select the type of Message Authentication Code to use for the SSH connection 5 For Port select one of the following to specify the port that the SSH server listens on Default Sets the SSH port to the default port of 22 Disable D...

Page 62: ...urce file Refer to the section title Key Generator for details on generating the key pair on the router To load the key pair from a source file 1 Click Load Keys on the left navigation pane of the Secure Shell SSH Configuration List page This displays the Load Private and Public Keys from file page 2 Do one of the following Select Public key to load a public key from a file Select Private key to l...

Page 63: ...ur to complete When started the user will be redirected to a status page that is refreshed every 60 seconds The status page indicates whether the task is running When the task is no longer running results are displayed Once the task is started you can close this page and the Keygen function will continue You can reopen it anytime by clicking Key Generator Status on the left navigation pane of the ...

Page 64: ...rchitecture and requirements of their network Siemens Subscriber Networks cannot be liable for security violations due to inadequate or incorrect firewall configurations To load a firewall script perform the following 1 Click Firewall Scripts on the left navigation pane of the Secure Shell SSH Configuration List page This displays the Run a Firewall Script page 2 Select the desired Firewall Streng...

Page 65: ...outgoing packets and gathers information from them for example IP address information port number to create state information for that session When an incoming packet is received the Stateful Firewall checks the packet against the state information it has maintained and accepts the packet if the packet belongs to the session By default the firewall is disabled and your system is vulnerable until t...

Page 66: ...st be dropped before a message is logged to the console The default value is 200 packets per second 5 In UDP Packet Threshold Setting specify the number of UDP Packets per second that can be received When this number is exceeded the firewall blocks any subsequent UDP packets The default value is 1000 UDP packets per second 6 In ICMP Ping Packet Threshold Setting specify the number of ICMP Ping Pac...

Page 67: ...ation pane of the Stateful Firewall Configuration page This displays the Firewall Dropped Packet List page 2 Do one of the following Specify the number of dropped packets to view from 1 to 200 Netscape 4 users may have to wait a very long time to get the complete list of 200 displayed Select a smaller value for viewing if this is the case Click Default to view the most recent 200 dropped packets 3...

Page 68: ...t is evaluated the Deny rules are applied first then the Allow rules 2 Select one of the following Click Allow Rule List to define a new rule that allows an action if the action matches the specified criteria Click Deny Rule List to defne a new rule that denies an action if the action matches the specified criteria Select an existing rule from the Allow Rule List or Deny Rule List drop down menu 3...

Page 69: ...CMP Type for matching the packet source and ICMP Code for matching the packet destination Application Select the application that must match from the Application drop down menu 5 For Source and Destination under Address optionally specify the First IP and Last IP addresses to define the source and destination IP address boundaries to apply to the firewall rule The packet must have a source destina...

Page 70: ...of the Stateful Firewall Configuration page This displays the Firewall Rule Configuration page 2 Click Delete This expands the Firewall Rule Configuration page 3 Select the rule list s or range of rules you want to delete To delete a single rule only enter a number in the from field When entering a range of rules to be deleted the rule range specified is inclusive of the first and last rules 4 Cli...

Page 71: ...ons IPSec sessions are established through Security Associations SAs that enable secure devices to negotiate a level of security attributes needed for a Virtual Private Network VPN To configure IKE IPSec 1 Click IKE IPSec Configuration from the left navigation pane of the Router Information window This displays the IKE IPSec Information page 2 Select one of the following from the left navigation p...

Page 72: ... a logical name for an IKE Peer This name is of no importance to the remote IKE peer Choose a name that is meaningful to you 3 In Pre shared Secret enter a case sensitive character string used for authentication This secret can be up to 256 characters with no spaces or non printable characters The pre shared secret must be mutually agreed upon by both parties to the IKE connection 4 In Peer Gatewa...

Page 73: ...cludes a Create button for each category to create new IKE and IPSec definitions This section describes how to perform the following tasks IKE Peers Create IKE peers IKE peers are those devices known to your ADSL Internal Modem as capable of participating in IKE connections IKE Proposals Create IKE proposals IKE I proposals specify how packets will be encrypted authenticated for Phase I IKE IPSec ...

Page 74: ...In Pre shared Secret enter a case sensitive character string used for authentication This secret can be up to 256 characters with no spaces or non printable characters The pre shared secret must be mutually agreed upon by both parties to the IKE connection 4 In Peer Gateway IP Address enter the IP address of the gateway at the remote end of the IKE connection If the remote IKE peer does not have a...

Page 75: ...s message authentication using Secure Hashing Algorithm 1 default 4 From the Diffie Hellman Oakley Group drop down menu select one of the following Diffie Hellman key generation groups to use during IKE Phase I exchange Group 1 Uses Diffie Hellman Group 1 768 bits Group 2 Uses Diffie Hellman Group 2 1024 bits 5 From the Encryption Type drop down menu select one of the following encryption types to...

Page 76: ...rtance to the remote IKE peer 3 From the AH Authentication Scheme drop down menu select one of the following to use as the hashing algorithm for Authentication Header AH IPSec NONE Requests no AH encapsulation SHA1 Requests AH encapsulation and authenticate using Secure Hashing Algorithm 1 MD5 Requests AH encapsulation and authenticate using Message Digest 5 4 From the ESP Authentication Scheme dr...

Page 77: ...ion AES Encrypts using a 128 192 or 256 bit key 6 If you selected AES as the encryption type specify the key bit size to use in Key Length This can be 128 192 or 256 7 In Phase II Proposal Lifetime enter the number of seconds after the IPSec SA expires The default is 1800 seconds Once this time is elapsed the system will renegotiate the IKE connection 8 In Phase II Proposal Life Data enter the amo...

Page 78: ...must be already defined as an IKE IPSec Proposal 5 From the PFS Group drop down menu select one of the following the Diffie Hellman group to use for Perfect Forward Secrecy Perfect Forward Secrecy enhances the security of the key exchange In the event of a key becoming compromised only the data protected by that compromised key becomes vulnerable None Group 1 Uses Diffie Hellman Group 1 768 bits G...

Page 79: ...cify All ports a port number or an IP application associated with a particular port Because port numbers are TCP and UDP specific a port filter is effective only when the protocol filter is TCP or UDP 12 In Destination Port enter the port that will be the destination of TCP UDP traffic under this policy You can specify All ports a port number or an IP application associated with a particular port ...

Page 80: ...of IP packets providing the level of security required by Virtual Private Networks VPNs To start an IPSec session 1 Click VPN Log On on the left navigation pane of the Router Information page This displays the VPN Log On page 2 For Feature click enable 3 For Available IPSEC tunnels select the tunnel you wish to use for the IPSec session 4 Click log on corresponding to the tunnel you selected You m...

Page 81: ...ew system summary information click System Summary on the left navigation pane of the Router Information page This displays the System Summary page From the System Summary page you can view information for the following Ethernet interface Remote connections IP Routing System System Summary View status and statistical information Diagnostics Run diagnostic programs to determine potential problems ...

Page 82: ...rmation Click Ethernet Info on the left navigation pane of the System Summary page to display information about the Ethernet interface Remote Connection Information Click Remote Info on the left navigation pane of the System Summary page to display information about remote connections for all entries in the Remote Router database ...

Page 83: ...ng Information Click IP Routing Info on the left navigation pane of the System Summary page to display information about the active interfaces in the IP routing table System Information Click System Info on the left navigation pane of the System Summary page to display general information for select system settings ...

Page 84: ...left navigation pane of the Router Information page This displays the Run Diagnostics page From the Run Diagnostics page you can view information for the following PPPoE session Interface information Routing Table information Files information Memory usage List all configuration data TCP IP statistics PPPoE Session Select PPPoE session from the drop down menu and click Execute to display PPPoE ses...

Page 85: ...IEMENS 79 Interface Information Select Interface information from the drop down menu and click Execute to display interface information Routing Table Information Select Routing Table information from the drop down menu and click Execute to display information about the configured routing tables ...

Page 86: ...oring Router Diagnostics SIEMENS 80 Files Information Select Files information from the drop down menu and click Execute to display files store on the router Memory Usage Select Memory usage from the drop down menu and click Execute to display memory usage information ...

Page 87: ... Diagnostics SIEMENS 81 List All Configuration Data Select List all configuration data from the drop down menu and click Execute to display configuration information TCP IP Statistics Select TCP IP statistics from the drop down menu and click Execute to display TCP IP information ...

Reviews:

No comments

Related manuals for 5881

Lindy 25046 User Manual preview
25046
Brand: Lindy Pages: 4
Grundig GSS STC 160 Assembly Instruction Manual preview
GSS STC 160
Brand: Grundig Pages: 24
Weidmuller IE-SW-PL09M-5GC-4GT Hardware Installation Manual preview
IE-SW-PL09M-5GC-4GT
Brand: Weidmuller Pages: 15
Teldat G1N Installation Manual preview
G1N
Brand: Teldat Pages: 23
Ubiquiti EdgeRouter X Quick Start Manual preview
EdgeRouter X
Brand: Ubiquiti Pages: 20
Avigilon NVR5-STD-10GBE Installation Manual preview
NVR5-STD-10GBE
Brand: Avigilon Pages: 12
Corsair ELITE LCD UPGRADE KIT Manual preview
ELITE LCD UPGRADE KIT
Brand: Corsair Pages: 11
TRENDnet TDM-C400 User Manual preview
TDM-C400
Brand: TRENDnet Pages: 205
M-Audio FireWire 1814 Manual Del Usuario preview
FireWire 1814
Brand: M-Audio Pages: 67
Ubiquiti EdgeRouter X ER-X-SFP Quick Start Manual preview
EdgeRouter X ER-X-SFP
Brand: Ubiquiti Pages: 20
H3C LS-5100-16P-SI-OVS-H3 Configuration preview
LS-5100-16P-SI-OVS-H3
Brand: H3C Pages: 313
NETGEAR WNR2000v2 - Wireless- N 300 Router User Manual preview
WNR2000v2 - Wireless- N 300 Router
Brand: NETGEAR Pages: 144
IBM BladeCenter 1/10 Gb Uplink Ethernet SwitchModule Installation Manual preview
BladeCenter 1/10 Gb Uplink Ethernet SwitchModule
Brand: IBM Pages: 58
TRENDnet TS-U100 - NAS Server - USB User Manual preview
TS-U100 - NAS Server - USB
Brand: TRENDnet Pages: 47
Divio NRM 311 User Manual preview
NRM 311
Brand: Divio Pages: 78
TP-Link TD-W8901G - VERSION 1.0.4 User Manual preview
TD-W8901G - VERSION 1.0.4
Brand: TP-Link Pages: 61
Sony Vaio PCWA-AR300 Quick Start Manual preview
Vaio PCWA-AR300
Brand: Sony Pages: 2
Sony BVS-V3232 Quick Start Manual preview
BVS-V3232
Brand: Sony Pages: 4

Brands by name

Popular brands

Load more brands