background image

SIEMENS 5930/5935 Business Gateway
User’s Guide

Chapter 4  User Setup

User Management

SIEMENS

33

Secure Mode Configuration

You can enable secure mode to control whether an interface is trusted or untrusted. To configure Secure 
Mode:

1. Click 

Secure Mode Configuration

 on the left navigation pane of the User Management page. This 

displays the Secure Mode Configuration page. 

2. Do one of the following for 

Secure Mode

:

Click the box next to 

Enabled

 so a check mark appears. This enables secure mode. 

Click the box next to 

Enabled

 so there is no check mark. This disables secure mode.

3. If you enabled secure mode, select one of the following for 

LAN Interface

 and 

WAN Interface

:

Trusted

:

A trusted interface does not have to come over an encrypted tunnel.

Untrusted

:

An untrusted interface must come over an encrypted tunnel, such as SSH or telnet-over-IPSec.

Summary of Contents for 5930

Page 1: ...Part No 107 5930 000 SIEMENS Business Class 5930 5935 Business Gateway User s Guide ...

Page 2: ...pies thereof Limited Warranty The following limited warranties provided by Siemens Subscriber Networks extend to the original end user of the Hardware licensee of the Software and are not assignable or transferable to any subsequent purchaser licensee 1 Hardware Siemens Subscriber Networks warrants that the Hardware will be free from defects in materials and workmanship and will perform substantia...

Page 3: ... or amended except by a written instrument executed by a duly authorized officer of Siemens Subscriber Networks Siemens Subscriber Networks neither assumes nor authorizes any authorized service center or any other person or entity to assume for it any other obligation or liability beyond that which is expressly provided for in this Limited Warranty including the provider or seller of any extended ...

Page 4: ...ed Services Quality of Service provisioning 3 Asynchronous Transfer Mode ATM 3 IP Address Translation 3 Protocol Conformance Testing 3 PPP RFC 1661 4 Security 4 Front Panel for 5935 5 Back Panel for 5935 5 Hardware Specifications for 5935 6 Physical Specifications 6 Operational Environment 6 Power Requirements 6 Processor 6 LAN Interface 6 WAN Interface 6 Serial Interface 6 Agency Approvals 6 Soft...

Page 5: ...Access Easy Setup Wizard 21 Select Protocol 21 Point to Point Protocol over ATM 22 Point to Point Protocol over Ethernet over PPPoA 23 Point to Point Protocol over Ethernet over RFC1483 24 RFC 1483 25 RFC 1483 MAC Encapsulated Routing MER 26 Dynamic Host Configuration Protocol 27 Local Area Network Configuration 28 Chapter 4 User Setup User Management 29 Adding Modifying A User Account 30 Deleting...

Page 6: ...d Keys 62 Key Generator 63 Firewall Scripts 64 Stateful Firewall 65 Configure Stateful Firewall 66 View Dropped Packets 67 Configure Firewall Rules 68 Delete Firewall Rules 70 IKE IPSec Configuration 71 Easy IKE IPSec Setup 72 Advanced IKE IPSec Setup 73 VPN Log On 80 Chapter 7 Monitoring Router System Summary 81 Ethernet Interface Information 82 Remote Connection Information 82 IP Routing Informa...

Page 7: ...est Failure Self Test successful heartbeat Router is shut down WAN Yellow Yellow flashing Green Off Establishing DSL modem link Establishing DSL throughput DSL modem link successful DSL modem link is shut down LAN Green flashing Green Off Data traffic detected LAN status OK LAN status Not OK Connection Function Power Uses a 12V DC AC power adapter Ethernet Ports Eight Ethernet T 100 switch ports 8...

Page 8: ...C Frequency 50 60 Hz Consumption 10W maximum Processor Motorola MPC855T 8 MB DRAM 4 MB Flash Memory Motorola MPC180 Encryption Processor LAN Interface Built in eight port Ethernet switch with RJ 45 connectors Green Amber LEDs LAN speed of 10 or 100 Mbps full or half duplex with auto sense switch WAN Interface One Asymmetric Digital Subscriber Line interface as follows ADSL Annex A RJ 11 with 2 3 p...

Page 9: ...P1 compatible and RIP2 RFC 1389 or static routing on the LAN or WAN Novell IPX with RIP SAP RFC 1552 DHCP client RFC 2132 DHCP server Automatic assignment of IP address mask default gateway and DNS server addresses to workstations RFC 2131 2132 DHCP relay agent RFC 1542 DNS relay Multiple subnets on LAN Virtual routing Virtual Router Redundancy Protocol RFC 2338 Differentiated Services Quality of ...

Page 10: ...d DNS assignment RFC 1877 PPP over Ethernet RFC 2516 Security Role based management User authentication PAP CHAP with PPP RFC 1334 RFC 1994 Password control for Configuration Manager SNMP password and community name reassignment HTTP Syslog SNMP Telnet port reassignment access control list VPN support L2TP IPSec IKE DES 3DES Firewall IP filtering Stateful Firewall ICSA Compliant Secure Management ...

Page 11: ...hing Green 2 sec blink Off Running Power On Self Test Self Test Failure Self Test successful heartbeat Router is shut down WAN Yellow Yellow flashing Green Off Establishing DSL modem link Establishing DSL throughput DSL modem link successful DSL modem link is shut down LAN Green flashing Green Off Data traffic detected LAN status OK LAN status Not OK Connection Function Power Uses a 12V DC AC powe...

Page 12: ...0V AC Frequency 50 60 Hz Consumption 10W maximum Processor Motorola 32 MHz MPC855T 8 MB DRAM 4 MB Flash Memory 3DES DES MD5 SHA hardware assist LAN Interface Built in eight port Ethernet switch with RJ 45 connectors Green Amber LEDs LAN speed of 10 or 100 Mbps full or half duplex with auto sense switch WAN Interface One Digital Subscriber Line interface as follows ADSL Annex B RJ 11 with 2 3 pinou...

Page 13: ...ovell IPX with RIP SAP RFC 1552 DHCP client RFC 2132 DHCP server Automatic assignment of IP address mask default gateway and DNS server addresses to workstations RFC 2131 2132 DHCP relay agent RFC 1542 DNS relay Multiple subnets on LAN Virtual routing Virtual Router Redundancy Protocol RFC 2338 Differentiated Services Quality of Service provisioning Weighted Fair Queuing WFQ Differentiated Service...

Page 14: ...STAC LZS RFC 1974 Van Jacobsen header compression RFC 1144 Spoofing and filtering IP RIP IPX RIP SAP Watchdog serialization Automatic IP and DNS assignment RFC 1877 PPP over Ethernet RFC 2516 Security Role based management User authentication PAP CHAP with PPP RFC 1334 RFC 1994 Password control for Configuration Manager SNMP password and community name reassignment HTTP Syslog SNMP Telnet port rea...

Page 15: ...m your network Service Provider Package Contents Your package should contain the items listed below If you determine anything to be damaged or missing please contact the dealer from whom the equipment was purchased One Siemens 5930 or 5935 Business Gateway One Siemens Documentation CD ROM One AC power supply module and cord One Ethernet cable RJ 45 One DSL cable RJ 11 purple label One RJ 45 to DB ...

Page 16: ... need some of the items from the following list Contact your Network Service Provider for specific details on the items you should receive DNS address One or more LAN IP addresses and a subnet mask Protocol to use from one of the following PPP Point to Point Protocol with a user name and password PPPoE PPP over Ethernet RFC 1483 SNAP Encapsulation RFC 1483 MER MAC Encapsulated Routing requiring a ...

Page 17: ...stallation instructions Once you verify installation of an Ethernet adapter perform the following procedure to connect the router to your computer 1 With the PC powered off connect the Ethernet cable to an Ethernet port on the router 2 Connect the other end of the Ethernet cable to the Ethernet port on the PC 3 Connect the DSL cable resembles a telephone cord to the DSL port on the rear of the rou...

Page 18: ...ed Select the Operating System installed on the PC connected to the router from the list below and follow the associated procedure Windows 98 ME 1 Click Start Control Panel Network This displays the Configuration tab on the Network window 2 Select TCP IP protocol for your network card 3 Click Properties This displays the TCP IP Properties window 4 Click the IP Address tab 5 Ensure that the Obtain ...

Page 19: ...e Network window 2 Click the Protocols tab 3 Select TCP IP Protocol from the Network Protocols list 4 Click Properties This displays the Microsoft TCP IP Properties window 5 Click the IP Address tab 6 On the IP Address tab select Obtain an IP address from a DHCP server 7 Click OK to close each dialog 8 Restart the PC to ensure it obtains an IP address from the router 9 Configure the router ...

Page 20: ...3 Right click Local Area Connections and select Properties This displays the Local Area Connections Properties window 4 Select Internet Protocol TCP IP from the list of components 5 Click Properties This displays the Internet Protocol TCP IP Properties window 6 Ensure that the Obtain an IP address automatically and Obtain DNS server address automatically options are selected 7 Click OK to close ea...

Page 21: ...onnection window 3 Right click Local Area Connection then click Properties This displays the Local Area Connection Properties window 4 Select Internet Protocol TCP IP 5 Click Properties This displays the Internet Protocol TCP IP Properties window 6 Ensure the Obtain an IP address automatically and Obtain DNS server address automatically options are selected 7 Restart the PC to ensure it obtains an...

Page 22: ...le Control Panels TCP IP This displays the TCP IP Control Panel window 2 Select Ethernet from the Connect via drop down menu 3 Select Using DHCP Server from the Configure drop down menu 4 Complete the fields shown with any information supplied by your service provider 5 Close window and save changes 6 Configure the router ...

Page 23: ...references window 2 Double click the Network icon under the Internet Network section This displays the Network window 3 Select Ethernet from the Connect via drop down menu 4 Select Using DHCP Server from the Configure drop down menu 5 Enter any information supplied by your service provider 6 Click Apply Now to save and exit the Network window 7 Configure the router ...

Page 24: ...Config window 2 Click the Adaptor tab 3 Enter any information specified by your service provider in the fields under the appropriate Adapter tab 4 When settings are completed click Accept This displays the Status of the system tab 5 To update the system status ensure that the Activate the changes button is highlighted then click Act Changes 6 Configure the router ...

Page 25: ...ment Interface is accessible through most HTML browsers though Internet Explorer 4 0 or Netscape 4 0 and higher are recommended Refer to the Technical Reference Guide for details on managing the router through the CLI Establish Connection To establish a connection from your computer to the router through your Web browser 1 Open your Internet Explorer or Netscape Navigator Web browser 2 In the Addr...

Page 26: ...voice PVC ATM WAN protocol and WAN network settings In the left navigation pane of this page there are configuration diagnostic and status and statistic options for the router In this document these features are grouped according to User Access Control Advanced Router Functions Security and Monitoring Health and Status Use the table below to locate detailed instructions for the desired function To...

Page 27: ...celled no changes will be made and you will need to begin again Select Protocol When you click Easy Setup in the left navigation pane of the Router Information page the WAN Interface page is displayed This page is used to enter and review information about Wide Area Network WAN settings To configure the WAN interface 1 in Data DLCI Data Link Connection Identifier enter the logical connection betwe...

Page 28: ...e WAN non IP If bridging is enabled you can optionally select Only bridge PPPoE traffic If selected only PPPoE traffic is bridged all other traffic is stopped 3 IP Routing Enabled Route all IP traffic to remote hosts 4 If you enabled IP routing optionally select one or more of the following NAT Enabled Network Address Translation NAT allows multiple workstations on your LAN to share a single publi...

Page 29: ... enter the domain name of your network service provider Use as a default for all services 3 In PPPoE Timer enter the number of seconds of inactivity that must elapse before the PPP connection closes This helps to limit connection charges from your service provider during times of inactivity The default entry of permanent will keep the PPP connection open constantly with no time out interval 4 Opti...

Page 30: ...ion using PPPoE protocol 2 In Service Name enter the domain name of your network service provider Use as a default for all services 3 In PPPoE Timer enter the number of seconds of inactivity that must elapse before the PPP connection closes This helps to limit connection charges from your service provider during times of inactivity The default entry of permanent will keep the PPP connection open c...

Page 31: ... address and subnet mask This can be one of the following Obtain configuration automatically from Wan using DHCP to have an IP address assigned automatically using DHCP Configure IP Routing manually to assign IP addresses manually If you select this option you must specify an IP Address and Subnet Mask in the appropriate fields 2 If you enabled IP routing optionally select one or more of the follo...

Page 32: ... address and subnet mask This can be one of the following Obtain configuration automatically from Wan using DHCP to have an IP address assigned automatically using DHCP Configure IP Routing manually to assign IP addresses manually If you select this option you must specify an IP Address Subnet Mask and Default Gateway in the appropriate fields Default Gateway assigns the IP address of the next hop...

Page 33: ...re the Domain Name Service Obtain DNS information automatically The DNS server address will be learned when DHCP client requests are placed over the WAN link Configure DNS manually Define DNS server address manually from information you get from your service provider If you select this option provide the following information Domain Name The router s DNS domain name as assigned by your service pro...

Page 34: ... Local Area Network 1 In IP Address enter the network address of the router This address must be globally unique unless NAT has been enabled 2 In Subnet Mask enter the subnet mask to use along with the IP address to determine if specific LAN IP traffic should be forwarded to the WAN 3 Click Save and Reboot The router will reboot with the new configuration settings On completion of the reboot proce...

Page 35: ...figure the Radius Server and configure the Tacplus Server Click Home at anytime to return to the Router Information page To access one of these options click its link on the User Management page Use the table below to locate detailed instructions for the desired function User Management Manage user accounts Change Password Change user password Access Control Configure remote access to the router c...

Page 36: ...nt the Password and Confirm Password values are not displayed If you leave them blank the password is not changed 3 Do one of the following to assign privileges to this user account Select one of the buttons at the top of this page to automatically assign pre set privileges to the user based on common user roles Refer to Management Classes for details on the privileges automatically assigned to ea...

Page 37: ...Setup User Management SIEMENS 31 Deleting A User Account To delete a user account 1 Select the name of the account you want to delete in the Select User list on the User Management page then click Delete User 2 When prompted click OK to confirm the account deletion ...

Page 38: ...up Config on the left navigation pane of the User Management page This displays the User Lookup Configuration page 2 Specify one of the following databases for Primary and for Secondary If the user is not found in the Primary database the Secondary database is searched Local Searches the local database for user login identification Either the primary or secondary lookup must be Local Radius Search...

Page 39: ... This displays the Secure Mode Configuration page 2 Do one of the following for Secure Mode Click the box next to Enabled so a check mark appears This enables secure mode Click the box next to Enabled so there is no check mark This disables secure mode 3 If you enabled secure mode select one of the following for LAN Interface and WAN Interface Trusted A trusted interface does not have to come over...

Page 40: ...password is hidden using a method based on the RSA Message Digest Algorithm MD5 3 The access request is submitted to the RADIUS server via the network If no response is returned within a length of time the request is re sent a specified number of times The router s RADIUS client can also forward requests to a secondary server in the event that the primary server is down or unreachable Once the RAD...

Page 41: ...Tacplus Server Configuration page 2 In Timeout enter the number of seconds to between retry attempts when the Tacplus Server cannot be reached 3 In Retry enter the number of times the Tacplus Server should be contacted before attempting to connect to the secondary server 4 In CACHE Timeout enter the number of seconds that must pass before the user must be authenticated again 5 For Primary and opti...

Page 42: ... the pre defined templates that group multiple management classes for a logically defined user type When using the template method Access privileges for WAN LAN and Console are granted by default The following table lists the privileges given to each logically defined user type Super User Mgmt Class read Network System Admin Voice Security Debug Mgmt Class write Network System Admin Voice Security...

Page 43: ... are changed from the Change Password page To change a user password 1 Click Change Password from the left navigation pane on the Router Information page This displays the Change Password page 2 Enter the new password for the Current User in Enter New Password and New Password again boxes 3 Click Apply to save the new password ...

Page 44: ...access A check in the box next to the method specifies enabled If disabled any access restriction specification is disregarded Telnet Web SNMP 3 For each remote access method selected specify any access restrictions This can be one of the following No access restrictions Remote access method is enabled and not restricted This setting allows access from all hosts Allowed from LAN Limits access to t...

Page 45: ...vice levels for priority applications Routing Table Configuration Configure multiple routing tables for a single host Dial Backup Enable a backup connection to the Internet through an internal V 90 model 5835 only or an external asynchronous modem connected to the Console port Switch Management Manage the Ethernet 10 100 switching ports located on the rear panel of the router Traffic Shaping Defin...

Page 46: ...t the current date and time on the router 1 Click Router Clock on the left navigation pane of the Router Information page This displays the Current Date and Time page 2 The current date and time from your PC are displayed in the field labeled Current Date and Time To synchronize the date and time on your router with the current date and time displayed click Synchronize Router Clock ...

Page 47: ...tatus select Enable or Disable from LAN DHCP Server Status Disabled the router will not act as a DHCP server 3 To change the start and ending address range of the IP address pool enter the starting address in First IP Address and the ending address in Last IP Address 4 Click Apply Note that a list of network clients that are currently leasing their IP addresses from the pool are shown in Current D...

Page 48: ...g from QoS Status to enable or disable QoS On QoS will forward packets and set diffserv marking based on user defined mapping rules and enabled QoS policies Off QoS will forward packets based on pre defined mapping rules and enabled QoS policies 3 To enable or disable marking of the Differentiated Services field of the IP header select one of the following from DiffServ Status On QoS will mark the...

Page 49: ...igation pane of the QoS Configuration page This displays the QoS Policy Setting page 2 Click Create This displays the QoS Policy Setting page To modify or delete an existing policy select the policy in the IP Policy List drop down menu and click Modify or Delete 3 In Policy Name enter a unique name to identify the policy 4 In Status select Enable or Disable to enable or disable the QoS policy Disa...

Page 50: ...ables source port checking 9 In Destination Port select one of the following From To Enter the destination port or range of destination ports to match in the destination port check Drop down menu Select the application to match in the destination port check Do not care Disables destination port checking 10 Select the priority to place on this policy if match criteria is met This can be Normal Low ...

Page 51: ...ist drop down menu and click Move This expands the QoS Policy Setting page 2 To specify the new location select one of the following to the end Moves the policy to the end of the policy list before policy Select the name of the policy where you want to move the Policy in the policy name drop down menu The policy will be moved to the location immediately preceding the policy specified in before pol...

Page 52: ...es a packet whose source address is 192 168 254 10 it checks if that address is within the address range defined for a virtual routing table If it is the virtual routing table is used to route the packet If it is not the default routing table is used instead To configure additional routing tables 1 Click Routing Table Configuration on the left navigation pane of the Router Information page This di...

Page 53: ...page This displays the Dial Backup page 2 Click Enable Dial Backup 3 Enter the User name and Password to use for the dial up connection This information is provided by your ISP 4 In Phone number enter the ISP s dial up phone number 5 Optionally in Alternate Phone number enter an alternate phone number to use in the event the first number is unavailable 6 Next to Using select one of the following t...

Page 54: ...e backup port The default minutes is 3 2 In Retry WAN Timer enter the number of minutes that must pass before checking to see if the Wan line has been restored 3 IP Addresses lists the addresses the router uses to ping via the WAN link If the ping tests fail the router switches data traffic to the backup port until the retry period expires again 4 In Ping Success Rate enter the ping success rate t...

Page 55: ...e router uses to ping via the DSL link If the ping tests fail the router switches data traffic to the backup port until the retry period expires again 4 In Ping Success Rate enter the ping success rate that must be met As soon as the success rate falls below this number DSL Link failure is assumed and switch over to backup is performed This success rate applies to all addresses in the IP Addresses...

Page 56: ...ity Labeling is provided for port identification To manage the switches using the web interface click Switch Management on the left navigation pane of the Router Information page This displays the Switch Status page The Switch Status page provides a graphical representation of the switch port information including connection speed mode and port status and provides links to switch management pages ...

Page 57: ...ilitates the unobtrusive monitoring of source port activity To configure port traffic mirroring 1 Click Mirror Capture Configuration from the left navigation pane of the Switch Status page This displays the Switch Mirror Configuration page 2 Under Mirror Port select one or more of the mapped ports or source ports you want to mirror 3 Under Capture Port select the port to receive the Ethernet traff...

Page 58: ...address entry is removed from the table containing this information To configure Switch Age Time 1 Click Aging Time Configuration from the left navigation pane of the Switch Status page This displays the Switch Aging Time Configuration page 2 In Ageing Time enter the number of seconds that must pass before the port MAC address entry is removed from the table This can be a number between 10 and 100...

Page 59: ...d interface To configure Traffic Shaping 1 Select Traffic Shaping or ATM Traffic Shaping from the left navigation pane of the Router Information page This displays the ATM Traffic Shaping Configuration page 2 Select the interface you want to configure from the Please select an interface drop down menu 3 Click Select This displays another form on the ATM Traffic Shaping Configuration page for the s...

Page 60: ... Time Variable Bit Rate Used for bursty applications that require service guarantees from the network VBR rt connections are characterized in terms of a Peak Cell Rate Sustained Cell Rate and a Maximum Burst Size Frame Relay traffic can also use VBR nrt Unspecified Bit Rate Used for non real time bursty applications that are tolerant of delay and loss UBR service does not specify service guarantee...

Page 61: ...ce to enter CLI commands Refer to the Command Line Interface Guide for available commands To execute a CLI command from the web interface 1 Click Command Line Interface on the left navigation pane of the Router Information window This displays the Execute a CLI command page 2 In the field provided enter the desired command 3 Click Execute The response will be displayed in the Output Window ...

Page 62: ...nt and a management agent Secure Shell Secure Shell SSH secures network services over an insecure network such as the public Internet Firewall Scripts Secures network and data communications with built in firewall capabilities A firewall is any combination of hardware and software that secures a network and traffic on the network to prevent interception or intrusion Stateful Firewall An IP filteri...

Page 63: ...ction of this page select Enable or Disable to specify whether or not multiple VPN clients are allowed Enabled multiple VPN clients are allowed disabled only a single VPN client is allowed 5 Click Apply 6 On the Wan side of the Inbound NAT Setting section on this page do one of the following Select the network service you are configuring from the Service drop down menu for Easy Setup This configur...

Page 64: ...s The community setting allows the SNMP manager to request information from a community rather than each node agent individually 3 In Port Number select one of the following Port Number Enter the desired number in the field next to Port Number Disable Disables the SNMP port Default Sets the port to the default port of 161 4 In Trusted Interfaces select one or both of the following LAN designates t...

Page 65: ... The current IP filter ranges are displayed in the IP Addresses 2 In Start IP Range enter the first IP address in the range to be filtered 3 In End IP Range enter the last IP address in the range to be filtered 4 Optionally click LAN 5 Click Add IP Range SNMP Password An SNMP password is used to authenticate an SNMP Manager Once authenticated SNMP set requests will be performed To set the SNMP Pas...

Page 66: ... traffic to and from the system including passwords SSH also provides secure FTP type file transfers To access the Secure Shell configuration pages click Secure Shell from the left navigation pane on the Router Information page This displays the Secure Shell SSH Configuration List page This page displays the current SSH configuration settings as well as provides links to the other SSH configuratio...

Page 67: ...ion type is realized and the client adheres to the server encryption mode If the encryption method is not supported on the client side the connection will fail 4 For MAC select the type of Message Authentication Code to use for the SSH connection 5 For Port select one of the following to specify the port that the SSH server listens on Default Sets the SSH port to the default port of 22 Disable Dis...

Page 68: ...ce file Refer to the section title Key Generator for details on generating the key pair on the router To load the key pair from a source file 1 Click Load Keys on the left navigation pane of the Secure Shell SSH Configuration List page This displays the Load Private and Public Keys from file page 2 Do one of the following Select Public key to load a public key from a file Select Private key to loa...

Page 69: ... to complete When started the user will be redirected to a status page that is refreshed every 60 seconds The status page indicates whether the task is running When the task is no longer running results are displayed Once the task is started you can close this page and the Keygen function will continue You can reopen it anytime by clicking Key Generator Status on the left navigation pane of the Se...

Page 70: ...hitecture and requirements of their network Siemens Subscriber Networks cannot be liable for security violations due to inadequate or incorrect firewall configurations To load a firewall script perform the following 1 Click Firewall Scripts on the left navigation pane of the Secure Shell SSH Configuration List page This displays the Run a Firewall Script page 2 Select the desired Firewall Strength...

Page 71: ...cket is accepted Stateful firewall intercepts outgoing packets and gathers information from them for example IP address information port number to create state information for that session When an incoming packet is received the Stateful Firewall checks the packet against the state information it has maintained and accepts the packet if the packet belongs to the session This section describes how ...

Page 72: ... be dropped before a message is logged to the console The default value is 200 packets per second 5 In UDP Packet Threshold Setting specify the number of UDP Packets per second that can be received When this number is exceeded the firewall blocks any subsequent UDP packets The default value is 1000 UDP packets per second 6 In ICMP Ping Packet Threshold Setting specify the number of ICMP Ping Packe...

Page 73: ...ion pane of the Stateful Firewall Configuration page This displays the Firewall Dropped Packet List page 2 Do one of the following Specify the number of dropped packets to view from 1 to 200 Netscape 4 users may have to wait a very long time to get the complete list of 200 displayed Select a smaller value for viewing if this is the case Click Default to view the most recent 200 dropped packets 3 C...

Page 74: ...a packet is evaluated the Deny rules are applied first then the Allow rules 2 From the Allow Rule List drop down menu optionally select the list of protocols where the rule is allowed If you do not select an Allow Rule List you must select a Deny Rule List 3 From the Deny Rule List drop down menu optionally select the list of protocols where the rule is denied If you do not select a Deny Rule List...

Page 75: ... Type for matching the packet source and ICMP Code for matching the packet destination Application Select the application that must match from the Application drop down menu 6 For Source and Destination under Address optionally specify the First IP and Last IP addresses to define the source and destination IP address boundaries to apply to the firewall rule The packet must have a source destinatio...

Page 76: ... the Stateful Firewall Configuration page This displays the Firewall Rule Configuration page 2 Click Delete This expands the Firewall Rule Configuration page 3 Select the rule list s or range of rules you want to delete To delete a single rule only enter a number in the from field When entering a range of rules to be deleted the rule range specified is inclusive of the first and last rules 4 Click...

Page 77: ...s IPSec sessions are established through Security Associations SAs that enable secure devices to negotiate a level of security attributes needed for a Virtual Private Network VPN To configure IKE IPSec 1 Click IKE IPSec Configuration from the left navigation pane of the Router Information window This displays the IKE IPSec Information page 2 Select one of the following from the left navigation pan...

Page 78: ... logical name for an IKE Peer This name is of no importance to the remote IKE peer Choose a name that is meaningful to you 3 In Pre shared Secret enter a case sensitive character string used for authentication This secret can be up to 256 characters with no spaces or non printable characters The pre shared secret must be mutually agreed upon by both parties to the IKE connection 4 In Peer Gateway ...

Page 79: ...udes a Create button for each category to create new IKE and IPSec definitions This section describes how to perform the following tasks IKE Peers Create IKE peers IKE peers are those devices known to your ADSL Internal Modem as capable of participating in IKE connections IKE Proposals Create IKE proposals IKE I proposals specify how packets will be encrypted authenticated for Phase I IKE IPSec Pr...

Page 80: ... Pre shared Secret enter a case sensitive character string used for authentication This secret can be up to 256 characters with no spaces or non printable characters The pre shared secret must be mutually agreed upon by both parties to the IKE connection 4 In Peer Gateway IP Address enter the IP address of the gateway at the remote end of the IKE connection If the remote IKE peer does not have a f...

Page 81: ...exchange MD5 Performs message authentication using Message Digest 5 SHA1 Performs message authentication using Secure Hashing Algorithm 1 default 4 From the Diffie Hellman Oakley Group drop down menu select one of the following Diffie Hellman key generation groups to use during IKE Phase I exchange Group 1 Uses Diffie Hellman Group 1 768 bits Group 2 Uses Diffie Hellman Group 2 1024 bits 5 From th...

Page 82: ...ance to the remote IKE peer 3 From the AH Authentication Scheme drop down menu select one of the following to use as the hashing algorithm for Authentication Header AH IPSec NONE Requests no AH encapsulation MD5 Requests AH encapsulation and authenticate using Message Digest 5 SHA1 Requests AH encapsulation and authenticate using Secure Hashing Algorithm 1 4 From the ESP Authentication Scheme drop...

Page 83: ...rom the IP Compression Method drop down menu select one of the following to specify the algorithm to to use to compress IPSec packets LZS IP compression or None 7 In Phase II Proposal Lifetime enter the number of seconds after the IPSec SA expires The default is 1800 seconds Once this time is elapsed the system will renegotiate the IKE connection 8 In Phase II Proposal Life Data enter the amount o...

Page 84: ...Sec proposal to be used with this policy The IKE IPSec proposal must be already defined as an IKE IPSec Proposal 5 From the PFS Group drop down menu select one of the following the Diffie Hellman group to use for Perfect Forward Secrecy Perfect Forward Secrecy enhances the security of the key exchange In the event of a key becoming compromised only the data protected by that compromised key become...

Page 85: ...l connect using this policy 11 In Source Port enter the port that will be the source of TCP UDP traffic under this policy You can specify All ports a port number or an IP application associated with a particular port Because port numbers are TCP and UDP specific a port filter is effective only when the protocol filter is TCP or UDP 12 In Destination Port enter the port that will be the destination...

Page 86: ... IP packets providing the level of security required by Virtual Private Networks VPNs To start an IPSec session 1 Click VPN Log On on the left navigation pane of the Router Information page This displays the VPN Log On page 2 For Feature click enable 3 For Available IPSEC tunnels select the tunnel you wish to use for the IPSec session 4 Click log on corresponding to the tunnel you selected You mus...

Page 87: ...ew system summary information click System Summary on the left navigation pane of the Router Information page This displays the System Summary page From the System Summary page you can view information for the following Ethernet interface Remote connections IP Routing System System Summary View status and statistical information Diagnostics Run diagnostic programs to determine potential problems ...

Page 88: ...ation Click Ethernet Info on the left navigation pane of the System Summary page to display information about the Ethernet interface Remote Connection Information Click Remote Info on the left navigation pane of the System Summary page to display information about remote connections for all entries in the Remote Router database ...

Page 89: ... Information Click IP Routing Info on the left navigation pane of the System Summary page to display information about the active interfaces in the IP routing table System Information Click System Info on the left navigation pane of the System Summary page to display general information for select system settings ...

Page 90: ...ation pane of the Router Information page This displays the Run Diagnostics page From the Run Diagnostics page you can view information for the following PPPoE session Interface information ATM statistics Routing Table information Files information Memory usage List all configuration data TCP IP statistics PPPoE Session Select PPPoE session from the drop down menu and click Execute to display PPPo...

Page 91: ...ring Router Diagnostics SIEMENS 85 Interface Information Select Interface information from the drop down menu and click Execute to display interface information ATM Statistics Select ATM Statistics from the drop down menu and click Execute to display ATM statistics ...

Page 92: ...IEMENS 86 Routing Table Information Select Routing Table information from the drop down menu and click Execute to display information about the configured routing tables Files Information Select Files information from the drop down menu and click Execute to display files store on the router ...

Page 93: ... Diagnostics SIEMENS 87 Memory Usage Select Memory usage from the drop down menu and click Execute to display memory usage information List All Configuration Data Select List all configuration data from the drop down menu and click Execute to display configuration information ...

Page 94: ...S 5930 5935 Business Gateway User s Guide Chapter 7 Monitoring Router Diagnostics SIEMENS 88 TCP IP Statistics Select TCP IP statistics from the drop down menu and click Execute to display TCP IP information ...

Reviews: