manualshive.com logo in svg

Linksys BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router, Руководство пользователя

Маршрутизатор Linksys BEFSX41 - мгновенный широкополосный маршрутизатор EtherFast Cable/DSL с межсетевым экраном. Спецификации продукта доступны для бесплатного скачивания на manualshive.com. Получите руководство по эксплуатации и настройке на manualshive.com прямо сейчас.

Поделиться
Скачать
background image

64

Appendix F: Configuring IPSec between a Windows 2000 or XP Computer and the Router
How to Establish a Secure IPSec Tunnel

ADSL Gateway with 4-Port Switch

How to Establish a Secure IPSec Tunnel

Step 1: Create an IPSec Policy

1. Click the 

Start

 button, select 

Run

, and type 

secpol.msc

 in the 

Open

 field.  The 

Local Security Setting

 screen 

will appear as shown in Figure F-1.

2. Right-click 

IP Security Policies on Local Computer 

(Win XP) or 

IP Security Policies on Local Machine 

(Win 2000), and click 

Create IP Security Policy

.

3. Click the

 Next

 button, and then enter a name for your policy (for example, to_Router). Then, click 

Next

.

4. Deselect the 

Activate the default response rule

 check box, and then click the 

Next

 button.

5. Click the 

Finish

 button, making sure the Edit check box is checked.

Step 2: Build Filter Lists

Filter List 1: win->Router

1. In the new policy’s properties screen, verify that the 

Rules

 tab is selected, as shown in Figure F-2. Deselect 

the 

Use Add Wizard

 check box, and click the 

Add 

button to create a new rule. 

2. Make sure the 

IP Filter List

 tab is selected, and click the 

Add

 button. (See Figure F-3.)The

 IP Filter List

 

screen should appear, as shown in Figure F-4. Enter an appropriate name, such as win->Router, for the filter 
list, and de-select the 

Use Add

 

Wizard

 check box. Then, click the 

Add

 button.

NOTE:

The references in this section to “win” are 

references to Windows 2000 and XP.

Figure F-1: Local Security Screen

Figure F-2: Rules Tab

Figure F-3: IP Filter List Tab

NOTE:

The text on your screen may differ from the 

text in your instructions for “OK or Close”; click the 
appropriate button on your screen.

Содержание BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router

Страница 1: ...A Division of Cisco Systems Inc Model No WIRED with 4 Port Switch VPN Broadband Firewall Router BEFSX41 User Guide Endpoint ...

Страница 2: ...r technical terms that are presented like this Also each figure diagram screenshot or other image is provided with a figure number and description like this Figure numbers and descriptions can also be found in the List of Figures section in the Table of Contents This exclamation point means there is a Caution or Warning and is something that could damage your property or the Router word definition...

Страница 3: ...el 8 Chapter 4 Connecting the Router 9 Overview 9 Connection Instructions 10 Chapter 5 Using The Router s Web based Utility 11 Overview 11 Navigating the Utility 11 Accessing the Utility 13 The Setup Tab 13 The Security Tab 25 The Restrict Access Tab 31 The Applications Gaming Tab 33 Port Triggering 34 UPnP Forwarding 35 DMZ 37 The Administration Tab 38 The Status Tab 42 Appendix A Troubleshooting...

Страница 4: ...p 60 Appendix E Maximizing VPN Security 61 Appendix F Configuring IPSec between a Windows 2000 or XP Computer and the Gateway 63 Introduction 63 Environment 63 How to Establish a Secure IPSec Tunnel 64 Appendix G SNMP Functions 74 Appendix H Glossary 75 Appendix I Specifications 79 Appendix J Warranty Information 80 Appendix K Regulatory Information 81 Appendix L Contact Information 82 ...

Страница 5: ...etup 13 Figure 5 4 DHCP Connection Type 14 Figure 5 5 Static IP Connection Type 14 Figure 5 6 PPPoE Connection Type 15 Figure 5 7 RAS Connection Type 16 Figure 5 8 PPTP Connection Type 17 Figure 5 9 Heart Beat Signal Connection Type 18 Figure 5 10 L2TP Connection Type 19 Figure 5 11 Network Setup 20 Figure 5 12 Setup Tab DynDNS org 21 Figure 5 13 Setup Tab TZO com 21 Figure 5 14 Setup Tab MAC Addr...

Страница 6: ...32 Administration Tab Management 38 Figure 5 33 Administration Tab Log 39 Figure 5 34 View Log 39 Figure 5 35 Administration Tab Diagnostics 40 Figure 5 36 Administration Tab Factory Defaults 41 Figure 5 37 Administration Tab Firmware Upgrade 41 Figure 5 38 Status Tab Router 42 Figure 5 39 Status Tab Local Network 43 Figure 5 40 DHCP Active IP Table 43 Figure B 1 Upgrade Firmware 57 Figure C 1 IP ...

Страница 7: ...Tab 67 Figure F 13 Authentication Methods 68 Figure F 14 Preshared Key 68 Figure F 15 New Preshared Key 68 Figure F 16 Tunnel Setting Tab 69 Figure F 17 Connection Type Tab 69 Figure F 18 Properties Screen 69 Figure F 19 IP Filter List Tab 70 Figure F 20 Filter Action Tab 70 Figure F 21 Authentication Methods Tab 70 Figure F 22 Preshared Key 71 Figure F 23 New Preshared Key 71 Figure F 24 Tunnel S...

Страница 8: ... 100 Switch The four ports in the back of the Router are all auto detecting meaning that the Router can tell if you re connecting a straight through or cross over cable making this easier to use than ever Finally adding VPN network security to the Router allows you to secure data not just behind the Router but as it is transmitted over the Internet VPNs or Virtual Private Networks create virtual t...

Страница 9: ...ppendix A Troubleshooting This appendix describes some possible problems and solutions as well as frequently asked questions regarding installation and use of the Router Appendix B Upgrading Firmware This appendix explains how you can upgrade the Router s firmware Appendix C Finding the MAC Address and IP Address for Your Ethernet Adapter This appendix instructs you on how to find the MAC address ...

Страница 10: ...tworking Appendix I Specifications This appendix provides the technical specifications for the Router Appendix J Warranty Information This appendix supplies the warranty information for the Router Appendix K Regulatory Information This appendix supplies the regulatory information regarding the Router Appendix L Contact Information This appendix provides contact information for a variety of Linksys...

Страница 11: ...the Internet the firewall will no longer protect that data At this point your data becomes open to hackers using a variety of methods to steal not only the data you are transmitting but also your network login and security data Some of the most common methods are as follows 1 MAC Address Spoofing Packets transmitted over a network either your local network or the Internet are preceded by a packet ...

Страница 12: ...t between the two networks VPN was created as a cost effective alternative to using a private dedicated leased line for a private network Using industry standard encryption and authentication techniques IPSec short for IP Security the VPN creates a secure connection that in effect operates as if you were directly connected to your local network Virtual Private Networking can be used to create secu...

Страница 13: ...example of a computer to VPN Router VPN In her hotel room a traveling businesswoman dials up her ISP Her notebook computer has VPN client software that is configured with her office s VPN settings She accesses the VPN client software that supports IPSec and connects to the VPN Router at the central office As VPNs utilize the Internet distance is not a factor Using the VPN the businesswoman now has...

Страница 14: ...can be used in one of two ways If the Router is having problems connecting to the Internet press the Reset button for just a second with a paper clip or a pencil tip This is similar to pressing the Reset button on your PC to reboot it If you are experiencing extreme problems with the Router and have tried all other troubleshooting measures press and hold in the Reset button for 30 seconds This wil...

Страница 15: ...stic test DMZ Green The DMZ LED indicates when the DMZ function is being used This LED will remain lit as long as DMZ is enabled Ethernet Green The Ethernet LED serves two purposes If the LED is continuously lit the Router is connected to a device through the corresponding port 1 2 3 or 4 If the LED is flashing the Router is actively sending or receiving data over that port Internet Green The Inte...

Страница 16: ...e your PCs Configure the Router with the setting s provided by your Internet Service Provider ISP The installation technician from your ISP should have left the setup information with you after installing your broadband connection If not you can call your ISP to request the information Once you have the setup information for your specific type of Internet connection then you can begin installation...

Страница 17: ...is step to connect more PCs or other network devices to the Router 3 Connect your cable or DSL modem s Ethernet cable to the Router s Internet port 4 Power on the cable or DSL modem 5 Connect the included power adapter to the Router s Power port and then plug the power adapter into an electrical outlet The Power LED on the front panel will light up as soon as the power adapter is connected properl...

Страница 18: ...default password is admin To secure the Router change the password from its default Navigating the Utility There are six main tabs Setup Security Access Restrictions Applications Gaming Administration and Status Additional screens will be available from the main tabs Setup Basic Setup Enter the Internet connection and network settings on this screen DDNS To enable the Router s Dynamic Domain Name ...

Страница 19: ...rding Use this screen to alter UPnP forwarding settings DMZ To allow one local user to be exposed to the Internet for use of special purpose services use this screen Administration Management On this screen alter the Router s password access privileges and UPnP settings Log You can view or save even email activity logs from this screen Diagnostics From this screen you can test network performance ...

Страница 20: ...utton The Setup Tab The Setup tab is the first tab you see when you access the Web based Utility This tab is divided into four screens Basic Setup DDNS MAC Address Clone and Advanced Routing Each of these screens are described in detail below Basic Setup Internet Setup This section allows you to select the type of Internet setup and connection your network employs The Router supports six connectio...

Страница 21: ...om your ISP IP Address This is the IP address that the Router has when seen from the Internet Your ISP will provide you with the IP Address you need to specify here Subnet Mask This is the Router s Subnet Mask as seen by external users on the Internet including your ISP Your ISP will provide you with the Subnet Mask Default Gateway Your ISP will provide you with the Default Gateway Address Primary...

Страница 22: ... Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your PPPoE enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to Keep Alive The default Redial ...

Страница 23: ...io button If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your RAS enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to Keep A...

Страница 24: ...cally re establish your connection as soon as you attempt to access the Internet again If you wish to activate Connect on Demand click the radio button If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option...

Страница 25: ...ton If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your PPPoE enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to Keep Alive...

Страница 26: ...radio button If you want your Internet connection to remain on at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet access disconnects Keep Alive Option and Redial Period This option keeps your PPPoE enabled Internet access connected indefinitely even when it sits idle To use this option click the radio button next to K...

Страница 27: ...be 192 168 1 2 or greater because the default IP address for the Router is 192 168 1 1 Number of Address Optional Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to This number cannot be greater than 253 In order to determine the DHCP IP Address range add the starting IP address e g 100 to the number of DHCP users By default add 100 to 50 and the range is 192 1...

Страница 28: ...use If you do not want to use this feature keep the default setting Disable DynDNS org User Name Password and Host Name Enter the User Name Password and Host Name of the account you set up with DynDNS org Internet IP Address The Router s current Internet IP Address is displayed here Because it is dynamic it will change Status The status of the DDNS service connection is displayed here TZO com Tab ...

Страница 29: ...address cloning select Enable MAC Address To manually clone a MAC address enter the 12 digits of your adapter s MAC address in the on screen fields Then click the Save Settings button Clone If you want to clone the MAC address of the PC you are currently using to configure the Router then click the Clone button The Router will automatically detect your PC s MAC address so you do NOT have to call y...

Страница 30: ...t the protocol you want RIP1 or RIP2 Static Routing If the Router is connected to more than one network it may be necessary to set up a static route between them A static route is a pre determined pathway that network information must travel to reach a specific host or network To create a static route alter the following settings Select Entry Select the number of the static route from the drop dow...

Страница 31: ...ote network or host Hop Count This determines the maximum number of steps between network nodes that data packets will travel A node is any device on the network such as PCs print servers routers etc Interface Select LAN or Internet depending on the location of the static route s final destination Show Routing Table Click the Show Routing Table button to open a screen displaying how data is routed...

Страница 32: ...ter Proxy Use of WAN proxy servers may compromise the Router s security Denying Filter Proxy will disable access to any WAN proxy servers To enable proxy filtering click Enabled Filter Cookies A cookie is data stored on your PC and used by Internet sites when you interact with them To enable cookie filtering click Enabled Filter Java Applets Java is a programming language for websites If you deny ...

Страница 33: ...s the security The VPN tab allows you to configure your VPN settings to make your network more secure VPN Passthrough IPSec Passthrough Internet Protocol Security IPSec is a suite of protocols used to implement secure exchange of packets at the IP layer To allow IPSec Passthrough click the Enabled button To disable IPSec Passthrough click the Disabled button PPPoE Passthrough Point to Point Protoc...

Страница 34: ...d Any Subnet If you select Subnet which is also the default this will allow all computers on the local subnet to access the tunnel When using the Subnet setting the default values of 0 should remain in the last fields of the IP and Mask settings IP Address If you select IP Address only the computer with the specific IP Address that you enter will be able to access the tunnel IP Range If you select...

Страница 35: ... Encryption also helps make your connection more secure There are two different types of encryption DES or 3DES 3DES is recommended because it is more secure You may choose either of these but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel Or you may choose not to encrypt by selecting Disable Authentication Authentication acts as another ...

Страница 36: ... screen will show when a tunnel is active To connect a VPN tunnel click the Connect button The View Logs button when logging is enabled on the Log screen of the Administration tab will show you VPN activity on a separate screen The VPN Log screen displays successful connections transmissions and receptions and the types of encryption used For more advanced VPN options click the Advanced Setting bu...

Страница 37: ...eld you may optionally select to have the key expire at the end of a time period of your choosing Enter the number of seconds you d like the key to be used until a re key negotiation between each endpoint is completed Other Settings NetBIOS broadcast Check the box next to NetBIOS broadcast to enable NetBIOS traffic to pass through the VPN tunnel Anti replay Check the box next to Anti replay to ena...

Страница 38: ...your changes Days Times When will this policy be in effect On every day At certain times Select if you wish to Allow or Deny access during the times in this section Select the individual days or select Everyday Select 24 Hours or enter a range of hours in which the policy will be in effect Blocked Services To block specific port services such as POP3 SNMP etc select the service you wish to block f...

Страница 39: ...astly click the Save Settings button to activate the policy To Create an Inbound Traffic Policy 1 Enter a Policy Name in the field provided Select Inbound Traffic as the Policy Type 2 Enter the IP Address from which you want to block Select the Protocol TCP UDP or Both Enter the port number or select Any Enter the IP Address to which you want to block 3 Select Deny or Allow as appropriate 4 By sel...

Страница 40: ...e using Forwarding you should assign a static IP address to the designated PC If you need to forward all ports to one PC click the DMZ tab To add a server using Port Range Forwarding complete the following fields Application Enter the name of the application Start and End Enter the number or range of external port s used by the server or Internet application Check with the Internet application sof...

Страница 41: ...tart Port Enter the starting port number of the Triggered Range End Port Enter the ending port number of the Triggered Range Forwarded Range For each application list the forwarded port number range Check with the Internet application documentation for the port number s needed Start Port Enter the starting port number of the Forwarded Range End Port Enter the ending port number of the Forwarded Ra...

Страница 42: ...r Protocol A version of the TCP IP FTP protocol that has no directory or password capability Finger A UNIX command widely used on the Internet to find out information about a particular user such as a telephone number whether the user is currently logged on and the last time the user was logged on The person being fingered must have placed his or her profile on the system in order for the informat...

Страница 43: ... the server in the Ext Port column Check with the Internet application documentation for more information TCP or UDP Select the protocol UDP or TCP for each application You cannot select both protocols Int Port Enter the number of the internal port used by the server in the Int Port column Check with the Internet application software documentation for more information IP Address Enter the IP addre...

Страница 44: ...ecify an IP Address behind the DMZ Port If you have multiple PCs connected to Port 4 DMZ via a hub or switch you can specify which PC is the DMZ host To expose a computer with a specific IP address enter that computer s IP address in this field To get the IP address of a computer refer to Appendix G Finding the MAC Address and IP Address for Your Ethernet Adapter Specify a MAC Address behind the D...

Страница 45: ...er Access This feature allows you to access the Router from a remote location via the Internet Remote Administration This feature allows you to manage the Router from a remote location via the Internet To enable Remote Administration click the Enabled radio button Administration Port Enter the port number you will use to remotely access the Router SNMP The Router supports Simple Network Management...

Страница 46: ...is is the IP Address or full mail server name e g mail domain com of your mail server Email address for alert logs This is the email address where you would like the email alerts sent Return email address Your mail server may require a return email address Enter that here If you re unsure as to what address to enter enter the same email address for Email address for alert logs Log To access activi...

Страница 47: ...een 1 and 4 and should be entered here Ping Interval How long in milliseconds would you like the Router to wait between pings This number can be between 0 and 9999 milliseconds Ping Timeout How long should the Router wait before it times out after an unsuccessful test An unsuccessful test is determined when a location does not respond to a ping This number can be between 0 and 9999 milliseconds St...

Страница 48: ... Before upgrading the firmware download the Router s firmware upgrade file from the Linksys website www linksys com Then extract the file File Path In the field provided enter the name of the extracted firmware upgrade file or click the Browse button to find this file Upgrade After you have selected the appropriate file click the Upgrade button located at the bottom of the screen and follow the on...

Страница 49: ...n is displayed here Internet IP Address Your current IP address is shown here Subnet Mask and Default Gateway The Router s Subnet Mask and Default Gateway addresses are displayed here for DHCP and static IP connections DNS 1 3 Shown here is the DNS Domain Name System IP address currently used by the Router Current Time As selected from the Setup tab this will show the current time in your time zon...

Страница 50: ...own here DHCP Server If the Router is being utilized as a DHCP server will be displayed here DHCP Client Table Click the DHCP Clients Table button to view a list of PCs that have been assigned IP addresses by the Router The DHCP Active IP Table screen lists the DHCP Server IP Address Client Hostnames IP Addresses and MAC Addresses To delete a DHCP Client select the box beside their information and...

Страница 51: ... Click Start Settings and open the Control Panel Double click Network B In The following network components are installed box select the TCP IP associated with your Ethernet adapter If you only have one Ethernet adapter installed you will only see one TCP IP line with no association to an Ethernet adapter Highlight it and click the Properties button C In the TCP IP properties window select the IP ...

Страница 52: ...perties window I Restart the computer if asked The following instructions assume you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like previous Windows versions please follow the instructions for Windows 2000 A Click Start and select the Control Panel B Click the Network and Internet Connections icon and then select the Net...

Страница 53: ...f you cannot open a webpage try the ping command from a different computer to verify that your original computer is not the cause of the problem If you do NOT get a reply there may be a problem with the connection Try the ping command from a different computer to verify that your original computer is not the cause of the problem 3 I cannot get an Internet connection through the Router A Refer to P...

Страница 54: ...hange the Router s IP address to another subnet to avoid a conflict between the VPN IP address and your local IP address For example if your VPN server assigns an IP address 192 168 1 X X is a number from 1 to 254 and your network PC s IP address is 192 168 1 X X is the same number used in the VPN IP address the Router will have difficulties routing information to the right location If you change ...

Страница 55: ...hosting or use other Internet applications If you want to play online games or use Internet applications most will work without doing any port forwarding or DMZ hosting There may be cases when you want to host an online game or Internet application This would require you to set up the Router to deliver incoming packets or data to a specific computer This also applies to the Internet applications y...

Страница 56: ...cessfully use DMZ hosting since forwarding has priority over DMZ hosting In other words data that enters the Router will be checked first by the forwarding settings If the port number that the data enters from does not have port forwarding then the Router will send the data to whichever PC or network device you set for DMZ hosting Follow these steps to set DMZ hosting A Access the Router s Web bas...

Страница 57: ... the gateway for the Internet connection the computer does not need any proxy settings to gain access Please follow these directions to verify that you do not have any proxy settings and that the browser you use is set to connect directly to the network For Microsoft Internet Explorer 5 0 or higher A Click Start Settings and Control Panel Double click Internet Options B Click the Connections tab C...

Страница 58: ...ddress settings for the computer you are using IP Address 192 168 1 50 Subnet Mask 255 255 255 0 Gateway 192 168 1 1 C Perform the upgrade using the TFTP program or the Router s Web based Utility through Firmware Upgrade screen of the Administration tab 14 My DSL service s PPPoE is always disconnecting PPPoE is not actually a dedicated or always on connection The DSL ISP can disconnect the service...

Страница 59: ... asked The default password is admin C Click the Applications Gaming Port Triggering tab D Enter any name you want to use for the Application Name E Enter the Start and End Ports of the Triggered Port Range Check with your Internet application provider for more information on which outgoing port services it is using 17 When I enter a URL or IP address I get a time out error or am prompted to retry...

Страница 60: ...idely used network monitoring and control protocol For more information on SNMP see Appendix G SNMP Functions What is the maximum number of IP addresses that the Router will support The Router will support up to 253 IP addresses Does the Router support IPSec Pass Through Yes it is a built in feature that the Router automatically enables Where is the Router installed on the network In a typical env...

Страница 61: ...annot join What do I need to do If you have a dedicated Unreal Tournament server running you need to create a static IP for each of the network s computers and forward ports 7777 7778 7779 7780 7781 and 27900 to the IP address of the server You can also use a port forwarding range of 7777 27900 If you want to use the UT Server Admin forward another port 8080 usually works well but is used for remo...

Страница 62: ...ownloaded for free The Router s firmware can be upgraded with TFTP programs If the Router s Internet connection is working well there is no need to download a newer firmware version unless that version contains new features that you would like to use Downloading a more current version of Router firmware will not enhance the quality or speed of your Internet connection and may disrupt your current ...

Страница 63: ...er cross platform compatible Any platform that supports Ethernet and TCP IP is compatible with the Router How many ports can be simultaneously forwarded Theoretically the Router can establish 520 sessions at the same time but you can only forward 10 ranges of ports Does the Router replace a modem Is there a cable or DSL modem in the Router No this version of the Router must work in conjunction wit...

Страница 64: ...er s firmware follow these instructions 1 Download the Router s firmware upgrade file from the Linksys website www linksys com 2 Extract the file on your computer 3 Click the Administration tab and then the Firmware Upgrade tab of the Router s Web based Utility 4 On the Upgrade Firmware screen enter the location of the extracted firmware upgrade file or click the Browse button to find this file 5 ...

Страница 65: ...ct Run In the Open field enter winipcfg Then press the Enter key or the OK button 2 When the IP Configuration screen appears select the Ethernet adapter you have connected to the Router via a CAT 5 Ethernet network cable 3 Write down the Adapter Address as shown on your computer screen This is the MAC address for your Ethernet adapter and is shown as a series of numbers and letters The MAC address...

Страница 66: ...s what you will use for MAC address cloning or MAC filtering The example shows the Ethernet adapter s IP address as 192 168 1 100 Your computer may show something different For the Router s Web based Utility For MAC filtering enter the 12 digit MAC address in this format XXXXXXXXXXXX WITHOUT the hyphens For MAC address cloning enter the 12 digit MAC address in the MAC Address fields provided two d...

Страница 67: ...ommunicate over a wired or wireless network Your PCs will not be able to utilize networking without having TCP IP enabled Windows Help provides complete instructions on enabling TCP IP Shared Resources If you wish to share printers folders or files over your network Windows Help provides complete instructions on utilizing shared resources Network Neighborhood My Network Places Other PCs on your ne...

Страница 68: ...FS Perfect Forward Secrecy not only are the IP headers encrypted but the secret keys used to secure the tunnel are encrypted as well All of this protection actually comes at a lower cost than most VPN endpoint software packages The VPN Router will allow the users on your network to secure their data over the Internet without having to purchase the extra client licenses that other VPN hardware manu...

Страница 69: ...S encryption and SHA authentication whenever possible 5 Manage your pre shared keys Change pre shared keys regularly Data transmission over the Internet is a hole in network security that is often overlooked With VPN maximized along with the use of a firewall router and wireless security you can secure your data even when it leaves your network ...

Страница 70: ... asp Microsoft KB Q257225 Basic IPSec Troubleshooting in Windows 2000 http support microsoft com support kb articles Q257 2 25 asp Environment The IP addresses and other specifics mentioned in this appendix are for illustration purposes only Windows 2000 or Windows XP IP Address 140 111 1 2 User ISP provides IP Address this is only an example Subnet Mask 255 255 255 0 WAG54G WAN IP Address 140 111...

Страница 71: ...xt button 5 Click the Finish button making sure the Edit check box is checked Step 2 Build Filter Lists Filter List 1 win Router 1 In the new policy s properties screen verify that the Rules tab is selected as shown in Figure F 2 Deselect the Use Add Wizard check box and click the Add button to create a new rule 2 Make sure the IP Filter List tab is selected and click the Add button See Figure F 3...

Страница 72: ...d Subnet mask 255 255 255 0 These are the Router s default settings If you have changed these settings enter your new values 4 If you want to enter a description for your filter click the Description tab and enter the description there 5 Click the OK button Then click the OK or Close button on the IP Filter List window Filter List 2 Router win 6 The New Rule Properties screen will appear as shown ...

Страница 73: ... specific IP Subnet and enter the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 Enter your new values if you have changed the default settings In the Destination address field select My IP Address 9 If you want to enter a description for your filter click the Description tab and enter the description there 10 Click the OK or Close button and the New Rule Properties screen should appear with...

Страница 74: ... Router 2 Click the Filter Action tab as in Figure F 11 and click the filter action Require Security radio button Then click the Edit button 3 From the Security Methods tab shown in Figure F 12 verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK butt...

Страница 75: ...on 5 Change the authentication method to Use this string to protect the key exchange preshared key as shown in Figure F 14 and enter the preshared key string such as XYZ12345 Click the OK button 6 This new Preshared key will be displayed in Figure F 15 Click the Apply button to continue if it appears on your screen otherwise proceed to the next step Figure F 13 Authentication Methods Figure F 14 P...

Страница 76: ... enter the Router s WAN IP Address 8 Select the Connection Type tab as shown in Figure F 17 and click All network connections Then click the OK or Close button to finish this rule Tunnel 2 Router win 9 In the new policy s properties screen shown in Figure F 18 make sure that win Router is selected and deselect the Use Add Wizard check box Then click the Add button to create the second IP filter Fi...

Страница 77: ... F 20 Then click the Edit button From the Security Methods tab shown in Figure F 12 verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK button 12 Click the Authentication Methods tab and verify that the authentication method Kerberos is selected as s...

Страница 78: ... is a sample key string Yours should be a key that is unique but easy to remember Then click the OK button 14 This new Preshared key will be displayed in Figure F 23 Click the Apply button to continue if it appears on your screen otherwise proceed to the next step 15 Click the Tunnel Setting tab shown in Figure F 24 click the radio button for The tunnel endpoint is specified by this IP Address and...

Страница 79: ... connections Then click the OK or Close button to finish 17 From the Rules tab shown in Figure F 26 click the OK or Close button to return to the secpol screen Step 4 Assign New IPSec Policy In the IP Security Policies on Local Computer window shown in Figure F 27 right click the policy named to_Router and click Assign A green arrow appears in the folder icon Figure F 25 Connection Type Figure F 2...

Страница 80: ...urity Router fields 7 Select fromtwo different types of encryption DES or 3DES 3DES is recommended because it is more secure You may choose either of these but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel Or you may choose not to encrypt by selecting Disable 8 Select from two types of authentication MD5 and SHA SHA is recommended becaus...

Страница 81: ...N Router to the workstation console used to oversee the network The Router then returns information contained in a MIB Management Information Base which is a data structure that defines what is obtainable from the device and what can be controlled turned off on etc SNMP functions such as statistics configuration and device information are not available without third party Management Software The R...

Страница 82: ... A device that connects a computer to the cable television network which in turn connects to the Internet DDNS Dynamic Domain Name System Allows the hosting of a website FTP server or e mail server with a fixed domain name e g www xyz com and a dynamic IP address DHCP Dynamic Host Configuration Protocol A networking protocol that allows administrators to assign temporary IP addresses to network co...

Страница 83: ...nects networks with different incompatible communications protocols Hardware The physical aspect of computers telecommunications and other information technology devices HTTP HyperText Transport Protocol The communications protocol used to connect to servers on the World Wide Web IEEE The Institute of Electrical and Electronics Engineers An independent institute that develops networking standards ...

Страница 84: ... Protocol 3 A standard mail server commonly used on the Internet Port The connection point on a computer or networking device used for plugging in cables or adapters PPPoE Point to Point Protocol over Ethernet A type of broadband connection that provides authentication username and password in addition to data transport PPTP Point to Point Tunneling Protocol A VPN protocol that allows the Point to...

Страница 85: ...municate over a network Telnet A user command and TCP IP protocol used for accessing remote PCs TFTP Trivial File Transfer Protocol A version of the TCP IP FTP protocol that has no directory or password capability Throughput The amount of data moved successfully from one node to another in a given time period UDP User Datagram Protocol A network protocol for transmitting data that does not require...

Страница 86: ...s One Power Port Buttons Reset Cabling Type UTP Category 5 or better LEDs Power DMZ Ethernet Internet Dimensions 7 32 x 1 88 x 6 06 186 mm x 48 mm x 154 mm Unit Weight 13 40 oz 0 38 kg Power External 12V DC 1000mA Certifications FCC Class B CE Mark VCCI Operating Temp 0ºC to 40ºC 32ºF to 104ºF Storage Temp 20ºC to 70ºC 4ºF to 158ºF Operating Humidity 0 to 85 Non Condensing Storage Humidity 5 to 90...

Страница 87: ... REPRESENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF NON INFRINGEMENT ARE DISCLAIMED Some jurisdictions do not allow limitations on how long an implied warranty lasts so the above limitation may not apply to You This warranty gives You specific legal rights and You may also have other rights which vary by jurisdiction This warranty does not apply if the Product a has been altered exce...

Страница 88: ...ce by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment or devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an experienced radio TV technician for assistance FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled env...

Страница 89: ...ore about networking with Linksys products Give our advice line a call at 800 546 5797 LINKSYS Or fax your request in to 949 261 8868 If you experience problems with any Linksys product you can call us at 800 326 7114 Don t wish to call You can e mail us at support linksys com If any Linksys product proves defective during its warranty period you can call the Linksys Return Merchandise Authorizati...

Отзывы:

Нет отзывов

Похожие инструкции для BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router

D-Link AirPlus DWL-810 Owner'S Manual preview
AirPlus DWL-810
Бренд: D-Link Страницы: 25
Cabletron Systems Netlink FRX8000 Installation And Setup Manual preview
Netlink FRX8000
Бренд: Cabletron Systems Страницы: 94
Cabletron Systems MMAC-Plus 9E423-24 Reference Manual preview
MMAC-Plus 9E423-24
Бренд: Cabletron Systems Страницы: 10
Cabletron Systems MMAC-Plus 9A128-01 Management Manual preview
MMAC-Plus 9A128-01
Бренд: Cabletron Systems Страницы: 22
Cabletron Systems Spectrum EMM-E6 Addendum Manual preview
Spectrum EMM-E6
Бренд: Cabletron Systems Страницы: 2
Cabletron Systems SmartSTACK ELS100-24TXG Installation And User Manual preview
SmartSTACK ELS100-24TXG
Бренд: Cabletron Systems Страницы: 112
Cabletron Systems ESX-1380 Management Manual preview
ESX-1380
Бренд: Cabletron Systems Страницы: 86
Cabletron Systems DLM6C-AA Overview And Setup Manual preview
DLM6C-AA
Бренд: Cabletron Systems Страницы: 54
Cabletron Systems Cabletron BRIM-F6 User Manual preview
Cabletron BRIM-F6
Бренд: Cabletron Systems Страницы: 43
Cabletron Systems Netlink FRX4000 Maintenance Manual preview
Netlink FRX4000
Бренд: Cabletron Systems Страницы: 60
Cabletron Systems CSX200 CyberSWITCH Setup Manual preview
CSX200 CyberSWITCH
Бренд: Cabletron Systems Страницы: 2
Cabletron Systems 9E132-15 Appendix preview
9E132-15
Бренд: Cabletron Systems Страницы: 8
Cabletron Systems TRXI-22 Addendum preview
TRXI-22
Бренд: Cabletron Systems Страницы: 4
Datasheen D902AC User Manual preview
D902AC
Бренд: Datasheen Страницы: 25
Tripp Lite N125-010-GY Specification Sheet preview
N125-010-GY
Бренд: Tripp Lite Страницы: 2
iDirect iQ Desktop+ Installation, Support, And Maintenance Manual preview
iQ Desktop+
Бренд: iDirect Страницы: 52
Stephen STES2026 Configuration Manual Manual preview
STES2026
Бренд: Stephen Страницы: 102
Lanner ICS-P570 User Manual preview
ICS-P570
Бренд: Lanner Страницы: 63

Бренды по названию

Популярные бренды

Загрузить еще бренды