SL1000
Table of contents
Loading...Asus SL1000 User Manual
Internet Security
Router
User’s Manual
Revision 1.1
Oct. 30, 2003
Copyright Information
No part of this manual, including the products and software described in it, may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language in any form or by any means, except
documentation kept by the purchaser for backup purposes, without the express written permission of
ASUSTeK COMPUTER INC. (“ASUS”).
ASUS PROVIDES THIS MANUAL “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL ASUS, ITS
DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE FOR ANY INDIRECT, SPECIAL,
INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, LOSS
OF BUSINESS, LOSS OF USE OR DATA, INTERRUPTION OF BUSINESS AND THE LIKE), EVEN IF
ASUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES ARISING FROM ANY DEFECT
OR ERROR IN THIS MANUAL OR PRODUCT.
Product warranty or service will not be extended if: (1) the product is repaired, modified or altered, unless such
repair, modification of alteration is authorized in writing by ASUS; or (2) the serial number of the product is
defaced or missing.
Products and corporate names appearing in this manual may or may not be registered trademarks or
copyrights of their respective companies, and are used only for identification or explanation and to the owners’
benefit, without intent to infringe.
SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR
INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND
SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ASUS. ASUS ASSUMES NO RESPONSIBILITY
OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL,
INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
Copyright © 2003 ASUSTeK COMPUTER INC. All Rights Reserved.
ii
Table of Contents
1 Introduction...............................................1
1.1 Features..................................................................................................................1
1.2 System Requirements............................................................................................1
1.3 Using this Document..............................................................................................1
1.3.1 Notational conventions................................................................................1
1.3.2 Typographical conventions.........................................................................1
1.3.3 Special messages........................................................................................1
2 Getting to Know the Internet Security
Router.......................................................3
2.1 Parts List.................................................................................................................3
2.2 Front Panel..............................................................................................................3
2.3 Rear Panel..............................................................................................................3
2.4 Major Features........................................................................................................4
2.4.1 Firewall Features.........................................................................................4
2.4.1.1 Address Sharing and Management...............................................4
2.4.1.1 ACL (Access Control List)..............................................................5
2.4.1.2 Stateful Packet Inspection..............................................................5
2.4.1.3 Defense against DoS Attacks........................................................5
2.4.1.4 Application Command Filtering......................................................6
2.4.1.5 Application Level Gateway (ALG)..................................................6
2.4.1.6 URL Filtering....................................................................................6
2.4.1.7 Log and Alerts.................................................................................6
2.4.1.8 Remote Access...............................................................................7
2.4.2 VPN...............................................................................................................7
3 Quick Start Guide.....................................9
3.1 Part 1 — Connecting the Hardware......................................................................9
3.1.1 Step 1. Connect an ADSL or a cable modem...........................................9
3.1.2 Step 2. Connect computers or a LAN........................................................9
3.1.3 Step 3. Attach the power adapter...............................................................9
iii
3.1.4 Step 4. Turn on the Internet Security Router, the ADSL or cable modem
and power up your computers..................................................................10
3.2 Part 2 — Configuring Your Computers...............................................................11
3.2.1 Before you begin........................................................................................11
3.2.2 Windows® XP PCs:...................................................................................11
3.2.3 Windows® 2000 PCs:...............................................................................11
3.2.4 Windows® 95, 98, and Me PCs...............................................................12
3.2.5 Windows® NT 4.0 workstations:...............................................................12
3.2.6 Assigning static IP addresses to your PCs..............................................13
3.3 Part 3 — Quick Configuration of the Internet Security Router..........................14
3.3.1 Buttons Used in Setup Wizard..................................................................14
3.3.2 Setting Up the Internet Security Router....................................................14
3.3.3 Testing Your Setup....................................................................................20
3.3.4 Default Router Settings.............................................................................20
4 Getting Started with the Configuration
Manager.................................................21
4.1 Log into Configuration Manager..........................................................................21
4.2 Functional Layout.................................................................................................22
4.2.1 Setup Menu Navigation Tips.....................................................................22
4.2.2 Commonly Used Buttons and Icons.........................................................22
4.3 The Home Page of Configuration Manager.......................................................23
4.4 Overview of System Configuration......................................................................23
5 Configuring LAN Settings......................25
5.1 LAN IP Address....................................................................................................25
5.1.1 LAN IP Configuration Parameters............................................................25
5.1.2 Configuring the LAN IP Address...............................................................25
5.2 DHCP (Dynamic Host Control Protocol).............................................................26
5.2.1 What is DHCP?..........................................................................................26
5.2.2 Why use DHCP?........................................................................................27
5.2.3 Configuring DHCP Server.........................................................................27
5.2.4 Viewing Current DHCP Address Assignments........................................28
iv
5.3 DNS.......................................................................................................................29
5.3.1 About DNS.................................................................................................29
5.3.2 Assigning DNS Addresses........................................................................29
5.3.3 Configuring DNS Relay.............................................................................29
5.4 Viewing LAN Statistics.........................................................................................30
6 Configuring WAN Settings.....................31
6.1 WAN Connection Mode.......................................................................................31
6.2 PPPoE...................................................................................................................31
6.2.1 WAN PPPoE Configuration Parameters..................................................31
6.2.2 Configuring PPPoE for WAN....................................................................32
6.3 Dynamic IP............................................................................................................32
6.3.1 WAN Dynamic IP Configuration Parameters...........................................32
6.3.2 Configuring Dynamic IP for WAN.............................................................33
6.4 Static IP.................................................................................................................34
6.4.1 WAN Static IP Configuration Parameters................................................34
6.4.2 Configuring Static IP for WAN...................................................................34
6.5 Viewing WAN Statistics........................................................................................35
7 Configuring Routes................................37
7.1 Overview of IP Routes.........................................................................................37
7.1.1 Do I need to define IP routes?..................................................................37
7.2 Dynamic Routing using RIP (Routing Information Protocol).............................38
7.2.1 Enabling/Disabling RIP..............................................................................38
7.3 Static Routing........................................................................................................38
7.3.1 Static Route Configuration Parameters....................................................38
7.3.2 Adding Static Routes.................................................................................38
7.3.3 Deleting Static Routes...............................................................................38
7.3.4 Viewing the Static Routing Table..............................................................39
8 Configuring DDNS..................................41
8.1 DDNS Configuration Parameters........................................................................42
8.2 Access DDNS Configuration Page.....................................................................43
8.3 Configuring RFC-2136 DDNS Client..................................................................43
8.4 Configuring HTTP DDNS Client..........................................................................44
v
9 Configuring Firewall/NAT Settings.........45
9.1 Firewall Overview.................................................................................................45
9.1.1 Stateful Packet Inspection.........................................................................45
9.1.2 DoS (Denial of Service) Protection...........................................................45
9.1.3 Firewall and Access Control List (ACL)....................................................45
9.1.3.1 Priority Order of ACL Rule............................................................45
9.1.3.2 Tracking Connection State...........................................................46
9.1.4 Default ACL Rules.....................................................................................46
9.2 NAT Overview.......................................................................................................46
9.2.1 Static (One to One) NAT...........................................................................46
9.2.2 Dynamic NAT.............................................................................................47
9.2.3 NAPT (Network Address and Port Translation) or PAT (Port Address
Translation).................................................................................................48
9.2.4 Reverse Static NAT...................................................................................49
9.2.5 Reverse NAPT / Virtual Server.................................................................49
9.3 Configuring Inbound ACL Rules..........................................................................49
9.3.1 Inbound ACL Rule Configuration Parameters.........................................49
9.3.2 Access Inbound ACL Rule Configuration Page – (Firewall è Inbound
ACL)............................................................................................................52
9.3.3 Add Inbound ACL Rules............................................................................52
9.3.4 Modify Inbound ACL Rules.......................................................................53
9.3.5 Delete Inbound ACL Rules.......................................................................53
9.3.6 Display Inbound ACL Rules......................................................................53
9.4 Configuring Outbound ACL Rules.......................................................................53
9.4.1 Outbound ACL Rule Configuration Parameters......................................54
9.4.2 Access Outbound ACL Rule Configuration Page – (Firewall è
Outbound ACL)..........................................................................................56
9.4.3 Add an Outbound ACL Rule.....................................................................57
9.4.4 Modify Outbound ACL Rules....................................................................57
9.4.5 Delete Outbound ACL Rules....................................................................58
9.4.6 Display Outbound ACL Rules...................................................................58
9.5 Configuring URL Filters........................................................................................58
9.5.1 URL Filter Configuration Parameters.......................................................58
9.5.2 Access URL Filter Configuration Page – (Firewall è URL Filter)..........58
9.5.3 Add an URL Filter Rule..............................................................................59
vi
9.5.4 Modify an URL Filter Rule.........................................................................59
9.5.5 Delete an URL Filter Rule.........................................................................59
9.5.6 View Configured URL Filter Rules............................................................59
9.5.7 URL Filter Rule Example...........................................................................59
9.6 Configuring Advanced Firewall Features – (Firewall è Advanced).................60
9.6.1 Configuring Self Access Rules.................................................................60
9.6.1.1 Self Access Configuration Parameters........................................61
9.6.1.2 Access Self Access Rule Configuration Page – (Firewall è
Advanced è Self Access)............................................................61
9.6.1.3 Add a Self Access Rule................................................................61
9.6.1.4 Modify a Self Access Rule............................................................62
9.6.1.5 Delete a Self Access Rule............................................................62
9.6.1.6 View Configured Self Access Rules............................................62
9.6.2 Configuring Service List.............................................................................62
9.6.2.1 Service List Configuration Parameters........................................63
9.6.2.2 Access Service List Configuration Page – (Firewall è Advanced
è Service).....................................................................................63
9.6.2.3 Add a Service................................................................................63
9.6.2.4 Modify a Service............................................................................64
9.6.2.5 Delete a Service............................................................................64
9.6.2.6 View Configured Services............................................................64
9.6.3 Configuring DoS Settings..........................................................................64
9.6.3.1 DoS Protection Configuration Parameters..................................64
9.6.3.2 Access DoS Configuration Page – (Firewall è Advanced è
DoS)...............................................................................................66
9.6.3.3 Configuring DoS Settings.............................................................66
9.7 Firewall Policy List – (Firewall è Policy List).....................................................66
9.7.1 Configuring Application Filter....................................................................67
9.7.1.1 Application Filter Configuration Parameters................................67
9.7.1.2 Access Application Filter Configuration Page – (Firewall è
Policy List è Application Filter)....................................................68
9.7.1.3 Add an Application Filter...............................................................69
9.7.1.3.1 FTP Example: Add a FTP Filter Rule to Block FTP DELETE
Command......................................................................................69
9.7.1.3.2 HTTP Example: Add a HTTP Filter Rule to Block JAVA Applets
and Java Archives.........................................................................71
9.7.1.4 Modify an Application Filter..........................................................72
9.7.1.5 Delete an Application Filter...........................................................73
9.7.2 Configuring IP Pool....................................................................................73
9.7.2.1 IP Pool Configuration Parameters...............................................73
vii
9.7.2.2 Access IP Pool Configuration Page – (Firewall è Policy List è
IP Pool)..........................................................................................74
9.7.2.3 Add an IP Pool..............................................................................74
9.7.2.4 Modify an IP Pool..........................................................................74
9.7.2.5 Delete an IP Pool..........................................................................75
9.7.2.6 IP Pool Example............................................................................75
9.7.3 Configuring NAT Pool................................................................................76
9.7.3.1 NAT Pool Configuration Parameters...........................................76
9.7.3.2 Access NAT Pool Configuration Page – (Firewall è Policy List
è NAT Pool).................................................................................77
9.7.3.3 Add a NAT Pool.............................................................................78
9.7.3.4 Modify a NAT Pool........................................................................78
9.7.3.5 Delete a NAT Pool........................................................................78
9.7.3.6 NAT Pool Example........................................................................78
9.7.4 Configuring Time Range...........................................................................80
9.7.4.1 Time Range Configuration Parameters.......................................80
9.7.4.2 Access Time Range Configuration Page – (Firewall è Policy
List è Time Range)......................................................................81
9.7.4.3 Add a Time Range........................................................................81
9.7.4.4 Modify a Time Range....................................................................81
9.7.4.5 Delete a Time Range....................................................................82
9.7.4.6 Delete a Schedule in a Time Range............................................82
9.7.4.7 Time Range Example...................................................................82
9.8 Firewall Statistics – Firewall è Statistics...........................................................83
10 Configuring VPN....................................85
10.1 Default Parameters..............................................................................................85
10.2 VPN Tunnel Configuration Parameters..............................................................87
10.3 Establish VPN Connection Using Automatic Keying.........................................90
10.3.1 Add a Rule for VPN Connection Using Pre-shared Key.........................91
10.3.2 Modify VPN Rules......................................................................................92
10.3.3 Delete VPN Rules......................................................................................92
10.3.4 Display VPN Rules....................................................................................92
10.4 Establish VPN Connection Using Manual Keys.................................................93
viii
10.4.1 Add a Rule for VPN Connection Using Manual Key...............................93
10.4.2 Modify VPN Rules......................................................................................94
10.4.3 Delete VPN Rules......................................................................................94
10.4.4 Display VPN Rules....................................................................................94
10.5 VPN Statistics.......................................................................................................95
10.6 VPN Connection Examples.................................................................................96
10.6.1 Intranet Scenario – firewall + VPN and no NAT for VPN traffic..............96
10.6.1.1 Configure Rules on Internet Security Router 1 (ISR1)...............97
10.6.1.2 Configure Rules on Internet Security Router 2 (ISR2)...............98
10.6.1.3 Establish Tunnel and Verify........................................................100
10.6.2 Extranet Scenario – firewall + static NAT + VPN for VPN traffic..........100
10.6.2.1 Setup the Internet Security Routers...........................................101
10.6.2.2 Configure VPN Rules on ISR1...................................................102
10.6.2.3 Configure VPN Rules on ISR2...................................................104
10.6.2.4 Establish Tunnel and Verify........................................................107
11 Configuring Remote Access................109
11.1 Remote Access..................................................................................................109
11.2 Manage User Groups and Users......................................................................109
11.2.1 User Group Configuration Parameters...................................................109
11.2.2 Access User Group Configuration Page – (Remote Access è User
Group).......................................................................................................110
11.2.3 Add a User Group and/or a User............................................................110
11.2.4 Modify a User Group or a User...............................................................111
11.2.5 Delete a User Group or a User...............................................................111
11.2.6 User Group and Users Configuration Example.....................................112
11.3 Configure Group ACL Rules..............................................................................112
11.3.1 Group ACL Specific Configuration Parameters.....................................112
11.3.2 Access Group ACL Configuration Page – (Remote Access è Group
ACL)..........................................................................................................113
11.3.3 Add/Modify/Delete Group ACL Rules.....................................................113
11.4 Remote User Login Process.............................................................................113
11.5 Configure Firewall for Remote Access.............................................................115
11.6 Virtual IP Address Configuration for Remote Access VPN.............................116
11.6.1 Access VPN Virtual IP Configuration Page – (Remote Access è VPN
Virtual IP)..................................................................................................116
11.6.2 Assign VPN Virtual IP Address for Remote Access Users...................116
11.6.3 Change Virtual IP Assignments for Remote Access Users..................117
11.6.4 Delete Virtual IP Address for Remote Access Users............................117
11.7 Configure VPN for Remote Access..................................................................118
ix
11.7.1 Main Mode Remote Access....................................................................118
11.7.2 Aggressive Mode Remote Access.........................................................120
12 System Management...........................123
12.1 Configure System Services...............................................................................123
12.2 Change the Login Password.............................................................................124
12.3 Modify System Information................................................................................124
12.4 Setup Date and Time.........................................................................................125
12.4.1 View the System Date and Time............................................................126
12.5 System Configuration Management.................................................................126
12.5.1 Reset System Configuration...................................................................126
12.5.2 Backup System Configuration................................................................127
12.5.3 Restore System Configuration................................................................127
12.6 Upgrade Firmware..............................................................................................128
12.7 Reset the Internet Security Router....................................................................129
12.8 Logout Configuration Manager..........................................................................130
13 ALG Configuration................................131
14 IP Addresses, Network Masks, and
Subnets................................................135
14.1 IP Addresses......................................................................................................135
14.1.1 Structure of an IP address.......................................................................135
14.2 Network classes.................................................................................................135
14.3 Subnet masks.....................................................................................................136
15 Troubleshooting....................................139
15.1 Diagnosing Problem using IP Utilities...............................................................140
15.1.1 ping...........................................................................................................140
15.1.2 nslookup...................................................................................................141
16 Glossary...............................................143
x
17 Index.....................................................149
List of Figures
Figure 2.1. Front Panel LEDs.....................................................................................................................................3
Figure 2.2. Rear Panel Connections..........................................................................................................................3
Figure 3.1. Overview of Hardware Connections.....................................................................................................10
Figure 3.2. Login Screen...........................................................................................................................................14
Figure 3.3. Setup Wizard Home Page.....................................................................................................................15
Figure 3.4. Setup Wizard – Password Configuration Page....................................................................................15
Figure 3.5. Setup Wizard – System Identity Configuration Page..........................................................................16
Figure 3.6. Setup Wizard – Date/Time Configuration Page...................................................................................16
Figure 3.7. Setup Wizard – LAN IP Configuration Page........................................................................................17
Figure 3.8. Setup Wizard – DHCP Server Configuration Page.............................................................................17
Figure 3.9. Setup Wizard – WAN PPPoE Configuration Page..............................................................................18
Figure 3.10. Setup Wizard – WAN Dynamic IP Configuration Page.....................................................................18
Figure 3.11. Setup Wizard – WAN Static IP Configuration Page..........................................................................19
Figure 4.1. Configuration Manager Login Screen...................................................................................................21
Figure 4.2. Typical Configuration Manager Page...................................................................................................22
Figure 4.3. Setup Wizard Home Page.....................................................................................................................23
Figure 4.4. System Information Page......................................................................................................................24
Figure 5.1. LAN IP Address Configuration Page....................................................................................................26
Figure 5.2. DHCP Configuration Page....................................................................................................................27
Figure 5.3. LAN Statistics Page...............................................................................................................................30
Figure 6.1. WAN PPPoE Configuration Page.........................................................................................................31
Figure 6.2. WAN Dynamic IP (DHCP client) Configuration Page..........................................................................33
Figure 6.3. WAN Static IP Configuration Page.......................................................................................................34
Figure 6.4. WAN Statistics Page..............................................................................................................................35
Figure 7.1. Routing Configuration Page.................................................................................................................37
Figure 8.1. Network Diagram for RFC-2136 DDNS...............................................................................................41
Figure 8.2. Network Diagram for HTTP DDNS.......................................................................................................42
Figure 8.3. RFC-2136 DDNS Configuration Page..................................................................................................43
Figure 8.4. HTTP DDNS Configuration Page.........................................................................................................44
Figure 9.1 Static NAT – Mapping Four Private IP Addresses to Four Globally Valid IP Addresses...................47
Figure 9.2 Dynamic NAT – Four Private IP addresses Mapped to Three Valid IP Addresses...........................47
Figure 9.3 Dynamic NAT – PC-A can get an NAT association after PC-B is disconnected................................47
xi
Figure 9.4 NAPT – Map Any Internal PCs to a Single Global IP Address............................................................48
Figure 9.5 Reverse Static NAT – Map a Global IP Address to An Internal PC....................................................48
Figure 9.6 Reverse NAPT – Relayed Incoming Packets to the Internal Host Base on the Protocol, Port
Number or IP Address......................................................................................................................................48
Figure 9.7. Inbound ACL Configuration Page.........................................................................................................49
Figure 9.8. Inbound ACL configuration example....................................................................................................52
Figure 9.9. Outbound ACL Configuration Page......................................................................................................54
Figure 9.10. Outbound ACL Configuration Example..............................................................................................57
Figure 9.11. URL Filter Configuration Page............................................................................................................59
Figure 9.12. URL Filter Rule Example.....................................................................................................................60
Figure 9.13. Self Access Rule Configuration Page.................................................................................................61
Figure 9.14. Service List Configuration Page..........................................................................................................63
Figure 9.15. DoS Configuration Page......................................................................................................................66
Figure 9.16. Application Filter Configuration Page.................................................................................................69
Figure 9.17 Network Diagram for FTP Filter Example – Blocking FTP Delete Command..................................69
Figure 9.18. FTP Filter Example – Configuring FTP Filter Rule............................................................................70
Figure 9.19 FTP Filter Example – Firewall Configuration Assistant......................................................................70
Figure 9.20 FTP Filter Example – Add an FTP Filter to Deny FTP Delete Command........................................70
Figure 9.21. FTP Filter Example – Associate FTP Filter Rule to an ACL Rule....................................................71
Figure 9.22. HTTP Filter Example – Configuring HTTP Filter Rule.......................................................................71
Figure 9.23. HTTP Filter Example – Associate HTTP Filter Rule to an ACL Rule...............................................72
Figure 9.24. Modify an Application Filter.................................................................................................................73
Figure 9.25 IP Pool Configuration Page..................................................................................................................74
Figure 9.26. Network Diagram for IP Pool Configuration.......................................................................................75
Figure 9.27. IP Pool Example – Add Two IP Pools – MISgroup1 and MISgroup2..............................................76
Figure 9.28. IP Pool Example – Deny QUAKE-II Connection for MISgroup1......................................................76
Figure 9.29. NAT Pool configuration page..............................................................................................................77
Figure 9.30. Network Diagram for NAT Pool Example...........................................................................................79
Figure 9.31. NAT Pool Example – Create a Static NAT Pool................................................................................79
Figure 9.32. NAT Pool Example – Associate a NAT Pool to an ACL Rule...........................................................80
Figure 9.33. Time Range Configuration Page........................................................................................................81
Figure 9.34. Time Range Example – Create a Time Range..................................................................................82
Figure 9.35. Time Range Example – Deny FTP Access for MISgroup1 During OfficeHours.............................82
Figure 9.36. Firewall active connections statistics..................................................................................................83
Figure 10.1. VPN Tunnel Configuration Page – Pre-shared Key Mode...............................................................91
Figure 10.2. VPN Tunnel Configuration Page – Manual Key Mode......................................................................93
Figure 10.3. VPN Statistics Page.............................................................................................................................96
xii
Figure 10.4. Typical Intranet Network Diagram......................................................................................................97
Figure 10.5. Intranet VPN Policy Configuration on ISR1........................................................................................98
Figure 10.6. Intranet VPN Policy Configuration on ISR2........................................................................................99
Figure 10.7. Typical Extranet Network Diagram...................................................................................................101
Figure 10.8. Extranet Example –VPN Policy Configuration on ISR1..................................................................102
Figure 10.9. Extranet Example – Outgoing NAT Pool Configuration on ISR1...................................................103
Figure 10.10. Extranet Example – Incoming NAT Pool Configuration on ISR1.................................................103
Figure 10.11. Extranet Example – Outbound ACL Rule on ISR1........................................................................104
Figure 10.12. Extranet Example – Inbound ACL Rule on ISR1...........................................................................104
Figure 10.13. Extranet Example –VPN Policy Configuration on ISR2................................................................105
Figure 10.14. Extranet Example – Outgoing NAT Pool Configuration on ISR2.................................................105
Figure 10.15. Extranet Example – Incoming NAT Pool Configuration on ISR2.................................................106
Figure 10.16. Extranet Example – Outbound ACL Rule on ISR2........................................................................106
Figure 10.17. Extranet Example – Inbound ACL Rule on ISR2...........................................................................107
Figure 11.1. User Group Configuration Page........................................................................................................110
Figure 11.2. User Group and Users Configuration Example...............................................................................112
Figure 11.3. Goup ACL Configuration Page.........................................................................................................113
Figure 11.4. Login Console.....................................................................................................................................114
Figure 11.5. Login Status Screen...........................................................................................................................114
Figure 11.6. Network Diagram for Inbound Remote Access...............................................................................114
Figure 11.7. User and User Group Configuration Example.................................................................................115
Figure 11.8. Group ACL Configuration Example..................................................................................................115
Figure 11.9. VPN Virtual IP Configuration Page...................................................................................................116
Figure 11.10. Network Diagram for VPN Remote Access...................................................................................117
Figure 11.11. Main Mode Remote Access Example – Create a User Group and Add Two Users into the Group
..........................................................................................................................................................................118
Figure 11.12. Main Mode Remote Access Example – Configure the Virtual IP address..................................119
Figure 11.13. Main Mode Remote Access Example – Remote VPN Connection Setup for “RoadWarrior”
Group................................................................................................................................................................119
Figure 11.14. Aggressive Mode Remote Access Example – Create a User Group and Add Two Users into the
Group................................................................................................................................................................120
Figure 11.15. Aggressive Mode Remote Access Example – Configure the Virtual IP address........................120
Figure 11.16. Aggressive Mode Remote Access Example – Remote VPN Connection Setup for “RoadWarrior”
Group................................................................................................................................................................121
Figure 12.1. System Services Configuration Page...............................................................................................123
Figure 12.2. Password Configuration Page..........................................................................................................124
Figure 12.3. System Information Configuration Page...........................................................................................125
Figure 12.4. Date and Time Configuration Page..................................................................................................125
xiii
Figure 12.5. Default Setting Configuration Page..................................................................................................126
Figure 12.6. Backup System Configuration Page.................................................................................................127
Figure 12.7. Restore System Configuration Page................................................................................................128
Figure 12.8. Windows File Browser.......................................................................................................................128
Figure 12.9. Firmware Upgrade Page...................................................................................................................129
Figure 12.10. Configuration Manager Reset Page...............................................................................................129
Figure 12.11. Configuration Manager Logout Page.............................................................................................130
Figure 12.12. Confirmation for Closing Browser (IE)............................................................................................130
Figure 15.1. Using the ping Utility..........................................................................................................................141
Figure 15.2. Using the nslookup Utility..................................................................................................................142
List of Tables
Table 2.1. Front Panel Label and LEDs....................................................................................................................3
Table 2.2. Rear Panel Labels and LEDs...................................................................................................................4
Table 2.3. DoS Attacks...............................................................................................................................................5
Table 2.4. VPN Features of the Internet Security Router.........................................................................................7
Table 3.1. LED Indicators.........................................................................................................................................10
Table 3.2. Default Settings Summary......................................................................................................................20
Table 4.1. Description of Commonly Used Buttons and Icons..............................................................................22
Table 5.1. LAN IP Configuration Parameters..........................................................................................................25
Table 5.2. DHCP Configuration Parameters...........................................................................................................28
Table 5.3. DHCP Address Assignment...................................................................................................................28
Table 6.1. WAN PPPoE Configuration Parameters...............................................................................................32
Table 6.2. WAN Dynamic IP Configuration Parameters........................................................................................32
Table 6.3. WAN Static IP Configuration Parameters..............................................................................................34
Table 7.1. Static Route Configuration Parameters.................................................................................................38
Table 8.1. DDNS Configuration Parameters...........................................................................................................42
Table 9.1. Inbound ACL Rule Configuration Parameters.......................................................................................49
Table 9.2. Outbound ACL Rule Configuration Parameters....................................................................................54
Table 9.3. URL Filter Configuration Parameters.....................................................................................................58
Table 9.4. Self Access Configuration Parameters..................................................................................................61
Table 9.5. Service List configuration parameters....................................................................................................63
Table 9.6. DoS Protection Configuration Parameters............................................................................................64
Table 9.7. Application Filter Configuration Parameters..........................................................................................67
Table 9.8. IP Pool Configuration Parameters..........................................................................................................73
Table 9.9. NAT Pool Configuration Parameters......................................................................................................76
xiv
Table 9.10. Time Range Configuration Parameters...............................................................................................80
Table 10.1. Default Connections in the Internet Security Router...........................................................................85
Table 10.2. Pre-configured IKE proposals in the Internet Security Router...........................................................85
Table 10.3. Pre-configured IPSec proposals in the Internet Security Router.......................................................86
Table 10.4. VPNTtunnel Configuration Parameter.................................................................................................87
Table 10.5. VPN Statistics........................................................................................................................................95
Table 10.6. Outbound Un-translated Firewall Rule for VPN Packets on ISR1.....................................................98
Table 10.7. Inbound Un-translated Firewall Rule for VPN Packets on ISR1........................................................98
Table 10.8. Outbound Un-translated Firewall Rule for VPN Packets on ISR1.....................................................99
Table 10.9. Inbound Un-translated Firewall Rule for VPN Packets on ISR1......................................................100
Table 11.1. User Group Configuration Parameters..............................................................................................109
Table 11.2. Group ACL Specific Configuration Parameters................................................................................112
Table 13.1. Supported ALG....................................................................................................................................131
Table 14.1. IP Address structure............................................................................................................................135
xv
Internet Security Router User’s Manual Chapter 1. Introduction
1 Introduction
Congratulations on becoming the owner of the Internet Security Router. Your LAN (local area network) will
now be able to access the Internet using your high-speed broadband connection such as those with ADSL or
cable modem.
This User Manual will show you how to set up the Internet Security Router, and how to customize its
configuration to get the most out of this product.
1.1 Features
„ 10/100Base-T Ethernet router to provide Internet connectivity to all computers on your LAN
„ Firewall, NAT (Network Address Translation), and IPSec VPN functions to provide secure Internet
access for your LAN
„ Automatic network address assignment through DHCP Server
„ Services including IP route, DNS and DDNS configuration, RIP, and IP performance monitoring
„ Configuration program accessible via a web browser, such as Microsoft Internet Explorer 5.5,
Netscape 7.0.2 or later.
1.2 System Requirements
In order to use the Internet Security Router for Internet access, you must have the following:
„ ADSL or cable modem and the corresponding service up and running, with at least one public Internet
address assigned to your WAN
„ One or more computers each containing an Ethernet 10Base-T/100Base-T network interface card
(NIC)
„ (Optional) An Ethernet hub/switch, if you are connecting the device to more than four computers on an
Ethernet network.
„ For system configuration using the supplied web-based program: a web browser such as Internet
Explorer v5.5 or later.
1.3 Using this Document
1.3.1 Notational conventions
„ Acronyms are defined the first time they appear in text and in the glossary (Appendix 16).
„ For brevity, the Internet Security Router is sometimes referred to as “the router.”
„ The terms LAN and network are used interchangeably to refer to a group of Ethernet-connected
computers at one site.
1.3.2 Typographical conventions
„ Italics are used to identify terms that are defined in the glossary (Chapter 16).
„ Boldface type text is used for items you select from menus and drop-down lists, and text strings you
type when prompted by the program.
1.3.3 Special messages
This document uses the following icons to call your attention to specific instructions or explanations.
Chapter 1. Introduction Internet Security Router User’s Manual
Note
topic.
Explains terms or acronyms that may be unfamiliar to many
Provides clarification or non-essential information on the current
Definition
readers. These terms are also included in the Glossary.
Provides messages of high importance, including messages
relating to personal safety or system integrity.
WARNING
2
Internet Security Router User’s Manual Chapter 2. Getting to Know the Internet Security Router
2 Getting to Know the Internet Security Router
2.1 Parts List
In addition to this document, your Internet Security Router should come with the following:
„ The Internet Security Router
„ Power adapter
„ Ethernet cable (“straight -through” type)
„ Optional console port cable (RJ-45)
2.2 Front Panel
The front panel contains LED indicators that show the status of the unit.
Figure 2.1. Front Panel LEDs
Table 2.1. Front Panel Label and LEDs
Label Color Function
POWER green On: Unit is powered on
Off: Unit is powered off
ALARM green (For factory testing only)
WAN green On: WAN link established and active
Flashing: Data is transmitted via WAN connection
Off: No WAN link
LAN1 –
LAN4
green On: LAN link is established
Flashing: Data is transmitted via LAN connection
Off: No LAN link
2.3 Rear Panel
The rear panel contains the ports for the unit's data and power connections.
Figure 2.2. Rear Panel Connections
3
Chapter 2. Getting to Know the Internet Security Router Internet Security Router User’s Manual
Table 2.2. Rear Panel Labels and LEDs
Label Function
POWER Connects to the supplied power adapter
Reset Resets the device
CONSOLE RJ-45 serial port for console management
WAN Connects to your WAN device, such as ADSL or
P1 – P4 Connects the device to your PC's Ethernet port,
Switches the unit on and off
cable modem.
or to the uplink port on your LAN's hub/switch,
using the cable provided
2.4 Major Features
2.4.1 Firewall Features
The Firewall as implemented in the Internet Security Router provides the following features to protect your
network from being attacked and to prevent your network from being used as the springboard for attacks.
„ Address Sharing and Management
„ Packet Filtering
„ Stateful Packet Inspection
„ Defense against Denial of Service Attacks
„ Application Content Filtering
„ Log and Alert
„ Remote Access
„ Keyword based URL Filtering
2.4.1.1 Address Sharing and Management
The Internet Security Router Firewall provides NAT to share a single high-speed Internet connection and to
save the cost of multiple connections required for the hosts on the LAN segments connected to the Internet
Security Router. This feature conceals network address and prevents them from becoming public. It maps
unregistered IP addresses of hosts connected to the LAN with valid ones for Internet access. The Internet
Security Router Firewall also provides reverse NAT capability, which enables SOHO users to host various
services such as e-mail servers, web servers, etc. The NAT rules drive the translation mechanism at the NAT
router. The following types of NAT are supported by the Internet Security Router.
„ Static NAT – Maps an internal host address to a globally valid Internet address (one-to-one). All
packets are directly translated with the information contained in the map.
„ Dynamic NAT – Maps an internal host address dynamically to a globally valid Internet address (m-to-
n). The map usually contains a pool of internal IP addresses (m) and a pool of globally valid Internet IP
addresses (n) with m usually greater than n. Each internal IP address is mapped to one external IP
address on a first come first serve basis.
„ NAPT (Network Address and Port Translation) – Also called IP Masquerading. Maps many internal
hosts to only one globally valid Internet address. The map usually contains a pool of network ports to
be used for translation. Every packet is translated with the globally valid Internet address; the port
number is translated with a free pool from the pool of network ports.
4
Internet Security Router User’s Manual Chapter 2 Getting to Know the Internet Security Router
„ Reverse Static – This is inbound mapping that maps a globally valid Internet address to an internal
host address. All packets coming to that external address are relayed to the internal address. This is
useful when hosting services in an internal machine.
„ Reverse NAPT – Also called inbound mapping, port mapping, and virtual server. Any packet coming
to the router can be relayed to the internal host based on the protocol, port number or IP Address
specified in the rule. This is useful when multiple services are hosted on different internal machines.
Note
For a complete listing of all NAT ALGs supported, refer to
Appendix A “ALG Configuration” on.
2.4.1.1 ACL (Access Control List)
ACL rule is one of the basic building blocks for network security. Firewall monitors each individual packet,
decodes the header information of inbound and outbound traffic and then either blocks the packet from
passing or allows it to pass based on the contents of the source address, destination address, source port,
destination port, protocol and other criterion, e.g. application filter, time ranges, defined in the ACL rules.
ACL is a very appropriate measure for providing isolation of one subnet from another. It can be used as the
first line of defense in the network to block inbound packets of specific types from ever reaching the protected
network.
The Internet Security Router Firewall’s ACL methodology supports:
„ Filtering based on destination and source IP address, port number and protocol
„ Use of the wild card for composing filter rules
„ Filter Rule priorities
„ Time based filters
„ Application specific filters
„ User group based filters for remote access
2.4.1.2 Stateful Packet Inspection
The Internet Security Router Firewall uses “stateful packet inspection” that extracts state-related information
required for the security decision from the packet and maintains this information for evaluating subsequent
connection attempts. It has awareness of application and creates dynamic sessions that allow dynamic
connections so that no ports need to be opened other than the required ones. This provides a solution which is
highly secure and that offers scalability and extensibility.
2.4.1.3 Defense against DoS Attacks
The Internet Security Router Firewall has an Attack Defense Engine that protects internal networks from
known types of Internet attacks. It provides automatic protection from Denial of Service (DoS) attacks such as
SYN flooding, IP smurfing, LAND, Ping of Death and all re-assembly attacks. It can drop ICMP redirects and
IP loose/strict source routing packets. For example, the Internet Security Router Firewall provides protection
from “WinNuke”, a widely used program to remotely crash unprotected Windows systems in the Internet. The
Internet Security Router Firewall also provides protection from a variety of common Internet attacks such as IP
Spoofing, Ping of Death, Land Attack, Reassembly and SYN flooding.
The type of attack protections provided by the Internet Security Router are listed in Table 2.3.
Table 2.3. DoS Attacks
Type of Attack Name of Attacks
Re-assembly attacks
ICMP Attacks Ping of Death, Smurf, Twinge
Flooders
5
Bonk, Boink, Teardrop (New Tear),
Overdrop, Opentear, Syndrop, Jolt
Chapter 2. Getting to Know the Internet Security Router Internet Security Router User’s Manual
Flooder
Port Scans
TCP Attacks
Protection with PF Rules Echo-Chargen, Ascend Kill
Miscellaneous Attacks
TCP XMAS Scan, TCP Null Scan
TCP SYN Scan, TCP Stealth Scan
TCP sequence number prediction, TCP
out-of sequence attacks
IP Spoofing, LAND, Targa, Tentacle
MIME Flood, Winnuke, FTP Bounce, IP
unaligned time stamp attack
2.4.1.4 Application Command Filtering
The Internet Security Router Firewall allows network administrators to block, monitor, and report on network
users access to non-business and objectionable content. This high-performance content access control results
in increased productivity, lower bandwidth usage and reduced legal liability.
The Internet Security Router Firewall has the ability to handle active content filtering on certain application
protocols such as HTTP, FTP, SMTP and RPC.
„ HTTP – You can define HTTP extension based filtering schemes for blocking
„ ActiveX
„ Java Archive
„ Java Applets
„ Microsoft Archives
„ URLs based on file extensions.
„ FTP – allows you to define and enforce the file transfer policy for the site or group of users
„ SMTP – allows you to filter operations such as VRFY, EXPN, etc. which reveal excess information
about the recipient.
„ RPC – allows you to filter programs based on the assigned RPC program numbers.
2.4.1.5 Application Level Gateway (ALG)
Applications such as FTP, games etc., open connections dynamically based on the respective application
parameter. To go through the firewall on the Internet Security Router, packets pertaining to an application,
require a corresponding allow rule. In the absence of such rules, the packets will be dropped by the Internet
Security Router Firewall. As it is not feasible to create policies for numerous applications dynamically (at the
same time without compromising security), intelligence in the form of Application Level Gateways (ALG), is
built to parse packets for applications and open dynamic associations. The Internet Security Router Firewall
provides a number of ALGs for popular applications such as FTP, H.323, RTSP, Microsoft Games, SIP, etc.
2.4.1.6 URL Filtering
A set of keywords that should not appear in the URL (Uniform Resource Locator, e.g. www.yahoo.com) can be
defined. Any URL containing one or more of these keywords will be blocked. This is a policy independent
feature i.e. it cannot be associated to ACL rules. This feature can be independently enabled or disabled, but
works only if firewall is enabled.
2.4.1.7 Log and Alerts
Events in the network, that could be attempts to affect its security, are recorded in the Internet Security Router
System log file. Event details are recorded in WELF (WebTrends Enhanced Log Format ) format so that
statistical tools can be used to generate custom reports. The Internet Security Router Firewall can also forward
Syslog information to a Syslog server on a private network.
The Internet Security Router Firewall supports:
6
Internet Security Router User’s Manual Chapter 2 Getting to Know the Internet Security Router
, Aggressive Mode, Quick
„ Alerts sent to the administrator via e-mail.
„ Maintains at a minimum, log details such as, time of packet arrival, description of action taken by
Firewall and reason for action.
„ Supports the UNIX Syslog format.
„ Sends log report e-mails as scheduled by the network administrator or by default when the log file is
full.
„ All the messages are sent in the WELF format.
„ ICMP logging to show code and type.
2.4.1.8 Remote Access
The Internet Security Router Firewall allows the network administrator to segregate the user community into
Access Policies per group. A user can log in using the login page (Refer to “User Login Process ” on page 67).
After a user is authenticated successfully, the Internet Security Router Firewall dynamically activates the usergroup’s set of access policies.
These policies will subsequently be enforced until the user logs out of the session or until inactivity timeout
period has lapsed.
2.4.2 VPN
The introduction of broadband Internet access at an affordable price has attracted a large number of users to
use the Internet for business. Large-scale use of a very open public network such as, the Internet comes with a
lot of advantages and associated risks. These risks include the lack of confidentiality of data being sent and the
authenticity of the identities of the parties involved in the exchange of data. The VPN supported in the Internet
Security Router is intended to resolve these issues at an affordable price.
The VPN supported by the Internet Security Router is IPSec compliant. Packets sent via VPN are encrypted to
maintain privacy. The encrypted packets are then tunneled through a public network. As a result, tunnel
participants enjoy the same security features and facilities that are available only to members of private
networks at a reduced cost.
The following table lists the VPN features supported by the Internet Security Router:
Table 2.4. VPN Features of the Internet Security Router
Features
Transport Mode for Client-Client Connectivity
Tunnel Mode for Network-Network Connectivity
IP Fragmentation and Reassembly
IPSec Support
Hardware Encryption Algorithm DES, 3DES
Hardware Authentication Algorithm MD5, SHA-1
Transforms ESP, AH
Key Management IKE (Pre-shared key), Manual
Mode configuration for IKE
Main Mode
Mode
„ Site-to-Site VPN connection – Site-to-Site VPN connection is an alternative WAN infrastructure that is
7
used to connect branch offices, home offices, or business partners’ sites to all or portions of a
company’s network.
Chapter 2. Getting to Know the Internet Security Router Internet Security Router User’s Manual
„ Remote Access VPN – Corporations use VPN to establish secure, end-to-end private network
connections over a public networking infrastructure. VPN have become the logical solution for remote
access connectivity. Deploying a remote access VPN enables corporations to reduce communications
expenses by leveraging the local dial-up infrastructure of Internet Service Providers. At the same time,
VPNs allow mobile workers, telecommuters and day extenders to take advantage of broadband
connectivity.
8
Internet Security Router User’s Manual Chapter 3. Quick Start Guide
3 Quick Start Guide
This Quick Start Guide provides basic instructions for connecting the Internet Security Router to a computer or
a LAN and to the Internet.
„ Part 1 provides instructions to set up the hardware.
„ Part 2 describes how to configure Internet properties on your computer(s).
„ Part 3 shows you how to configure basic settings on the Internet Security Router to get your LAN
connected to the Internet.
After setting up and configuring the device, you can follow the instructions on page 20 to verify that it is working
properly.
This Quick Start Guide assumes that you have already established ADSL or cable modem service with your
Internet service provider (ISP). These instructions provide a basic configuration that should be compatible with
your home or small office network setup. Refer to the subsequent chapters for additional configuration
instructions.
3.1 Part 1 — Connecting the Hardware
In Part 1, you connect the device to an ADSL or a cable modem (which in turn is connected to a phone jack or
a cable outlet), the power outlet, and your computer or network.
Before you begin, turn the power off for all devices. These
include your computer(s), your LAN hub/switch (if applicable),
WARNING
Figure 3.1 illustrates the hardware connections. Please follow the steps that follow for specific instructions.
and the Internet Security Router.
3.1.1 Step 1. Connect an ADSL or a cable modem.
For the Internet Security Router: Connect one end of the Ethernet cable to the port labeled WAN on the rear
panel of the device. Connect the other end to the Ethernet port on the ADSL or cable modem.
3.1.2 Step 2. Connect computers or a LAN.
If your LAN has no more than 4 computers, you can use an Ethernet cable to connect computers directly to
the built-in switch on the device. Note that you should attach one end of the Ethernet cable to any of the port
labeled LAN1 – LAN4 on the rear panel of the device and connect the other end to the Ethernet port of a
computer.
If your LAN has more than 4 computers, you can attach one end of an Ethernet cable to a hub or a switch
(probably an uplink port; please refer to the hub or switch documentations for instructions) and the other to the
Ethernet switch port (labeled LAN1 – LAN4) on the Internet Security Router.
Note that either the crossover or straight-through Ethernet cable can be used to connect the built-in switch and
computers, hubs or switches as the built-in switch is smart enough to make connections with either type of
cables.
3.1.3 Step 3. Attach the power adapter.
Connect the AC power adapter to the POWER connector on the back of the device and plug in the adapter to
a wall outlet or a power strip.
9
Chapter 3. Quick Start Guide Internet Security Router User’s Manual
3.1.4 Step 4. Turn on the Internet Security Router, the ADSL or cable modem and power up your computers.
Press the Power switch on the rear panel of the Internet Security Router to the ON position. Turn on your
ADSL or cable modem. Turn on and boot up your computer(s) and any LAN devices such as hubs or switches.
Figure 3.1. Overview of Hardware Connections
You should verify that the LEDs are illuminated as indicated in Table 3.1.
Table 3.1. LED Indicators
This LED: ...should be:
POWER Solid green to indicate that the device is turned on. If this light
is not on, check if the power adapter is attached to the Internet
Security Router and if it is plugged into a power source.
LAN1 –
LAN4
Solid green to indicate that the device can communicate with
your LAN or flashing when the device is sending or receiving
data from your LAN computer.
WAN Solid green to indicate that the device has successfully
established a connection with your ISP or flashing when the
device is sending or receiving data from the Internet.
10
Internet Security Router User’s Manual Chapter 3. Quick Start Guide
If the LEDs illuminate as expected, the Internet Security Router hardware is working properly.
3.2 Part 2 — Configuring Your Computers
Part 2 of the Quick Start Guide provides instructions for configuring the Internet settings on your computers to
work with the Internet Security Router.
3.2.1 Before you begin
By default, the Internet Security Router automatically assigns all required Internet settings to your PCs. You
need only to configure the PCs to accept the information when it is assigned.
In some cases, you may want to configure network settings
manually to some or all of your computers rather than allow the
Note
„ If you have connected your PC via Ethernet to the Internet Security Router, follow the instructions that
correspond to the operating system installed on your PC.
Internet Security Router to do so. See “Assigning static IP
addresses to your PCs” in page 13 for instructions.
3.2.2 Windows[CT6]® XP PCs:
1. In the Windows task bar, click the <Start> button, and then click Control Panel.
2. Double-click the Network Connections icon.
3. In the LAN or High-Speed Internet window, right-click on icon corresponding to your network
interface card (NIC) and select Properties. (Often this icon is labeled Local Area Connection).
The Local Area Connection dialog box displays with a list of currently installed network items.
4. Ensure that the check box to the left of the item labeled Internet Protocol TCP/IP is checked, and
click <Properties> button.
5. In the Internet Protocol (TCP/IP) Properties dialog box, click the radio button labeled Obtain an
IP address automatically. Also click the radio button labeled Obtain DNS server address
automatically.
6. Click <OK> button twice to confirm your changes, and close the Control Panel.
3.2.3 Windows® 2000 PCs:
First, check for the IP protocol and, if necessary, install it:
1. In the Windows task bar, click the <Start> button, point to Settings, and then click Control Panel.
2. Double-click the Network and Dial-up Connections icon.
3. In the Network and Dial-up Connections window, right-click the Local Area Connection icon,
and then select Properties.
The Local Area Connection Properties dialog box displays a list of currently installed network
components. If the list includes Internet Protocol (TCP/IP), then the protocol has already been
enabled. Skip to step 10.
4. If Internet Protocol (TCP/IP) does not display as an installed component, click <Install> button.
5. In the Select Network Component Type dialog box, select Protocol, and then click <Add> button.
6. Select Internet Protocol (TCP/IP) in the Network Protocols list, and then click <OK> button.
11
Chapter 3. Quick Start Guide Internet Security Router User’s Manual
You may be prompted to install files from your Windows 2000 installation CD or other media. Follow
the instructions to install the files.
7. If prompted, click <OK> button to restart your computer with the new settings.
Next, configure the PCs to accept IP addresses assigned by the Internet Security Router:
8. In the Control Panel, double-click the Network and Dial-up Connections icon.
9. In Network and Dial-up Connections window, right-click the Local Area Connection icon, and
then select Properties.
10. In the Local Area Connection Properties dialog box, select Internet Protocol (TCP/IP), and then
click <Properties> button.
11. In the Internet Protocol (TCP/IP) Properties dialog box, click the radio button labeled Obtain an
IP address automatically. Also click the radio button labeled Obtain DNS server address
automatically.
12. Click <OK> button twice to confirm and save your changes, and then close the Control Panel.
3.2.4 Windows® 95, 98, and Me PCs
1. In the Windows task bar, click the <Start> button, point to Settings, and then click Control Panel.
2. Double-click the Network icon.
In the Network dialog box, look for an entry started w/ “TCP/IP ->” and the name of your network
adapter, and then click <Properties> button. You may have to scroll down the list to find this entry.
If the list includes such an entry, then the TCP/IP protocol has already been enabled. Skip to step 8.
3. If Internet Protocol (TCP/IP) does not display as an installed component, click <Add> button.
4. In the Select Network Component Type dialog box, select Protocol, and then click <Add> button.
5. Select Microsoft in the Manufacturers list box, and then click TCP/IP in the Network Protocols list,
box and then click <OK> button.
You may be prompted to install files from your Windows 95, 98 or Me installation CD or other media.
Follow the instructions to install the files.
6. If prompted, click <OK> button to restart your computer with the new settings.
Next, configure the PCs to accept IP information assigned by the Internet Security Router:
7. In the Control Panel, double-click the Network icon.
8. In the Network dialog box, select an entry started with “TCP/IP ->” and the name of your network
adapter, and then click <Properties> button.
9. In the TCP/IP Properties dialog box, click the radio button labeled Obtain an IP address
automatically.
10. In the TCP/IP Properties dialog box, click the “Default Gateway” tab. Enter 192.168.1.1 (the
default LAN port IP address of the Internet Security Router) in the “New gateway” address field
and click <Add> button to add the default gateway entry.
11. Click <OK> button twice to confirm and save your changes, and then close the Control Panel.
12. If prompted to restart your computer, click <OK> button to do so with the new settings.
3.2.5 Windows® NT 4.0 workstations:
First, check for the IP protocol and, if necessary, install it:
12
Internet Security Router User’s Manual Chapter 3. Quick Start Guide
1. In the Windows NT task bar, click the <Start> button, point to Settings, and then click Control
Panel.
2. In the Control Panel window, double click the Network icon.
3. In the Network dialog box, click the Protocols tab.
The Protocols tab displays a list of currently installed network protocols. If the list includes TCP/IP
Protocol, then the protocol has already been enabled. Skip to step 9.
4. If TCP/IP does not display as an installed component, click <Add> button.
5. In the Select Network Protocol dialog box, select TCP/IP, and then click <OK> button.
You may be prompted to install files from your Windows NT installation CD or other media. Follow
the instructions to install the files.
After all files are installed, a window displays to inform you that a TCP/IP service called DHCP can
be set up to dynamically assign IP information.
6. Click <Yes> button to continue, and then click <OK> button if prompted to restart your computer.
Next, configure the PCs to accept IP addresses assigned by the Internet Security Router:
7. Open the Control Panel window, and then double-click the Network icon.
8. In the Network dialog box, click the Protocols tab.
9. In the Protocols tab, select TCP/IP, and then click <Properties> button.
10. In the Microsoft TCP/IP Properties dialog box, click the radio button labeled Obtain an IP
address from a DHCP server.
11. Click <OK> button twice to confirm and save your changes, and then close the Control Panel.
3.2.6 Assigning static IP addresses to your PCs
In some cases, you may want to assign IP addresses to some or all of your PCs directly (often called
“statically”), rather than allowing the Internet Security Router to assign them. This option may be desirable (but
not required) if:
„ You have obtained one or more public IP addresses that you want to always associate with specific
computers (for example, if you are using a computer as a public web server).
„ You maintain different subnets on your LAN.
However, during the first time configuration of your Internet Security Router, you must assign an IP address in
the 192.168.1.0 network for your PC, say 192.168.1.2, in order to establish connection between the Internet
Security Router and your PC as the default LAN IP on Internet Security Router is pre-configured as
192.168.1.1. Enter 255.255.255.0 for the subnet mask and 192.168.1.1 for the default gateway. These settings
may be changed later to reflect your true network environment.
On each PC to which you want to assign static information, follow the instructions on pages 11 through 13
relating only to checking for and/or installing the IP protocol. Once it is installed, continue to follow the
instructions for displaying each of the Internet Protocol (TCP/IP) properties. Instead of enabling dynamic
assignment of the IP addresses for the computer, DNS server, and default gateway, click the radio buttons that
enable you to enter the information manually.
Your PCs must have IP addresses that place them in the same
subnet as the Internet Security Router’s LAN port. If you manually
assign IP information to all your LAN PCs, you can follow the
Note
instructions in Chapter 5 to change the LAN port IP address
accordingly.
13
Chapter 3. Quick Start Guide Internet Security Router User’s Manual
3.3 Part 3 — Quick Configuration of the Internet Security Router
In Part 3, you log into the Configuration Manager on the Internet Security Router and configure basic settings
for your Internet connection. Your ISP should provide you with the necessary information to complete this step.
Note the intent here is to quickly get the Internet Security Router up and running, instructions are concise. You
may refer to corresponding chapters for more details.
3.3.1 Buttons Used in Setup Wizard
The Internet Security Router provides a preinstalled software program called Configuration Manager that
enables you to configure the Internet Security Router via your Web browser. The settings that you are most
likely to need to change before using the device are grouped onto sequence of Configuration pages guided by
Setup Wizard. The following table shows the buttons that you’ll encounter in Setup Wizard.
Button Function
Click this button to save the information and proceed to the next
configuration page.
Click this button to go back to the previous configuration page.
3.3.2 Setting Up the Internet Security Router
Follow these instructions to setup the Internet Security Router:
1. Before accessing the Configuration Manager in the Internet Security Router, make sure that the
HTTP proxy setting is disabled in your browser. In IE, click “Tools” è “Internet Options…” è
“Connections” tab è “LAN settings…” and then uncheck “Use proxy server for your LAN …”
2. On any PC connected to one of the four LAN ports on the Internet Security Router, open your
Web browser, and type the following URL in the address/location box, and press <Enter>:
http://192.168.1.1
This is the predefined IP address for the LAN port on the Internet Security Router.
A login screen displays, as shown in Figure 3.2.
14
Figure 3.2. Login Screen
If you have problem connecting to the Internet Security Router, you may want to check if your PC is
configured to accept IP address assignment from the Internet Security Router. Another method is to
set the IP address of your PC to any IP address in the 192.168.1.0 network, such as 192.168.1.2.
Loading...