Linksys AG241 User Manual

USER GUIDE
ADSL2 Gateway
with 4-Port Switch
Model: AG241 (EU)
Icon Descriptions
While reading through the User Guide you may see various icons that call attention to specific items. Below is a description of these icons:
NOTE: This check mark indicates that there is
a note of interest and is something that you should pay special attention to while using the product.
WARNING: This exclamation point indicates
that there is a caution or warning and it is something that could damage your property or product.
About This Guide
WEB: This globe icon indicates a noteworthy
website address or e-mail address.
Online Resources
Website addresses in this document are listed without http:// in front of the address because most current web browsers do not require it. If you use an older web browser, you may have to add http:// in front of the web address.
Resource Website
Linksys www.linksys.com
Linksys International www.linksys.com/international
Glossary www.linksys.com/glossary
Network Security www.linksys.com/security
Copyright and Trademarks
Linksys, Cisco and the Cisco Logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2008 Cisco Systems, Inc. All rights reserved. Other brands and product names are trademarks or registered trademarks of their respective holders.
ADSL2 Gateway with 4-Port Switch
i
Table of Contents
Chapter 1: Product Overview 1
Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 2: Conguration 2
How to Access the Web-Based Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
The Setup Tab > Basic Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
The Setup Tab > DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
The Setup Tab > Advanced Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
The Security Tab > Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
The Security Tab > VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
The Access Restrictions Tab > Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . .10
The Applications & Gaming Tab > Single Port Forwarding. . . . . . . . . . . . . . . . . . . .11
The Applications & Gaming Tab > Port Range Forwarding. . . . . . . . . . . . . . . . . . . .12
The Applications & Gaming Tab > Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . .12
The Applications & Gaming Tab > DMZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
The Applications & Gaming Tab > QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
The Administration Tab > Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
The Administration Tab > Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
The Administration Tab > Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
The Administration Tab > Backup & Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
The Administration Tab > Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
The Administration Tab > Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
The Administration Tab > Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
The Status Tab > Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
The Status Tab > Local Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
The Status Tab > DSL Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
ADSL2 Gateway with 4-Port Switch
Appendix A: Troubleshooting 18
Appendix B: Specications 19
Appendix C: Warranty Information 20
Limited Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Appendix D: Regulatory Information 22
FCC Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Safety Notices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Industry Canada Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
EC Declaration of Conformity (Europe) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste
Electric and Electronic Equipment (WEEE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Appendix E: Software License Agreement 27
Software in Linksys Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Software Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
ii
Chapter 1
Product Overview

Chapter 1: Product Overview

Thank you for choosing the Linksys ADSL2 Gateway with 4-Port Switch, the all-in-one solution for Internet connectivity in your home. The internal ADSL modem function gives you an Internet connection that is far faster than a dial-up and does not tie up your phone line. Connect your computers to the Gateway via the built-in 4-port 10/100 Ethernet Switch to jump start your home network. Attach four computers directly, or connect more hubs and switches to create as big a network as you need. The Gateway ties it all together and lets your whole network share that high-speed Internet connection. To protect your data and privacy, an advanced firewall keeps Internet intruders and attackers out, and wireless transmissions can be protected by powerful data encryption. Safeguard your family with Parental Control features like Internet Access Time Limits and Key Word Blocking. Configuration is a snap with any web browser. With the Linksys ADSL2 Gateway with 4-Port Switch at the heart of your home network, you’re connected to the future.

Front Panel

Back Panel

LINE The LINE port connects to the ADSL line.
Ethernet 1-4 The Ethernet ports connect to
your computer and other Ethernet network devices.
Reset The Reset button is used to restore the
Gateway’s factory default settings. To do so, press the Reset button for approximately ten seconds using a pin or straightened paper clip. The factory defaults can also be restored via the Administration > Factory Defaults screen of the Gateway’s web-based utility.
Power The Power port is where you will
connect the power adapter.
On/Off This switch is used to turn the Gateway
on or off.
Power (Green) The Power LED lights up when
the Gateway is powered on.
Ethernet 1-4 (Green) The Ethernet LED lights
up when the Gateway is connected to a device through the Ethernet port. If the LED is blinking, the Gateway is sending or receiving data over that port.
DSL (Green) The DSL LED lights up when there
is a successful DSL commection. The LED blinks while establishing the ADSL connection.
Internet (Green/Red) The Internet LED lights
up green when an Internet connection to the Internet Service Provider (ISP) is established. The LED lights up red when the connection to the ISP fails.
ADSL2 Gateway with 4-Port Switch
1
Chapter 2
Configuration

Chapter 2: Configuration

Follow the steps in this chapter to use the Gateway’s web-based utility to configure the Gateway. This chapter describes each web page in the Utility and each page’s key functions. The utility can be accessed via a web browser from a computer connected to the Gateway. For a basic network setup, most users only have to use the following screens of the Utility:
Basic Setup On the Setup > Basic Setup screen, enter
the Internet connection settings provided by your Internet Service Provider (ISP).
Management On the Administration > Management
screen, change the Gateway’s password from the default value (admin). Enter a new password in the Password and Re-enter to confirm fields.
There are six main tabs: Setup, Security, Access Restrictions, Applications & Gaming, Administration, and Status. Additional tabs appear after you click a main tab.

How to Access the Web-Based Utility

The Setup Tab > Basic Setup

The Basic Setup screen is the first screen you see when you access the web-based utility. This screen allows you to change the Gateway’s general settings.
To access the web-based utility, launch your web browser, and enter the Gateway’s default IP address, 192.168.1.1, in the Address field. Then press Enter.
Internet Explorer Address Bar
The login screen will ask you for your User name and Password. Enter admin (the default user name) in the User
Name field, and enter admin (the default password) in the Password field. Then click OK.
Login Screen
Use the Utility to make changes as needed. When you have finished making changes to a screen, click Save Settings to save the changes, or click Cancel Changes to undo your changes. Help information is available on the right side of the screen.
Setup > Basic Setup
Internet Setup
PVC Connection Select a PVC connection number from
the drop-down menu. Then, select Enable Now to enable the connection.
VC Settings Virtual Circuits (VPI and VCI) These fields
consist of two items: VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier). Your ISP will provide the correct settings for these fields.
Multiplexing Select LLC or VC , depending on your
ISP.
QOS Type Select from the drop-down menu: CBR,
Continuous Bit Rate to specify fixed bandwidth for voice or data traffic; UBR, Unspecific Bit Rate for application that are none-time sensitive, such as
SubProduct
2
Chapter 2
Configuration
email; or VBR, Variable Bite Rate for Bursty traffic and bandwidth sharing with other application.
Pcr Rate Peak Cell Rate, divide the DSL line rate by 424
to find the PCR to get the maximum rate the sender can send cells. Enter the rate in the field (if required by your service provider).
Scr Rate Sustain Cell Rate, sets the average cell rate
that can be transmitted. SCR normally less than PCR. Enter the rate in the field (if required by your service provider).
Autodetect Select Enable to have the settings
automatically entered or Disable to enter the values manually.
Virtual Circuit Enter the VPI and VCI ranges in the
fields.
Internet Connection Type The Gateway supports five
types of encapsulation:
RFC 1483 Bridged
IPoA
RFC 2516 PPPoE If you are connected to the Internet
through a DSL line, check with your ISP to see if they use PPPoE. If they do, , select this encapsulation type.
RFC 2364 PPPoA If you are connected to the Internet
through a DSL line, check with your ISP to see if they use PPPoA. If they do, select this encapsulation type.
Bridged Mode Only Select this encapsulation if you
are using your Gateway as a bridge, which makes the Gateway act like a standalone modem.
Each Basic Setup screen and available features will differ depending on what type of encapsulation you select.
RFC 1483 Bridged
IP Settings Select Obtain an IP Address Automatically
if your ISP says you are connecting through a dynamic IP address.
Static IP
Static IP
IP Settings If you are required to use a permanent (static)
IP address to connect to the Internet, then select Use the following IP Address.
Internet IP Address This is the Gateway’s IP address,
when seen from the Internet. Your ISP will provide you with the IP Address you need to specify here.
Subnet Mask This is the Gateway’s Subnet Mask. Your
ISP will provide you with the Subnet Mask.
Gateway Your ISP will provide you with the default
Gateway Address, which is the ISP server’s IP address.
Primary DNS (Required) and Secondary DNS (Optional) Your ISP will provide you with at least one
DNS (Domain Name System) Server IP Address.
Dynamic IP
SubProduct
Dynamic IP
IPoA
IPoA
IP Settings If you are required to use RFC 1577 IPoA
(Classical IP over ATM), then select IPoA.
3
Chapter 2
Configuration
IP Address This is the Gateway’s IP address, when
seen from the Internet. Your ISP will provide you with the IP Address you need to specify here.
Subnet Mask This is the Gateway’s Subnet Mask. Your
ISP will provide you with the Subnet Mask.
Default Gateway Your ISP will provide you with the
Default Gateway Address, which is the ISP server’s IP address.
Primary DNS (Required) and Secondary DNS (Optional) Your ISP will provide you with at least one
DNS (Domain Name System) Server IP Address.
RFC 2516 PPPoE
RFC 2516 PPPoE
PPPoE Settings
Service Name Enter the name of your PPPoE service.
User Name and Password Enter the User Name and
Password provided by your ISP.
Connect on Demand: Max Idle Time You can
configure the Gateway to drop the Internet connection after a predetermined period of inactivity (Max Idle Time), and to automatically re-establish the connection as soon as you attempt to access the Internet again (Connect on Demand). If you wish to activate this option, click the radio button next to this field, and in the Max Idle Time field, enter the number of minutes that are to elapse before your Internet connection will be terminated.
RFC 2364 PPPoA
RFC 2364 PPPoA
PPPoA Settings
User Name and Password Enter the User Name and
Password provided by your ISP.
Connect on Demand: Max Idle Time You can
configure the Gateway to drop the Internet connection after a predetermined period of inactivity (Max Idle Time), and to automatically re-establish the connection as soon as you attempt to access the Internet again (Connect on Demand). If you wish to activate this option, click the radio button next to this field, and in the Max Idle Time field, enter the number of minutes that are to elapse before your Internet connection will be terminated.
Keep Alive Option: Redial Period If you select this
option, the Gateway will periodically check your Internet connection and automatically re-establish your connection if you are not connected. To use this option, click the radio button next to the field, and in the Redial Period field, specify how often you want the Gateway to check the Internet connection. The default Redial Period is 30 seconds.
Bridged Mode Only
All NAT and routing are disabled in this mode.
Keep Alive: Redial Period If you select this option,
the Gateway will periodically check your Internet connection and automatically re-establish your connection if you are not connected. To use this option, click the radio button next to this field, and in the Redial Period field, specify how often you want the Gateway to check the Internet connection. The default Redial Period is 30 seconds.
SubProduct
Bridged Mode Only
4
Chapter 2
Configuration
Optional Settings
Some of these settings may be required by your ISP. Verify with your ISP before making any changes.
Optional Settings
Host Name and Domain Name These fields allow you to
supply a host and domain name for the Gateway. Some ISPs require these names as identification. You may have to check with your ISP to see if your broadband Internet service has been configured with a host and domain name. In most cases, leaving these fields blank will work.
MTU The MTU (Maximum Transmission Unit) setting
specifies the largest packet size permitted for network transmission. Select Manual and enter the value desired in the Size field. It is recommended that you leave this value in the 1200 to 1500 range. By default, MTU is configured automatically.
Network Setup
The Network Setup section allows you to change the Gateway’s local network settings.
Network Address Server Settings (DHCP)
A Dynamic Host Configuration Protocol (DHCP) server automatically assigns an IP address to each computer on your network for you. Unless you already have one, it is highly recommended that you leave the Gateway enabled as a DHCP server.
DHCP Relay Server If you enable the Local DHCP Server
or DHCP Relay for the Local DHCP server, enter the IP address for the DHCP server in the fields.
AutoDetect LAN DHCP Server This feature allows
clients to automatically detect a DHCP server on your local network. If you want to enable this feature, click Enable. Otherwise, click Disable to disable this feature.
Starting IP Address Enter a value for the DHCP server to
start with when issuing IP addresses. This value must be
192.168.1. 2 or greater, because the default IP address for the Gateway is 192.168.1.1.
Maximum Number of DHCP Users Enter the maximum
number of users/clients that can obtain an IP address. The number will vary depending on the starting IP address entered.
Client Lease Time The Client Lease Time is the amount
of time a network user will be allowed connection to the Gateway with their current dynamic IP address. Enter the amount of time, in minutes, that the user will be “leased” this dynamic IP address.
Network Setup
Router IP
The values for the Gateway’s Local IP Address and Subnet Mask are shown here. In most cases, keeping the default values will work.
Static DNS 1-3 The Domain Name System (DNS) is how
the Internet translates domain or website names into Internet addresses or URLs. Your ISP will provide you with at least one DNS Server IP Address. You can enter up to three DNS Server IP Addresses here. The Router will use these for quicker access to functioning DNS servers.
WINS The Windows Internet Naming Service (WINS)
converts NetBIOS names to IP addresses. If you use a WINS server, enter that server’s IP address here. Otherwise, leave this field blank.
Time Setting
This is where you set the time zone for your Gateway. Select your time zone from the drop-down menu. If desired, check the Automatically adjust clock for daylight saving changes option.
When you have finished making changes to this screen, click Save Settings to save the changes, or click Cancel
Changes to undo your changes.
Local IP Address The default value is 192.168.1.1.
Subnet Mask The default value is 255.255.255.0.
SubProduct
5
Chapter 2
Configuration

The Setup Tab > DDNS

The Gateway offers a Dynamic Domain Name System (DDNS) feature. DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the Gateway.
Before you can use this feature, you need to sign up for DDNS service at DynDNS.org or TZO.com.
DDNS
DDNS Service If your DDNS service is provided by
DynDNS.org, then select DynDNS.org from the drop­down menu. If your DDNS service is provided by TZO, then select TZO.com. The features available on the DDNS screen will vary, depending on which DDNS service provider you use. To disable DDNS Service, select Disabled.
DynDNS.org
E-mail Address, Password, Domain Name Enter the
e-mail address, TZO password key, and domain name of the service you set up with TZO.com.
Internet IP Address The Gateway’s current Internet IP
address is displayed here. Because it is dynamic, it will change.
Status The status of the DDNS service connection is
displayed here.
When you have finished making changes to this screen, click Save Settings to save the changes, or click Cancel Changes to undo your changes.

The Setup Tab > Advanced Routing

The Advanced Routing screen allows you to configure the dynamic and static routing settings.
Setup > DDNS > DynDNS.org
User Name, Password, Host Name Enter the user name,
password, and host name of your DynDNS.org account.
Internet IP Address The Gateway’s current Internet IP
address is displayed here. Because it is dynamic, it will change.
Status The status of the DDNS service connection is
displayed here.
TZO.com
Setup > DDNS > TZO.com
Setup > Advanced Routing
Advanced Routing
Operating Mode
NAT NAT is a security feature that is Enabled by default. It
enables the Gateway to translate IP addresses of your local area network to a different IP address for the Internet. To disable NAT, click the Disabled radio button.
Dynamic Routing
With Dynamic Routing you can enable the Gateway to automatically adjust to physical changes in the network’s layout. The Gateway, using the RIP protocol, determines the network packets’ route based on the fewest number of hops between the source and the destination. The RIP protocol regularly broadcasts routing information to other Gateways on the network.
RIP To enable RIP, click Enabled. To disable RIP, click
Disabled.
SubProduct
6
Chapter 2
Configuration
DDNS Service Transmit RIP Version. To transmit RIP
messages, select the protocol you want: RIP1, RIP1­Compatible, or RIP2.
Receive RIP Version To receive RIP messages, select the
protocol you want: RIP1 or RIP2.
Static Routing
If the Gateway is connected to more than one network, it may be necessary to set up a static route between them. A static route is a pre-determined pathway that network information must travel to reach a specific host or network. To create a static route, change the following settings:
Select Set Number Select the number of the static
route from the drop-down menu. The Gateway supports up to 20 static route entries. If you need to delete a route, after selecting the entry, click Delete
This Entry.
Destination IP Address The Destination IP Address is
the address of the remote network or host to which you want to assign a static route. Enter the IP address of the host for which you wish to create a static route. If you are building a route to an entire network, be sure that the network portion of the IP address is set to 0.
Subnet Mask The Subnet Mask determines which
portion of a Destination IP address is the network portion, and which portion is the host portion.
Gateway This is the IP address of the gateway device
that allows for contact between the Adapter and the remote network or host.
Hop Count This is the number of hops to each node
until the destination is reached (16 hops maximum). Enter the Hop Count in this field.
Show Routing Table Click Show Routing Table to open
a screen displaying how data is routed through your local network. For each route, the Destination IP address, Subnet Mask, Gateway, and Interface are displayed. Click Refresh to update the information. Click Close to return to the previous screen.

The Security Tab > Firewall

The Firewall screen contains filters and an option to block WAN requests. Filters block specific Internet data types and block anonymous Internet requests.
Security > Firewall
Firewall
Firewall Protection To add Firewall Protection, click
Enable. If you do not want Firewall Protection, click Disable.
Additional Filters
Filter Proxy Use of WAN proxy servers may compromise
the Gateway’s security. Denying Filter Proxy will disable access to any WAN proxy servers. To enable proxy filtering, click Enabled.
Filter Cookies A cookie is data stored on your computer
and used by Internet sites when you interact with them. To enable cookie filtering, click Enabled.
Filter Java Applets Java is a programming language
for websites. If you deny Java Applets, you run the risk of not having access to Internet sites created using this programming language. To enable Java Applet filtering, click Enabled.
Filter ActiveX ActiveX is a programming language for
websites. If you deny ActiveX, you run the risk of not having access to Internet sites created using this programming language. To enable ActiveX filtering, click Enabled.
Advanced Routing > Routing Table
When you have finished making changes to this screen, click Save Settings to save the changes, or click Cancel
Changes to undo your changes.
SubProduct
Block WAN Requests
Block Anonymous Internet Requests When enabled,
this feature keeps your network from being “pinged,” or detected, by other Internet users. It also hides your network ports. Both make it more difficult for outside users to enter your network. This filter is enabled by default. Select Disabled to allow anonymous Internet requests.
When you have finished making changes to this screen, click Save Settings to save the changes, or click Cancel
Changes to undo your changes.
7
Chapter 2
Configuration

The Security Tab > VPN

Virtual Private Networking (VPN) is a security measure that creates a secure connection between two remote locations. The Security > VPN screen allows you to configure your VPN settings to make your network more secure.
To establish this tunnel, select the tunnel you wish to create in the Select Tunnel Entry drop-down box. It is possible to create up to five simultaneous tunnels. Then click Enabled to enable the IPSec VPN tunnel. Once the tunnel is enabled, enter the name of the tunnel in the Tunnel Name field. This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel. To delete a tunnel entry, select the tunnel, then click Delete. To view a summary of the settings, click Summary.
VPN Settings Summary
Local Secure Group and Remote Secure Group
The Local Secure Group is the computer(s) on your LAN that can access the tunnel. The Remote Secure Group is the computer(s) on the remote end of the tunnel that can access the tunnel. These computers can be specified by a Subnet, specific IP address, or range.
Local Security Gateway
Security > VPN
VPN Passthrough
IPSec Passthrough Internet Protocol Security (IPSec) is a
suite of protocols used to implement secure exchange of packets at the IP layer. To allow IPSec Passthrough, click
Enable. To disable IPSec Passthrough, click Disable.
PPTP Passthrough Point-to-Point Tunneling Protocol
Passthrough is used to enable VPN sessions to a Windows NT 4.0 or 2000 server. To allow PPTP Passthrough, click
Enable. To disable PPTP Passthrough, click Disable.
L2TP Passthrough Layering 2 Tunneling Protocol
Passthrough is used to enable the operation of a VPN over the Internet.To allow L2TP Passthrough, click Enable. To disable L2TP Passthrough, click Disable.
IPSec VPN Tunnel
The VPN Gateway creates a tunnel or channel between two endpoints, so that the data or information between these endpoints is secure.
Remote Security Gateway
The Remote Security Gateway is the VPN device, such as a second VPN Gateway, on the remote end of the VPN tunnel. Enter the IP Address or Domain of the VPN device at the other end of the tunnel. The remote VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client software that supports IPSec. The IP Address may either be static (permanent) or dynamic (changing), depending on the settings of the remote VPN device. Make sure that you have entered the IP Address correctly, or the connection cannot be made. Note that this is NOT the IP Address of the local VPN Gateway, but the IP Address of the remote VPN Gateway or device with which you wish to communicate. If you enter an IP address, only that specific IP Address will be able to access the tunnel. If you select
Any, any IP Address can access the tunnel.
Encryption Using Encryption also helps make your
connection more secure. There are two different types of encryption: DES (default) or 3DES (3DES is recommended because it is more secure). You may choose either of these, but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel. Or, you may choose not to encrypt by selecting Disable.
Authentication Authentication acts as another level
of security. There are two types of authentication: MD5 (default) and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, if the VPN device at the other end of the tunnel is using the same type of authentication. Or, both ends of the tunnel may choose to Disable authentication.
SubProduct
8
Chapter 2
Configuration
Key Management
Select Auto (IKE) or Manual from the drop-down menu. The two methods are described below.
Auto (IKE)
Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared Key field. Based on this word, which MUST be entered at both ends of the tunnel if this method is used, a key is generated to scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted). You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. In the Key Lifetime field, you may select to have the key expire at the end of a time period. Enter the number of seconds you’d like the key to be useful, or leave it blank for the key to last indefinitely. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure.
Manual
Select Manual, then select the Encryption Algorithm from the drop-down menu. Enter the Encryption Key in the field (if you chose DES for your Encryption Algorithm, enter 16 hexadecimal characters, if you chose 3DES, enter 48 hexadecimal characters). Select the Authentication Algorithm from the drop-down menu. Enter the Authentication Key in the field (if you chose MD5 for your Authentication Algorithm, enter 32 hexadecimal characters, if you chose SHA1, enter 40 hexadecimal characters). Enter the Inbound and Outbound SPIs in the respective fields.
Advanced VPN Tunnel Setup
From the Advanced IPSec VPN Tunnel Setup screen you can adjust the settings for specific VPN tunnels.
Advanced VPN Tunnel Setup
Phase 1
Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed, Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.
Manual Key Management
Status
The status of the connection is shown.
Click Connect to connect your VPN tunnel. Click View Logs to view system, UPnP, VPN, firewall, access, or all logs. Click Advanced Settings and the Advanced IPSec VPN Tunnel Setup screen will appear.
System Log
When you have finished making changes to the Security > VPN screen, click Save Settings to save the changes, or click Cancel Changes to undo your changes.
SubProduct
Operation Mode There are two modes: Main and
Aggressive, and they exchange the same IKE payloads in different sequences. Main mode is more common; however, some people prefer Aggressive mode because it is faster. Main mode is for normal usage and includes more authentication requirements than Aggressive mode. Main mode is recommended because it is more secure. No matter which mode is selected, the VPN Gateway will accept both Main and Aggressive requests from the remote VPN device.
Encryption Select the length of the key used to encrypt/
decrypt ESP packets. There are two choices: DES and 3DES. 3DES is recommended because it is more secure.
Authentication Select the method used to authenticate
ESP packets. There are two choices: MD5 and SHA. SHA is recommended because it is more secure.
Group There are two Diffie-Hellman Groups to choose
from: 768-bit and 1024-bit. Diffie-Hellman refers to a cryptographic technique that uses public and private keys for encryption and decryption.
9
Chapter 2
Key Life Time In the Key Lifetime field, you may optionally
select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is completed.
Phase 2
Encryption The encryption method selected in Phase 1
will be displayed.
Authentication The authentication method selected in
Phase 1 will be displayed.
PFS The status of PFS will be displayed.
Group There are two Diffie-Hellman Groups to choose
from: 768-bit and 1024-bit. Diffie-Hellman refers to a cryptographic technique that uses public and private keys for encryption and decryption.
Key Life Time In the Key Lifetime field, you may select to
have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is completed.
Configuration
Other Setting
NAT Traversal
NetBIOS broadcast Check the box next to this field to
enable NetBIOS traffic to pass through the VPN tunnel.
Anti-replay Check the box next to this field to enable
the Anti-replay protection. This feature keeps track of sequence numbers as packets arrive, ensuring security at the IP packet-level.
Keep-Alive If you select this option, the Gateway will
periodically check your Internet connection. If you are disconnected, then the Gateway will automatically re­establish your connection.
Check this box to block unauthorized IP addresses
Enter in the field to specify how many times IKE must fail before blocking that unauthorized IP address. Enter the length of time that you specify (in seconds) in the field.
When finished making your changes to this screen, click Save Settings to save the changes, or click Cancel Changes to undo your changes.

The Access Restrictions Tab > Internet Access

The Internet Access screen allows you to block or allow specific kinds of Internet usage. You can set up Internet access policies for specific computers and set up filters by using network port numbers.
Access Restrictions > Internet Access
Internet Access
Internet Access Policy Multiple filters can be saved as
Internet Access Policies. When you wish to edit one, select the number of the policy from the drop-down menu. The screen contents will reflect the settings of the currently selected policy. If you wish to delete the Policy, click Delete. To see a summary of all policies, click Summary.
Internet Access Policy > Summary
On the Summary screen, the policies are listed with the following information: No., Policy Name, Days, and Time of Day. To delete a policy, click the policy’s check box and click Delete. To return to the Internet Access Policy screen, click Close.
Status Policies are disabled by default. To enable a policy,
select the policy number from the drop-down menu, and click Enabled.
The remaining fields on the screen are used to create a new policy, or to display the settings of an existing policy.
SubProduct
10
Loading...
+ 28 hidden pages