Linksys BEFVP41 User Manual
USER GUIDE
EtherFast® Cable/DSL VPN Router
with 4-Port Switch
Model: BEFVP41
About This Guide
Icon Descriptions
While reading through the User Guide you may see
various icons that call attention to specific items. Below is
a description of these icons:
NOTE: This check mark indicates that there is
a note of interest and is something that you
should pay special attention to while using the
product.
WARNING: This exclamation point indicates
that there is a caution or warning and it is
something that could damage your property or
product.
About This Guide
WEB: This globe icon indicates a noteworthy
website address or e-mail address.
Online Resources
Website addresses in this document are listed without
http:// in front of the address because most current web
browsers do not require it. If you use an older web browser,
you may have to add http:// in front of the web address.
Resource Website
Linksys www.linksys.com
Linksys International www.linksys.com/international
Glossary www.linksys.com/glossary
Network Security www.linksys.com/security
Copyright and Trademarks
Linksys, EtherFast, Cisco, and the Cisco Logo
are registered trademarks or trademarks
of Cisco Systems, Inc. and/or its affiliates
in the U.S. and certain other countries.
Copyright © 2008 Cisco Systems, Inc. All
rights reserved. Other brands and product
names are trademarks or registered
trademarks of their respective holders.
EtherFast Cable/DSL VPN Router with 4-Port Switch
i
Table of Contents
Chapter 1: Introduction 1
Introduction to VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
VPN Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
VPN Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Chapter 2: Product Overview 3
Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 3: Advanced Conguration 4
Setup > Basic Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Setup > DDNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Setup > MAC Address Clone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Setup > Advanced Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Security > Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Security > VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Access Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Applications and Gaming > Port Range Forwarding . . . . . . . . . . . . . . . . . . . . . . .13
Applications & Gaming > Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Applications and Gaming > UPnP Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Applications and Gaming > DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Administration > Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Administration > Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Administration > Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Administration > Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Administration > Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Status > Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Status > Local Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Appendix A: Troubleshooting 20
Appendix B: VPN Tunnel 21
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Appendix C: Specications 22
Appendix D: Warranty Information 23
Limited Warranty. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Appendix E: Regulatory Information 25
FCC Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Safety Notices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Industry Canada Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste
Electric and Electronic Equipment (WEEE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
EtherFast Cable/DSL VPN Router with 4-Port Switch
ii
Table of Contents
Appendix F: Software License Agreement 30
Software in Linksys Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Software Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
EtherFast Cable/DSL VPN Router with 4-Port Switch
iii
Chapter 1
Introduction
Chapter 1: Introduction
Thank you for choosing the Linksys by Cisco EtherFast
Cable/DSL VPN Router with 4-Port Switch. The Router
lets you access the Internet through its four switched
ports. You can also use the Router to share resources
such as computers, printers and files. A variety of security
features help to protect your data and your privacy while
online. Security features include Virtual Private Network
(VPN) technology and a Stateful Packet Inspection (SPI)
firewall. Configuring the Router is easy using the provided
browser-based utility.
Introduction to VPNs
A VPN is a connection between two endpoints—a VPN
Router, for instance—in different networks that allows
private data to be sent securely over a shared or public
network, such as the Internet. This establishes a private
network that can send data securely between these two
locations or networks.
The private network is established by creating a “tunnel”.
A VPN tunnel connects the two computers or networks
and allows data to be transmitted over the Internet
as if it were still within those networks. A VPN tunnel
uses industry-standard encryption and authentication
techniques to secure the data sent between the two
networks.
VPN Examples
The following are examples of a VPN tunnel between two
VPN routers and a VPN tunnel between a computer using
VPN client software and a VPN router.
VPN Router to VPN Router
For example, at home, a telecommuter uses his VPN
Router for his always-on Internet connection. His Router
is configured with his office’s VPN settings. When he
connects to his office’s router, the two routers create a
VPN tunnel, encrypting and decrypting data. As VPNs use
the Internet, distance is not a factor. Using the VPN, the
telecommuter now has a secure connection to the central
office’s network, as if he were physically connected.
Home
VPN Router
Internet
Central Office
Virtual Private Networking was created as a cost-effective
alternative to using a private, dedicated, leased line for a
private network. It can be used to create secure networks
linking a central office with branch offices, telecommuters,
and/or professionals on the road.
There are two basic ways to create a VPN connection:
VPN Router to VPN Router •
computer (using VPN client software) to VPN Router •
The VPN Router creates a “tunnel” or channel between two
endpoints, so that data transmissions between them are
secure. A computer with VPN client software can be one
of the two endpoints.
For an Internet Protocol Security (IPSec) VPN tunnel, the
VPN Router and any computer with the built-in IPSec
Security Manager (Windows 2000 and XP) can create a VPN
tunnel using IPSec (Windows Vista uses a similar utility).
Other Windows operating systems require additional,
third-party VPN client software applications that support
IPSec to be installed.
VPN Router
VPN Router to VPN Router
Computer (using VPN client software) to
VPN Router
The following is an example of a computer-to-VPN Router
VPN. In her hotel room, a traveling businesswoman
connects to her Internet Service Provider (ISP). Her
notebook computer has VPN client software that is
configured with her office’s VPN settings. She accesses
the VPN client software and connects to the VPN Router
at the central office. As VPNs use the Internet, distance is
not a factor. Using the VPN, the businesswoman now has a
secure connection to the central office’s network, as if she
were physically connected.
EtherFast Cable/DSL VPN Router with 4-Port Switch
1
Chapter 1
Introduction
Off-Site
Internet
Notebook with VPN
Client Software
VPN
Router
Central Office
Computer to VPN Router
For additional information and instructions about creating
your own VPN, refer to “Appendix B: VPN Tunnel” or visit
the Linksys website at www.linksys.com.
VPN Security
There are additional ways to enhance data security beyond
the VPN Router. Here are some suggestions:
•
Enhance security on your other networks. Install
firewall routers for your Internet connections, and use
the most up-to-date security measures for wireless
networking.
Narrow the scope of your VPN tunnel as much as •
possible. Rather than allowing a range of IP addresses,
use the addresses specific to the endpoints (such as
computers) required.
Do not set the Remote Security Group to the Any •
setting, as this will open the VPN to any IP address.
Host a specific IP address.
Use the strongest encryption and authentication •
methods available on the VPN Router, 3DES encryption
and SHA authentication.
Manage your pre-shared keys; change them •
periodically.
IPSec is compatible with most VPN endpoints and ensures
privacy and authentication for data, while authenticating
user identification. With IPSec, authentication is based
upon the computer’s IP address. This confirms the user’s
identity and establishes the secure tunnel at the network
layer, protecting all data that passes through.
By operating at the network layer, IPSec is independent of
any applications running on the network. This way, it does
not affect your computer’s performance and still allows
you to do more with greater security. Still, it is important
to note that IPSec encryption does create a slight
slowdown in network throughput, due to the encryption
and decryption of data.
Some VPNs will still leave the IP headers decrypted. These
headers contain the IP addresses for the users at both
ends of the tunnel and can be used by potential hackers
in future attacks. The VPN Router, however, does not leave
the IP headers decrypted, if you enable and set up Perfect
Forward Secrecy (PFS). With PFS, both the IP headers and
secret keys used to secure the tunnel are encrypted.
The VPN Router allows users on your local network to
secure their data over the Internet (using VPN tunnels)
without having to purchase the extra client licenses
that other VPN hardware manufacturers and software
packages may require. With VPN functions handled by
the Router, rather than your computer (which software
packages would require), then your computer would
have fewer tasks to process. Also, you would not have to
reconfigure your computer for VPN usage.
EtherFast Cable/DSL VPN Router with 4-Port Switch
2
Chapter 2
Product Overview
Chapter 2: Product Overview
Front Panel
Power (Green) The Power LED lights up and
will stay on while the Router is powered on.
It flashes when the Router goes through its
self-diagnostic mode during every boot-up or
upgrades its firmware.
1, 2, 3, 4 (Green) These numbered LEDs,
corresponding with the numbered ports on the
Router’s back panel, serve two purposes. If the
LED is continuously lit, the Router is successfully
connected to a device through that port. A
flashing LED indicates network activity over
that port.
Internet (Green) The Internet LED lights up
when there is a connection made through the
Internet port. A flashing LED indicates network
activity over the Internet port.
Back Panel
Reset There are two ways to reset the Router to
its factory default settings. Use a straightened
paper clip or similar object to press and hold the
Reset button for approximately five seconds.
You can also restore the defaults from the
Administration > Factory Defaults screen of the
Router’s web-based utility.
Internet The Internet port is where you will
connect your cable or DSL Internet connection.
1, 2, 3, 4 These Ethernet ports (1, 2, 3, 4)
connect the Router to computers on your wired
network and other Ethernet network devices.
Power The Power port is where you will
connect the power adapter.
EtherFast Cable/DSL VPN Router with 4-Port Switch
3
Chapter 3
Chapter 3: Advanced Configuration
After setting up the Router with the Setup Wizard (located
on the CD-ROM), the Router will be ready for use. However,
if you’d like to change its advanced settings, use the
Router’s web-based utility. This chapter describes each
web page of the utility and each page’s key functions. You
can access the utility via a web browser on a computer
connected to the Router.
The web-based utility has these main tabs: Setup, Security,
Applications & Gaming, Administration, and Status.
Additional tabs will be available after you click one of the
main tabs.
NOTE: When first installing the Router, you
should use the Setup Wizard on the Setup
CD-ROM. If you want to configure advanced
settings, use this chapter to learn about the
web-based utility.
Advanced Configuration
How to Access the Web-Based Utility
To access the web-based utility, launch the web browser on
your computer, and enter the Router’s default IP address,
192.168.1.1, in the Address field. Then, press Enter.
A login screen will appear. Leave the User Name field
blank. The first time you open the web-based utility, use
the default password admin. (You can set a new password
from the Administration > Management screen.) Click OK
to continue.
Login Screen
Setup > Basic Setup
The first screen that appears is the Basic Setup screen. This
allows you to change the Router’s general settings.
Setup > Basic Setup
Internet Setup
The Internet Setup section configures the Router to your
Internet connection. Most of this information can be
obtained through your Internet Service Provider (ISP).
Connection Type
Select the type of Internet connection your ISP provides
from the drop-down menu. These are the available types:
Obtain an IP Automatically •
Static IP •
PPPoE •
RAS •
PPTP •
Heart Beat Signal •
Obtain an IP Automatically
By default, the Router’s Connection Type is set to Obtain
an IP automatically, which should be kept only if your
ISP supports DHCP or you are connecting through a
dynamic IP address. (This option usually applies to cable
connections.)
EtherFast Cable/DSL VPN Router with 4-Port Switch
Connection Type > Obtain an IP Automatically
4
Chapter 3
Advanced Configuration
Static IP
If you are required to use a permanent IP address to
connect to the Internet, select Static IP.
Connection Type > Static IP
IP Address Enter the Router’s IP address, as seen from the
Internet. This is provided by your ISP.
Subnet Mask Enter the Router’s subnet mask, as seen by
users on the Internet (including your ISP). This is provided
by your ISP.
Default Gateway Your ISP will provide you with the IP
address of the ISP server.
Primary and Secondary DNS Your ISP will provide you
with at least one DNS (Domain Name System) server IP
address.
before your Internet connection terminates. The default
Max Idle Time is 5 minutes.
Keep Alive: Redial Period If you select this option,
the Router will periodically check your Internet
connection. If you are disconnected, then the Router
will automatically re-establish your connection. To use
this option, select Keep Alive. In the Redial Period field,
you specify how often you want the Router to check
the Internet connection. The default Redial Period is
30 seconds.
RAS
Remote Access Service (RAS) is a service that applies to
connections in Singapore only. For users in Singapore,
check with Singtel for information on RAS.
PPPoE
Some DSL-based ISPs use PPPoE (Point-to-Point Protocol
over Ethernet) to establish Internet connections. If you are
connected to the Internet through a DSL line, check with
your ISP to see if they use PPPoE. If they do, you will have
to enable PPPoE.
Connection Type > PPPoE
User Name and Password Enter the User Name and
Password provided by your ISP.
Service Name If provided by your ISP, enter the Service
Name.
Connect on Demand: Max Idle Time You can configure
the Router to cut the Internet connection after it has been
inactive for a specified period of time (Max Idle Time). If
your Internet connection has been terminated due to
inactivity, Connect on Demand enables the Router to
automatically re-establish your connection as soon as you
attempt to access the Internet again. To use this option,
select Connect on Demand. In the Max Idle Time field,
enter the number of minutes you want to have elapsed
Connection Type > RAS
User Name and Password Enter the User Name and
Password provided by Singtel.
RAS Plan Select the type of plan you have.
Connect on Demand: Max Idle Time You can configure
the Router to cut the Internet connection after it has been
inactive for a specified period of time (Max Idle Time). If
your Internet connection has been terminated due to
inactivity, Connect on Demand enables the Router to
automatically re-establish your connection as soon as you
attempt to access the Internet again. To use this option,
select Connect on Demand. In the Max Idle Time field,
enter the number of minutes you want to have elapsed
before your Internet connection terminates. The default
Max Idle Time is 5 minutes.
Keep Alive: Redial Period
Router will periodically check your Internet connection. If
you are disconnected, then the Router will automatically
re-establish your connection. To use this option, select
Keep Alive. In the Redial Period field, you specify how often
you want the Router to check the Internet connection. The
default value is 30 seconds.
If you select this option, the
EtherFast Cable/DSL VPN Router with 4-Port Switch
5
Chapter 3
PPTP
Point-to-Point Tunneling Protocol (PPTP) is a service that
applies to connections in Europe only.
Connection Type > PPTP
IP Address Enter the Router’s IP address, as seen from the
Internet. This is provided by your ISP.
Subnet Mask Enter the Router’s subnet mask, as seen by
users on the Internet (including your ISP). This is provided
by your ISP.
Default Gateway Your ISP will provide you with the IP
address of the ISP server.
User Name and Password Enter the User Name and
Password provided by your ISP.
Connect on Demand: Max Idle Time You can configure
the Router to cut the Internet connection after it has been
inactive for a specified period of time (Max Idle Time). If
your Internet connection has been terminated due to
inactivity, Connect on Demand enables the Router to
automatically re-establish your connection as soon as you
attempt to access the Internet again. To use this option,
select Connect on Demand. In the Max Idle Time field,
enter the number of minutes you want to have elapsed
before your Internet connection terminates. The default
Max Idle Time is 5 minutes.
Advanced Configuration
Connection Type > Heart Beat Signal
User Name and Password Enter the User Name and
Password provided by your ISP.
Heart Beat Server Enter the IP address of your ISP’s Heart
Beat server. This is provided by your ISP.
Connect on Demand: Max Idle Time You can configure
the Router to cut the Internet connection after it has been
inactive for a specified period of time (Max Idle Time). If
your Internet connection has been terminated due to
inactivity, Connect on Demand enables the Router to
automatically re-establish your connection as soon as you
attempt to access the Internet again. To use this option,
select Connect on Demand. In the Max Idle Time field,
enter the number of minutes you want to have elapsed
before your Internet connection terminates. The default
Max Idle Time is 5 minutes.
Keep Alive: Redial Period
Router will periodically check your Internet connection. If
you are disconnected, then the Router will automatically
re-establish your connection. To use this option, select
Keep Alive. In the Redial Period field, you specify how often
you want the Router to check the Internet connection. The
default value is 30 seconds.
Optional Settings and MTU
Some of these settings may be required by your ISP. Verify
with your ISP before making any changes.
If you select this option, the
Keep Alive: Redial Period
Router will periodically check your Internet connection. If
you are disconnected, then the Router will automatically
re-establish your connection. To use this option, select
Keep Alive. In the Redial Period field, you specify how often
you want the Router to check the Internet connection. The
default value is 30 seconds.
If you select this option, the
Heart Beat Signal
Heart Beat Signal is a service used in Australia only. If you
are using a Heart Beat Signal connection, check with your
ISP for the necessary setup information.
EtherFast Cable/DSL VPN Router with 4-Port Switch
Optional Settings and MTU
Host Name and Domain Name These fields allow you to
supply a host and domain name for the Router. Some ISPs,
usually cable ISPs, require these names as identification.
You may have to check with your ISP to see if your
broadband Internet service has been configured with a
host and domain name. In most cases, leaving these fields
blank will work.
MTU and Size MTU is the Maximum Transmission Unit.
It specifies the largest packet size permitted for Internet
transmission. Select Manual if you want to manually enter
the largest packet size that is transmitted. To have the
6
Chapter 3
Advanced Configuration
Router select the best MTU for your Internet connection,
keep the default setting, Automatic.
Size When Manual is selected in the MTU field, this option
is enabled. Leave this value in the 1200 to 1500 range. The
default size is 1400.
Network Setup
The Network Setup section changes the settings on the
network connected to the Router’s Ethernet ports.
Network Setup
Router IP
This presents both the Router’s IP Address and Subnet
Mask as seen by your network.
amount of time, in minutes, that the user will be “leased”
this dynamic IP address. After the time is up, the user will
be automatically assigned a new dynamic IP address. The
default is 0 minutes, which means one day.
Time Setting
Time Zone Select the time zone in which your network
functions.
Click Save Settings to apply your changes, or click Cancel
Changes to cancel your changes.
Setup > DDNS
The Router offers a Dynamic Domain Name System (DDNS)
feature. DDNS lets you assign a fixed host and domain
name to a dynamic Internet IP address. It is useful when
you are hosting your own website, FTP server, or other
server behind the Router. Before you can use this feature,
you need to sign up for DDNS service with a DDNS service
provider, www.dyndns.org.
DDNS
DDNS Service If your DDNS service is provided by
DynDNS.org, then select DynDNS.org. If you do not want
to use this feature, keep the default setting, Disabled.
Network Address Server Settings (DHCP)
The settings allow you to configure the Router’s Dynamic
Host Configuration Protocol (DHCP) server function. The
Router can be used as a DHCP server for your network. A
DHCP server automatically assigns an IP address to each
computer on your network. If you choose to enable the
Router’s DHCP server option, make sure there is no other
DHCP server on your network.
Local DHCP Server DHCP is enabled by factory default.
If you already have a DHCP server on your network, or you
don’t want a DHCP server, then select Disable (no other
DHCP features will be available).
Start IP Address Enter a value for the DHCP server to
start with when is
default IP address is 192.168.1.1, the Start IP Address must
be 192.168.1.2 or greater, but smaller than 192.168.1.253.
The default is 192.168.1.100
Number of Address Enter the maximum number of
computers that you want the DHCP server to assign IP
addresses to. This number cannot be greater than 253.
The default is 50.
DHCP Address Range Displayed here is the range of
available IP addresses.
Client Lease Time The Client Lease Time is the amount
of time a network user will be allowed connection to the
Router with their current dynamic IP address. Enter the
suing IP addresses. Because the Router’s
.
Setup > DDNS > DynDNS.org
DynDNS.org
User Name Enter the User Name for your DDNS account.
Password Enter the Password for your DDNS account.
Host Name The is the DDNS URL assigned by the DDNS
service.
Internet IP Address The Router’s Internet IP address is
displayed here. Because it is dynamic, it will change.
Status The status of the DDNS service connection is
displayed here.
Click Save Settings to apply your changes, or click Cancel
Changes to cancel your changes.
EtherFast Cable/DSL VPN Router with 4-Port Switch
7
Chapter 3
Advanced Configuration
Setup > MAC Address Clone
A MAC address is a 12-digit code assigned to a unique
piece of hardware for identification. Some ISPs will require
you to register a MAC address in order to access the
Internet. If you do not wish to re-register the MAC address
with your ISP, you may assign the MAC address you have
currently registered with your ISP to the Router with the
MAC Address Clone feature.
Setup > MAC Address Clone
MAC Clone
MAC Clone Service To have the MAC address cloned,
select Enable.
MAC Address Enter the MAC address registered with
your ISP here.
Clone Click this button to clone the MAC address of the
computer you are using.
Click Save Settings to apply your changes, or click Cancel
Changes to cancel your changes.
Setup > Advanced Routing
This screen is used to set up the Router’s advanced
functions. Dynamic Routing automatically adjusts how
packets travel on your network. Static Routing sets up a
fixed route to another network destination.
Advanced Routing
Dynamic Routing
NAT If this Router is hosting your network’s connection to
the Internet, keep the default, Enabled. If another router
exists on your network, select Disabled. (When NAT is
disabled, the DHCP server feature is also disabled.)
Transmit RIP Version To use dynamic routing for
transmission of network data, select the protocol you
want: RIP1, RIP1-Compatible, or RIP2.
Receive RIP Version To use dynamic routing for reception
of network data, select the protocol you want, RIP1 or
RIP2.
Static Routing
A static route is a pre-determined pathway that network
information must travel to reach a specific host or network.
Enter the information described below to set up a new
static route.
Select Entry To set up a static route between the Router
and another network, select a number from the dropdown list. Click Delete Entry to delete a static route.
Destination IP Address Enter the IP address of the
remote network or host to which you want to assign a
static route.
Subnet Mask Enter the subnet mask. This determines
which portion of a Destination IP Address is the network
portion, and which portion is the host portion.
Gateway Enter the IP address of the gateway device that
allows for contact between the Router and the remote
network or host.
Hop Count Enter the maximum number of steps between
network nodes that data packets will travel. A node is any
device on the network, such as a computer, print server,
or router.
Interface Select the appropriate interface. This tells you
whether the Destination IP Address is on the LAN (Local
Area Network) or the Internet.
Setup > Advanced Routing
EtherFast Cable/DSL VPN Router with 4-Port Switch
Click Show Routing Table to view the static routes you
have already set up.
Advanced Routing > Routing Table
8
Chapter 3
Advanced Configuration
Routing Table
For each route, the Destination LAN IP address, Subnet
Mask, Gateway, Hop Count, and Interface are displayed.
Click Refresh to update the information.
Click Save Settings to apply your changes, or click Cancel
Changes to cancel your changes.
Security > Firewall
The Firewall screen is used to configure a firewall that can
filter out various types of unwanted traffic on the Router’s
local network.
Block WAN Requests
Block Anonymous Internet Requests This feature
makes it more difficult for outside users to work their
way into your network. This feature is enabled by default.
Select Disabled to allow anonymous Internet requests.
Click Save Settings to apply your changes, or click Cancel
Changes to cancel your changes.
Security > VPN
The VPN screen allows you to configure Virtual Private
Network (VPN) tunnels. The VPN tunnel is a secure
connection between two locations, which are also called
endpoints.
Security > Firewall
Firewall
SPI Firewall Protection To use firewall protection,
keep the default selection, Enabled. To turn off firewall
protection, select Disabled.
Additional Filters
Filter Proxy Use of WAN proxy servers may compromise
the Gateway’s security. Denying Proxy will disable access
to any WAN proxy servers. Select this option to enable
proxy filtering. Deselect the option to allow proxy access.
Filter Java Applets Java is a programming language for
websites. If you deny Java, you run the risk of not having
access to Internet sites created using this programming
language. Select this option to enable Java filtering.
Deselect the option to allow Java usage.
Filter Cookies A cookie is data stored on your computer
and used by Internet sites when you interact with them.
Select this option to filter cookies. Deselect the option to
allow cookie usage.
Filter ActiveX ActiveX is a programming language for
websites.If you deny ActiveX, you run the risk of not having
access to Internet sites created using this programming
language. Select this option to enable ActiveX filtering.
Deselect the option to allow ActiveX usage.
Security > VPN
VPN Passthrough
IPSec Passthrough Internet Protocol Security (IPSec) is
a suite of protocols used to implement secure exchange
of packets at the IP layer. To allow IPSec tunnels to pass
through the Router, select Enabled.
PPTP Passthrough Point-to-Point Tunneling Protocol
(PPTP) allows the Point-to-Point Protocol (PPP) to be
tunneled through an IP network. To allow PPTP tunnels to
pass through the Router, select Enabled.
EtherFast Cable/DSL VPN Router with 4-Port Switch
9
Chapter 3
Advanced Configuration
VPN Tunnel
The Router creates a tunnel between two endpoints,
so that the data traveling between these endpoints is
secure.
Select Tunnel Entry Select the tunnel you wish to create.
It is possible to create up to 50 simultaneous tunnels.
Delete To delete a tunnel, select it from the drop-down
menu, and then click Delete.
Summary To view summary information about a tunnel,
select it from the drop-down menu, and then click
Summary.
VPN Tunnel To enable a tunnel, select it from the drop-
down menu, and then click Enabled. To disable a tunnel,
select Disabled.
Tunnel Name Enter a name for this VPN tunnel, such as
Los Angeles Office, Chicago Branch, or New York Division.
This allows you to identify multiple tunnels and does not
have to match the name used at the other end of the
tunnel.
Interface Select the appropriate WAN port, WAN1 or
WAN2 (available if the Dual WAN feature is enabled).
Enable Check this box to enable a VPN tunnel. (When
you create a VPN tunnel, this check box will be disabled.)
Local Secure Group and Remote Secure Group
A Local Secure Group is a computer(s) on your network
that can access the tunnel. A Remote Secure Group is a
computer(s) on the remote end of the tunnel that can
access the tunnel. For the Local Secure Group, select
Subnet, IP Address, or IP Range. For the Remote Secure
Group, select Subnet, IP Address, IP Range, Host, or
Any.
NOTE: The Local Secure Group you select should
match the Remote Secure Group selected on
the VPN device at the other end of the tunnel.
IP Address
Only the computer with a specific IP address will be able
to access the tunnel.
IP Addr. Enter the appropriate address.
IP Range
This option is a combination of the Subnet and IP Address
options.
IP Range Specify a range of IP addresses within the
subnet that will have access to the tunnel.
Host and Any are options for the Remote Secure Group
only.
Host
The Remote Secure Group will be the same as the Remote
Security Gateway Setting: IP Address, FQDN (Fully Qualified
Domain Name), or Any.
Any
The local VPN Router will accept a request from any IP
address. Select this option when the other endpoint is
using DHCP or PPPoE on the Internet side.
Remote Security Gateway
The Remote Security Gateway is the VPN device, such as a
second VPN Router, on the remote end of the VPN tunnel.
Select IP Address, FQDN, or Any.
Remote Security Gateway
IP Address
IP Addr. Enter the IP address of the VPN device on the
other end of the tunnel. The remote VPN device can be
another VPN Router, a VPN server, or a computer with VPN
client software that supports IPSec. Make sure that you
have entered the address correctly.
Local and Remote Secure Group
Subnet
The default is Subnet. All computers on the local subnet
will be able to access the tunnel.
IP and Mask Enter the appropriate addresses. The default
value of 0 should remain in the last fields of the IP and
Mask settings.
EtherFast Cable/DSL VPN Router with 4-Port Switch
NOTE: Make sure you enter the IP address of the
remote VPN device, NOT the local VPN Router.
FQDN
FQDN Enter the Fully Qualified Domain Name (FQDN) of
the VPN device at the other end of the tunnel. The remote
VPN device can be another VPN Router, a VPN server,
or a computer with VPN client software that supports
IPSec. The FQDN is the host name and domain name
10
Loading...