ZyXEL Communications 202H manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones ZyXEL Communications 202H. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica ZyXEL Communications 202H o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual ZyXEL Communications 202H se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales ZyXEL Communications 202H, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones ZyXEL Communications 202H debe contener:
- información acerca de las especificaciones técnicas del dispositivo ZyXEL Communications 202H
- nombre de fabricante y año de fabricación del dispositivo ZyXEL Communications 202H
- condiciones de uso, configuración y mantenimiento del dispositivo ZyXEL Communications 202H
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de ZyXEL Communications 202H no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de ZyXEL Communications 202H y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico ZyXEL Communications en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de ZyXEL Communications 202H, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo ZyXEL Communications 202H, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual ZyXEL Communications 202H. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    Pr estige 202H ISDN Router User’s Guide Version 3.40 August 2003[...]

  • Página 2

    Prestige 202H User’s Guide ii Copyright Copyright Copyright © 2003 by Zy XEL Communications Corporation. The contents of this publi cation may not be reproduced i n any part or as a whole, transcribed, st ored in a retrieval system, translated into any langu age, or tr ansmitted in any form or by any means, electronic, mechanical, magnetic, opti[...]

  • Página 3

    Prestige 202H User’s Guide FCC iii Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rules. Operation is subject to the following two cond itions: This device m ay not cause harm ful interference. This device must accept any interference received, including interference that may cause undesi[...]

  • Página 4

    Prestige 202H User’s Guide iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifies certified equipmen t. This certification means that the equipment meets certain telecommunications network pr otective, op eration, and safety requ irements. The Industry Canada does not guarantee that the equipment w i[...]

  • Página 5

    Prestige 202H User’s Guide Warranty v ZyXEL Limited W arranty ZyXEL warrants to the original end us er (purchaser) that this product is free from any defects in materials or workmanshi p for a peri od of up to two years from the dat e of purchase . During the warrant y period, a nd upon proof of purchase, should the prod uct have indi cations of [...]

  • Página 6

    Prestige 202H User’s Guide vi Customer Support Customer Support When you contact your cu stomer support r epresenta tive please have t he followi ng inform ation ready: Please have th e following i nformation re ady when you cont act customer support. • Product model and serial num ber. • Information in Menu 24.2.1 – System Informat ion . ?[...]

  • Página 7

    Prestige 202H User’s Guide Table of Contents vii T able of Content s Copyright...................................................................................................................... ................................ii Federal Communications Commission (FCC) Interfer en ce S tatemen t................................................. [...]

  • Página 8

    Prestige 202H User’s Guide viii Table of Contents Chapter 4 SMT Menu 1 General Setup ............................................................................................. ..... 4-1 4.1 General Set u p Overview ......................................................................................................... .... 4-1 4.2 Configuring[...]

  • Página 9

    Prestige 202H User’s Guide Table of Contents ix 8.8 Configuring Network Layer Options ....................................................................................... 8-11 8.9 Configurin g Fi lte r............................................................................................................. ........ 8-14 Chapter 9 S tatic Ro[...]

  • Página 10

    Prestige 202H User’s Guide x Table of Contents Chapter 13 Introducin g the Prestige Fire wall................................................................................... ... 13-1 13.1 Access Me thods ................................................................................................................. ... 13-1 13.2 Using Prestig[...]

  • Página 11

    Prestige 202H User’s Guide Table of Contents xi 18.5 Example Filter ................................................................................................................. ... 18-16 18.6 Applying Filters and F actory Defau lts ............................................................................... 18-19 Chapter 19 SNMP Configura[...]

  • Página 12

    Prestige 202H User’s Guide xii Table of Contents 23.3 Applying Sche dule Sets ........................................................................................................ 2 3-3 Chapter 24 Remote Man agement ................................................................................................... ...... 24-1 24.1 Remote Manag[...]

  • Página 13

    Prestige 202H User’s Guide Table of Contents xiii 27.1 SA Monitor Overview .......................................................................................................... 27 -1 Chapter 28 IPSec Log ........................................................................................................... ................. 28-1 28.1 IPS[...]

  • Página 14

    Prestige 202H User’s Guide xiv List of Figures List of Figures Figure 1-1 Internet Access App lication......................................................................................... .................. 1-5 Figure 1-2 LAN-to-L AN Connection Ap plication................................................................................... ...[...]

  • Página 15

    Prestige 202H User’s Guide List of Figures xv Figure 6-6 Menu 3.2. 1 IP Alia s Setup ........................................................................................... ................. 6-7 Figure 7-1 Menu 4 In ternet Acce ss Setup ........................................................................................ .............. 7-2[...]

  • Página 16

    Prestige 202H User’s Guide xvi List of Figures Figure 1 1-1 Ho w NA T W orks ...................................................................................................... ................. 1 1-3 Figure 1 1-2 NA T Appli cation W ith IP Alias ...................................................................................... ...........[...]

  • Página 17

    Prestige 202H User’s Guide List of Figures xvii Figure 12-5 Stat eful I nspection ................................................................................................ .................... 12-8 Figure 13-1 Menu 21 F ilter and Fire wall Setup .................................................................................. ......... 13[...]

  • Página 18

    Prestige 202H User’s Guide xviii List of Figures Figure 18-5 NetBIOS_W A N Filter Rule s Summa ry ................................................................................... .. 18-6 Figure 18-6 NetBIOS _L AN Filter Ru les Su mmary .................................................................................. ... 18-6 Figure 18-7 T eln[...]

  • Página 19

    Prestige 202H User’s Guide List of Figures xix Figure 21-1 Menu 24.5 System Main tenance – Backup Co nfiguration ....................................................... 21-3 Figure 21-2 FTP Session Example ................................................................................................ ............... 21-4 Figure 21-3 System Mai[...]

  • Página 20

    Prestige 202H User’s Guide xx List of Figures Figure 22-8 Menu 24: Syste m Maintenance ........................................................................................ ......... 22-6 Figure 22-9 Menu 24.10 System Main tenance: T ime and Date Settin g ....................................................... 22-7 Figure 23-1 Menu 26 Schedule[...]

  • Página 21

    Prestige 202H User’s Guide List of T ables xxi List of T ables T able 2-1 LE D Functions ........................................................................................................ ....................... 2-1 T able 3-1 Main Menu Comma nds ...............................................................................................[...]

  • Página 22

    Prestige 202H User’s Guide xxii List of Tables T able 1 1-3 Applying NA T to the Remote Node ..................................................................................... ....... 11-7 T able 1 1-4 Menu 15.1.2 55 SU A Address Mapping Rules ............................................................................ 1 1-9 T able 1 1-5 Field[...]

  • Página 23

    Prestige 202H User’s Guide List of T ables xxiii T able 19-1 Menu 22 SNM P Configuration .......................................................................................... ........ 19-3 T able 19-2 SN MP Tra ps .......................................................................................................... ..................... [...]

  • Página 24

    Prestige 202H User’s Guide xxiv List of Tables T able 26-1 1 T elecommuter and Headquar ters Configuratio n Example ...................................................... 26-23 T able 27-1 Menu 27 .2 SA Monitor ................................................................................................ ............... 27-2 T able 28-1 Sam ple[...]

  • Página 25

    Prestige 202H User’s Guide Preface xxv Preface Congratulations on your purchase of the Prestige 202H ISDN ro uter. About This User's Manual This manual is designed to gu ide you through the conf ig uration of your Prestige for its various applications. This manual may refer to the Prestige 202H ISDN ro uter as the Prestige. Y ou may use the [...]

  • Página 26

    Prestige 202H User’s Guide xxvi Preface • A single keystroke is in Arial font a nd enclosed i n squa re brackets, for i nstance, [ENTER] means the Enter, or carriage retur n, key; [ESC] m eans the escape key and [SPACE BAR] means the s pace bar. [UP] and [DOWN] are the up and down a rrow keys. • Mouse action s equences are denoted usi ng a co[...]

  • Página 27

    Getting Started I Part I: Getting Started This part is structured as a step-by-step guide to help you connect, install a nd setup your router to operate on your network an d access the Internet.[...]

  • Página 28

    [...]

  • Página 29

    Prestige 202H User’s Gui de Getting to Know Your Prestige 1-1 Chapter 1 Getting to Know Your Prestige This chapter covers the key features and ma in applications of your router. 1.1 Introducing the Prestige 202H The Prestige 202H is a hi gh-performance router that offe rs a complete Internet Access solution. By integrating NAT, firewall, VPN capa[...]

  • Página 30

    Prestige 202H User’s Gui de 1-2 Getting to Know Your Prestige Auto-negotiating 10/100 Mbp s Ethernet LAN The LAN interfaces autom atically detect if they are on a 10 or a 100 Mbps Ethernet. Auto-crossover 10/100 Mbps Ethernet LAN The LAN interfaces autom atically ad just to either a crossover or strai ght-through Ethernet cable. Call Scheduling C[...]

  • Página 31

    Prestige 202H User’s Gui de Getting to Know Your Prestige 1-3 Outgoing Dat a Call Bumping Support Call bumping is a feature that allows the router to manage an MP (Multilink Proto col) bundle dynamically, dropping or reconnecting a c hannel in a bundle when n ecessary. Pre viously, the router did this for voice calls only, but n ow with this new [...]

  • Página 32

    Prestige 202H User’s Gui de 1-4 Getting to Know Your Prestige P AP and CHAP Security The router sup ports PAP ( Password Aut henticati on Protocol) an d CHAP ( Challenge Ha ndshake Authentication Protocol). CHAP is more secure than PAP; however, P AP is r eadily available on m ore platforms. DHCP (Dynamic Host Configuration Protocol) DHCP (Dyna m[...]

  • Página 33

    Prestige 202H User’s Gui de Getting to Know Your Prestige 1-5 Figure 1-1 Internet Access Application Internet Single User Account For a SOHO (Small Office/Home Office) enviro nment, your router offers the NAT (Network Addr ess Translation) feature that allows multiple users on the LAN (Local Area Network) to access the In ternet concurrentl y for[...]

  • Página 34

    Prestige 202H User’s Gui de 1-6 Getting to Know Your Prestige 1.3.3 Remote Access Server Your router allows remote users to dial-i n and gain access to your LAN. This featur e enables individuals that have computers with rem ote access capabilities to dial in to access the network resources without physically being in the office. Either PAP (Pass[...]

  • Página 35

    Prestige 202H User’s Gui de Getting to Know Your Prestige 1-7 Figure 1-4 Secure Internet Access and VPN Application[...]

  • Página 36

    [...]

  • Página 37

    Prestige 202H User’s Gui de Hardware Installation 2-1 Chapter 2 Hardware Installation This chapter shows you how to make t h e cable connections to your r outer. 2.1 Front Panel The LED indicators on the fron t panel indicate the op erational status of the router. The table after the diagram describes t he LED functi ons: Figure 2-1 Front Panel T[...]

  • Página 38

    Prestige 202H User’s Gui de 2-2 Hardware Installation 2.2 Rear Panel and Connections The next figure shows the r ear panel conn ectors of your router. Figure 2-2 Rear Panel This section outlines how to conn ect your router to the LAN and to the ISDN network. 2.2.1 Connecting the ISDN Line Connect the ro uter to the IS DN network using the incl ud[...]

  • Página 39

    Prestige 202H User’s Gui de Hardware Installation 2-3 2.3 T urn On Y our Router At this point, you should have conn ected the console port, the ISDN port, the Ethe rnet port(s) and t he power port to the a ppropriate de vices or l ines. You c an now tur n on the ro uter by pus hing the p ower butto n in to t he on position (in is ON, out is OFF).[...]

  • Página 40

    [...]

  • Página 41

    Prestige 202H User’s Gui de Introducing the SMT 3-1 Chapter 3 Introducing the SMT This chapter explains how to access the System Management Terminal and gives an overview of its menus. 3.1 Introduction to the SMT T he Prestige’s SMT (System Managem ent Terminal) is a menu-drive n interface that you can access from a terminal emulator through th[...]

  • Página 42

    Prestige 202H User’s Gui de 3-2 Introducing the SMT Please note that if there is no activity for longer th an 5 minutes after you log in , the router automatically logs you out and displ ays a blank screen. If y ou see a blank sc reen, press [ENTER] to bring up the login screen again. Figure 3-1 Login Screen 3.4 Navigating the SMT Interface The S[...]

  • Página 43

    Prestige 202H User’s Gui de Introducing the SMT 3-3 Table 3-1 Main Menu Commands OPERATION KEYSTROKES DESCRIPTION N/A fields <N/A> Some of the fields in the SMT will show a <N/A>. This symbol refers to an option that is Not Applicab le. Save your configuration [ENTER] Save your configuration by pressing [ENT ER] at the message “Pres[...]

  • Página 44

    Prestige 202H User’s Gui de 3-4 Introducing the SMT Table 3-2 Main Menu Summary NO. Menu Title FUNCTION 3 Ethernet Setup Use this menu to apply LA N filters, configure LAN DHCP and TCP/IP settings and configure the wireless LAN port (not availabl e on all models). 4 Internet Access Setup Configure your Internet Access setup (Internet address, gat[...]

  • Página 45

    Prestige 202H User’s Gui de Introducing the SMT 3-5 Menu 3 Ethernet Setup Menu 4 Internet Access Set up Menu 1 1 Remote Node Setup Menu 12 Static Routing Setu p Menu 12.1 Edit IP Static Route Menu 1 1.1 Remote Node Profile Menu 3.1 LAN Port Filter Setup Menu 1 1.3 Remote Node Network Layer Options Menu 3.2.1 IP Alias Setup Menu 3.2 TCP/IP and DHC[...]

  • Página 46

    Prestige 202H User’s Gui de 3-6 Introducing the SMT Figure 3-3 Menu 23.1 System Pass word Step 2. Enter 1 in M enu 23 t o open Menu 23.1 - System Security - Chan ge Password. When Menu 23.1- Syst em Se curity-Change Password appears, as shown in the figure below, type in your existing system password, i.e., 1234, and press [ENTER]. Figure 3-4 Men[...]

  • Página 47

    Prestige 202H User’s Gui de Introducing the SMT 3-7 speed of the console port will be reset to the default of 9600bps w ith 8 data b it, no parity, one stop bit and flow control set to none. The passwo rd will be reset to “123 4”, also. 3.7.1 Uploading a Configurat ion File Via Console Port Step 1. Download the defau lt configuration file fro[...]

  • Página 48

    Prestige 202H User’s Gui de 3-8 Introducing the SMT Step 5. Click Transfer , then Send File to display the following screen. Figure 3-6 Example Xmodem Upload Step 6. After successful firmware upload, en ter "atgo" to restart the router. Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protoco[...]

  • Página 49

    Prestige 202H User’s Gui de SMT Menu 1 General Setup 4-1 Chapter 4 SMT Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 4.1 General Setup Overview Menu 1 - General Setup contains administrative and system-related information. 4.1.1 General Setup and System Name General Setup contains administrati[...]

  • Página 50

    Prestige 202H User’s Gui de 4-2 SMT Menu 1 General Setup 4.3 Dynamic DNS Dynamic DNS allows you to update your curr ent dynamic IP address with one or many dynamic DNS services so that anyone can c ontact you (in NetMee ting, CU-SeeMe, etc.). Yo u can als o access your FTP server or Web site on yo ur own comput er using a DNS-l ike address ( for [...]

  • Página 51

    Prestige 202H User’s Gui de SMT Menu 1 General Setup 4-3 4.4 Configuring Dynamic DNS To configure Dynamic DNS , go to Menu 1: Ge neral Setup and press [SPACE BAR] to select Yes in the Edit Dynamic DNS field. Press [ENTER] to display Menu 1.1— Configure Dynamic DNS (shown next). Not all m odels have eve ry field s hown. Figure 4-2 Configure Dyna[...]

  • Página 52

    [...]

  • Página 53

    Prestige 202H User’s Gui de ISDN Setup 5-1 Chapter 5 ISDN Setup This chapter tells you how to configure the ISDN Setup menus for your Internet connection. 5.1 ISDN Setup Overview Menu 2 - IS DN Setup allows you to enter the information about your ISDN line. 5.1.1 IDSN Setup Enter 1 i n the m ain menu to open m enu 2 as shown ne xt. Figure 5-1 Men[...]

  • Página 54

    Prestige 202H User’s Gui de 5-2 ISDN Setup Table 5-1 Menu 2 ISDN Setup FIELD DESCRIPTION ♦ Switch/Unused ♦ Sw it ch /Sw i tc h ♦ Switch/Leased ♦ Leased/Switch ♦ Leased/Unused ♦ Unused/Leased ♦ Leased/Leased Telephone Number(s) IDSN Data Enter the telephone number(s ) assigned to your ISDN line by your te lephone company. Some switch[...]

  • Página 55

    Prestige 202H User’s Gui de ISDN Setup 5-3 P ABX Num ber (with S/T Bus Number) for Loopback Enter the S/T bus num ber if the router is connected to an IS DN PABX. If this field is left as bla nk then the ISDN loopback test will be skipp ed. Outgoing Calling Party Number If these fields are not blank, the r outer will use these values as the calli[...]

  • Página 56

    Prestige 202H User’s Gui de 5-4 ISDN Setup 5.2.1 Configuring Advanced Setup Figure 5-3 Menu 2 ISDN Setup for DSS1 When you are fi nish ed, pre ss [ ENTER ] at the message: ‘Press ENTER to confirm ’, the router uses the information that you en tered to initialize the ISDN line. It should be noted that wh enever the switch type is changed, the [...]

  • Página 57

    Prestige 202H User’s Gui de ISDN Setup 5-5 5.3 NetCAPI 5.3.1 Overview Your Prestige supports NetCAPI. NetCAPI is ZyXEL's im plementati on of CAPI (C omm on ISDN Application Program Interface) capabilities over a networ k. It runs over DCP (Device Control Protocol) developed by RVS-COM. NetCAPI can be used for applications su ch as Eurofile t[...]

  • Página 58

    Prestige 202H User’s Gui de 5-6 ISDN Setup The following figure illustrates th e configuration used in this example. Figure 5-5 Configuration Example Before entering any configurations , you must insta ll the CAPI driver (R VS-CE) and c omm unication program such as RVS-C OM Lite on your com puter. 5.3.3 R VS-COM RVS-COM inc ludes an ISD N CAPI d[...]

  • Página 59

    Prestige 202H User’s Gui de ISDN Setup 5-7 If you did not inst all RVS-Lite and want to use other programs such as A VM Fritz to access the ISDN router , you must first inst all the CAPI driv er - RVS-CE using the English version inst allation wizard (i n DISKsCEPEDISK1) an d st art the SETUP .EXE. 5.3.4 Configuring NetCAPI Press the [SACEBAR[...]

  • Página 60

    Prestige 202H User’s Gui de 5-8 ISDN Setup Table 5-2 Configuring NetCAPI FIELD DESCRIPTION Max Number of Registered Users When you want to use NetCAPI to place out goi ng calls or to listen to incoming calls, you must start RVSCOM on your computer, and RVSCOM will register itself to the Prestige. This option is the maximum number of clients that [...]

  • Página 61

    Prestige 202H User’s Gui de Ethernet Setup 6-1 Chapter 6 Ethernet Setup This chapter shows you how to configur e the LAN settings for your Prestige. 6.1 Ethernet Setup This section describes how to configure the Ethern et using Menu 3 – Ethernet Setup . From the Main Menu, enter 3 to open Menu 3 - Ethernet Setup . Figure 6-1 Menu 3 Ethernet Set[...]

  • Página 62

    Prestige 202H User’s Gui de 6-2 Ethernet Setup 6.2 Ethernet TCP/IP and DHCP Server The Prestige has built-in DHCP server capability that assig ns IP addresses and DNS servers to systems that support DHCP client capability. For remote node TCP/IP configur ation, refer to the chapter on Remote Node Configuration. 6.2.1 Factory Ethernet Default s Th[...]

  • Página 63

    Prestige 202H User’s Gui de Ethernet Setup 6-3 6.2.3 Private IP Addresses Every comput er on the Inte rnet must have a uniq ue IP addre ss. If your net works are i solated from the Internet, for instance, only between y our two bra nch offices, y ou ca n assign any IP addresses to the hosts without problems. However, the Intern et Assigned Nu mbe[...]

  • Página 64

    Prestige 202H User’s Gui de 6-4 Ethernet Setup 6.2.5 DHCP Configuration DHCP (Dynamic Host Config uration Protocol) allows the indivi dual clie nts (com puters) to obt ain the TCP/IP configuration at start-up fro m a centralized DHCP server. The router has built-in DHCP serv er capability, enabled by default, wh ich means it can assi gn IP addres[...]

  • Página 65

    Prestige 202H User’s Gui de Ethernet Setup 6-5 6.3 Configuring TCP/IP Ethernet and DHCP You will now use Menu 3.2-TCP/IP and DHCP Ethernet Setup to configure your rou ter for TCP/IP. To edit menu 3.2, select the menu option Ethernet Setup in the Main Menu. Wh en menu 3 a ppears, sele ct the submenu option TCP/IP and DHCP Setup and press [ENTER] .[...]

  • Página 66

    Prestige 202H User’s Gui de 6-6 Ethernet Setup Table 6-2 Menu 3.2 TCP/IP and DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE Primary DNS Server Secondary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with t he IP address and the subn et mask. Remote DHCP Server If Relay is selected in the[...]

  • Página 67

    Prestige 202H User’s Gui de Ethernet Setup 6-7 Figure 6-4 Physical Network Î Figure 6-5 Partitioned Logical Net works Use menu 3. 2.1 to con figure IP Ali as on your router. 6.5 IP Alias Setup You must use menu 3. 2 to confi gure the firs t network. Move the cu rsor to the Edit IP Alias field, press [SPACE BAR] to choose Yes and press [ENTER] to[...]

  • Página 68

    Prestige 202H User’s Gui de 6-8 Ethernet Setup Table 6-4 IP Menu 3.2.1 – IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias 1 or 2 Choose Yes to configure the LAN net work for the router. Yes IP Address Enter the IP address of your router in dotted decimal notatio n. 192.168.2.1 IP Subnet Mask Your router will automatically calc ulate the s ubne[...]

  • Página 69

    Prestige 202H User’s Gui de Internet Access Setup 7-1 Chapter 7 Internet Access Setup This chapter shows you how to configure your router for Internet access 7.1 Internet Access Overview Menu 4 allows you to enter the In ternet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes t hat you can access[...]

  • Página 70

    Prestige 202H User’s Gui de 7-2 Internet Access Setup 7.2 Internet Access Setup The table following this menu c ontains instructions on how to configur e your router for Internet access. Figure 7-1 Menu 4 Internet Access Setup Table 7-2 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Servic e Provider, [...]

  • Página 71

    Prestige 202H User’s Gui de Internet Access Setup 7-3 Table 7-2 Menu 4 Internet Access Setup FIELD DESCRIPTION NAT Choose from None , Full Feature or SUA Only . When you select Full Feature you must configure at least one address mapping set. See the chapter o n NAT for a full discussion of this new feature. Address Mapping Set A NAT Server Set i[...]

  • Página 72

    Advanced Applications II Part II: Advanced Applications This part describ es the advanced appli cations of your Prestige, such as Remote Node Configuration, Dial-in Confi guration and NA T .[...]

  • Página 73

    Prestige 202H User’s Guide Remote Node Configuration 8-1 Chapter 8 Remote Node Configuration This chapter covers the configuration of remote nodes. 8.1 Remote Node Overview A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and th e network be hind it across a WAN co nnection. Not e t[...]

  • Página 74

    Prestige 202H User’s Guide 8-2 Remote Node Configuration Step 2. When Men u 11 appears a s show n in the fol lowing fi gure, enter t he number of the rem ote node that you wish to co nfigure. Figure 8-1 Menu 11 Remote Node Setup When Menu 11.1. – Remote Node Profile appears, fill in the fields as described in th e following table to define this[...]

  • Página 75

    Prestige 202H User’s Guide Remote Node Configuration 8-3 Table 8-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Node Name This is a required field [?]. Enter a descriptive name for the remote node, for example, Corp. This field can be up to eight characters. T his name must be unique from any other remote node name or remot e dial-[...]

  • Página 76

    Prestige 202H User’s Guide 8-4 Remote Node Configuration Table 8-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Call Back This field is applicable onl y if Call Direction is set to Both . Otherwise, a N/A appears in the field. This field determines whether or not your Prestige will call back after receiving a call from this remote node[...]

  • Página 77

    Prestige 202H User’s Guide Remote Node Configuration 8-5 Table 8-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Telc o Options: Transfer Type This field specifies the type of conn ection bet ween the Prestige and this remote node. When set to Leased , the Allocated Budge t and Period do not apply. 64k Allocated Budget (min) This field [...]

  • Página 78

    Prestige 202H User’s Guide 8-6 Remote Node Configuration 8.3 Outgoing Authentication Protocol Generally spea king, you s hould em ploy the stro ngest authent ication prot ocol possi ble, for obvi ous reasons. However, some vendor’s implementation includes specific authenticatio n protocol in the user prof ile. It will disconnect if the negoti a[...]

  • Página 79

    Prestige 202H User’s Guide Remote Node Configuration 8-7 Table 8-2 BTR vs MTR for BOD BTR AND MTR SETTING No. of Channe l(s) Used Max No. of Channel(s) Used BANDWIDTH ON DEMAND BTR = 64, MTR = 64 1 1 Off BTR = 64, MTR = 128 1 2 On BTR = 128, MTR = 128 2 2 Off When bandwidth on demand is en abled, a second chan nel will be brought up if traffic on[...]

  • Página 80

    Prestige 202H User’s Guide 8-8 Remote Node Configuration Menu 11.2 - Remote Node PPP Options Encapsulation= Standard PPP Compression= No BACP= Enable Multiple Link Options: BOD Calculation= Transmit or Receive Base Trans Rate(Kbps)= 64 Max Trans Rate(Kbps)= 64 Target Utility(Kbps)= 32-48 Add Persist(sec)= 5 Subtract Persist(sec)= 5 Press ENTER to[...]

  • Página 81

    Prestige 202H User’s Guide Remote Node Configuration 8-9 Table 8-3 Menu 11.2 Remote Node PPP Options Target Utility (Kbps) Enter the two threshol ds separated by a [–] for subtracting and adding the second port. Default = 32–48 Add Persist T his parameter specif ies the number of seconds where traffic is above the adding threshol d before the[...]

  • Página 82

    Prestige 202H User’s Guide 8-10 Remote Node Configuration LAN 1 Setup Figure 8-5 LAN 1 Setup LAN 2 Setup Figure 8-6 LAN 2 Setup Menu 11.1 - Remote Node Profile Rem Node Name= LAN_2 Active= Yes Call Direction= Both Incoming: Rem Login= lan2 Rem Password= ******* Rem CLID= Call Back= No Outgoing: My Login= lan1 My Password= ******** Authen= CHAP/PA[...]

  • Página 83

    Prestige 202H User’s Guide Remote Node Configuration 8-11 Additionally , you m ay also need to de fine sta tic routes if s ome services res ide beyond t he immediat e remote LAN. 8.8 Configuring Network Layer Options Follow the steps below to edit Menu 11.3 – Remote Node Network L ayer Options shown next. Step 1. To configure t he TCP/IP par am[...]

  • Página 84

    Prestige 202H User’s Guide 8-12 Remote Node Configuration Menu 11.3 - Remote Node Network Layer Options Rem IP Addr: Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= None Address Mapping Set= Full Feature Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Press ENTER to Confirm or ESC to Cancel: Table 8-5 Remote Node Net work Layer Optio[...]

  • Página 85

    Prestige 202H User’s Guide Remote Node Configuration 8-13 Table 8-6 Remote Node Net work Layer Options FIELD DESCRIPTION EXAMPLE Metric Metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measur ement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates [...]

  • Página 86

    Prestige 202H User’s Guide 8-14 Remote Node Configuration Figure 8-7 Sample IP Addresses for LAN-to-LAN Connection 8.9 Configuring Filter Use Menu 11.5 – Remote Node Filter to specify the filter set(s) to apply to the in coming and outgoing traffic between this remote node and the Prestige and also to preve.nt ce rtain packets from triggering c[...]

  • Página 87

    Prestige 202H User’s Guide Remote Node Configuration 8-15 Figure 8-8 Menu 11.5 Remote Node Filter Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= 1 device filters= Press ENTER to Confirm or ESC to Cancel:[...]

  • Página 88

    [...]

  • Página 89

    Prestige 202H User’s Guide Remote Node TCP/IP Configuration 9-1 Chapter 9 Static Route Setup This chapter shows how to set up static routes. 9.1 S t atic Route Overview Static routes tell the Prestige routing information that it cannot learn au tomatically through other means. This can arise in cases where RIP is disa bl ed on the L AN or a re mo[...]

  • Página 90

    Prestige 202H User’s Guide 9-2 Remote Nod e TCP/IP Configuration To configure an IP static route, use Menu 12 – IP Static Route Setup , as displa yed next. Figure 9-2 Menu 12 IP Static Route Setup From Menu 12, select one of t he av ailable IP static routes to open Menu 12.1 – Edit IP Static Route , as shown next. Figure 9-3 Menu 12.1 Edit IP[...]

  • Página 91

    Prestige 202H User’s Guide Remote Node TCP/IP Configuration 9-3 Table 9-1 Menu 12.1 Edit IP Static Route FIELD DESCRIPTION IP Subnet Mask Enter the subnet mask for this desti nation. Follow the discussion on IP subnet mask in this chapter. Gateway IP Address Enter the IP address of the gateway. The gate way is an immediate neighbor of your Presti[...]

  • Página 92

    [...]

  • Página 93

    Prestige 202H User’s Guide Dial-in Setup 10-1 Chapter 10 Dial-in Setup This chapter shows you how to c onfigure your Prestige to receive ca lls from remote dial-in users including telecommuters and remote nodes. This is done in SMT menus 13 and 14. 10.1 Dial-in Users Overview There are seve ral differences between dial -in users a nd remote nodes[...]

  • Página 94

    Prestige 202H User’s Guide 10-2 Dial-in Setup 10.3 Setting Up Default Dial-in From the Main Menu, enter 13 to go to Menu 13 – Default Dial-in Se tup . This section describes how to configure t he protocol-i ndepende nt fields i n this m enu. For t he protocol -dependent fields, refe r to the appropriate chapters. Figure 10-1 Menu 13 Default Dia[...]

  • Página 95

    Prestige 202H User’s Guide Dial-in Setup 10-3 Table 10-2 Menu 13 Default Dial-in Setup FIELD DESCRIPTION EXAMPLE Recv Authen This field sets the authentication protoc ol for incoming calls. For security reason, setting authenticatio n to None is strongly discouraged. Options for this field are: CH AP / P AP – Your Prestige will try CHAP first, [...]

  • Página 96

    Prestige 202H User’s Guide 10-4 Dial-in Setup Table 10-2 Menu 13 Default Dial-in Setup FIELD DESCRIPTION EXAMPLE Dial-in User If set to Yes , the Prestige will allow a remote host to specify its own IP address. If set to No , the remote host must use the IP address assigned by your Prestige from the IP pool, configured belo w. This is to prevent [...]

  • Página 97

    Prestige 202H User’s Guide Dial-in Setup 10-5 but not th e remote nodes. You can specify up to 4 filter sets separated b y comma, e.g., 1, 5, 9, 12, in each filter field. The default is no filters. Spaces are accepted in this fi eld. For more inform ation on defining th e filters, see the filters chapter. Figure 10-2 Menu 13.1 Defaul t Dial-in Fi[...]

  • Página 98

    Prestige 202H User’s Guide 10-6 Dial-in Setup Figure 10-3 Menu 14 Dial-in User Setup Step 2. Select one of the users by number, this will bring you to Menu 14.1 – Edi t Dial-in User , as shown next. Figure 10-4 Menu 14.1 Edit Dial-in Us er Table 10-3 Edit Dial-in User FIELD DESCRIPTION EXAMPLE User Name This is a required field. T his will be u[...]

  • Página 99

    Prestige 202H User’s Guide Dial-in Setup 10-7 Table 10-3 Edit Dial-in User FIELD DESCRIPTION EXAMPLE Callback This field determines if your Prestige will allow call back to this user upon dial-in. If this option is enabled, your Prestige will call back to the user if requested. In such a case, your Pres tige will disco nnect the initial call from[...]

  • Página 100

    Prestige 202H User’s Guide 10-8 Dial-in Setup dial-in user profile for each telecommuter. Additionally , you need to configure the Default Dial-in User Setup to set the operational parameters for all dial-in users. An example of remote access server for telecomm uters is shown next. Figure 10-5 Example of Telecommuting See the following screen s [...]

  • Página 101

    Prestige 202H User’s Guide Dial-in Setup 10-9 Configuring Menu 13: Figure 10-6 Configuring Menu 13 for Remote Ac cess Configuring Menu 14.1 Figure 10-7 Edit Dial-in-User The caller always controls Idle T imeout, so this field does not apply when there is callback. Menu 13 - Default Dial-in Setup Telco Options: CLID Authen= None PPP Options: Recv [...]

  • Página 102

    Prestige 202H User’s Guide 10-10 Dial-in Setup 10.7 LAN-to-LAN Server Application Example Your Prestige can also be use d as a dial-in server for LAN-to-LAN applicati on to provi de access for the workstations on a remote network. For your Prestige to be set up as a LAN-t o-LAN server, y ou need to configure the Default Dial-in User Setup to set [...]

  • Página 103

    Prestige 202H User’s Guide Dial-in Setup 10-11 LAN 1 Figure 10-9 LAN 1 LAN-to-L AN Application LAN 2 Figure 10-10 LAN 2 LAN-to-LAN Appli cation Go to menu 24.4.5 of the Pres tige on LA N 1 and ente r the num bers that corres pond t o the menu i n LAN 1 above to test callback with your connection. Menu 11.1 - Remote Node Profile Rem Node Name= LAN[...]

  • Página 104

    Prestige 202H User’s Guide 10-12 Dial-in Setup Figure 10-11 Testing Callback With Your Connec tion 10.7.2 Configuring With CLID in LAN-to-LAN Application The only difference between callback with CLID (Callin g Line Iden tification) and callback described abo ve is that you d o not pay for the first call, i.e., when the Prestige on LAN 1 calls th[...]

  • Página 105

    Prestige 202H User’s Guide Dial-in Setup 10-13 Prestige on LAN 2 Figure 10-12 Callback With CLI D Configuration Menu 13 Figure 10-13 Configuring CLID With Callback Menu 13 - Default Dial-in Setup Telco Options: CLID Authen= Required PPP Options: Recv Authen= PAP Compression= No Mutual Authen= No O/G Username= O/G Password= ******** Multiple Link [...]

  • Página 106

    Prestige 202H User’s Guide 10-14 Dial-in Setup Go to Menu 24.8 (Prestige on LAN 2) and type "sys tr cl call" to test your connection with callback on CLID. The Prestige displays all com munication traces as s hown in the next figure. If CLID authentication fails, this means that the calling nu mber does not match the Rem CLID number in [...]

  • Página 107

    Prestige 202H User’s Guide Dial-in Setup 11-1 Chapter 11 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 11.1 NA T Overview NAT (Network Address Tran slation - NAT, RFC 1631) is the translation of the IP addr ess of a host in a packet, for exa mple, the sourc e address of a n outgoin g packet, used w[...]

  • Página 108

    Prestige 202H User’s Guide 11-2 Dial-in Setup 11.1.2 What NA T Does In the simplest form, NAT changes the source IP address in a packet recei ved from a subscriber (the insi de local address) t o another (the inside gl obal address ) before f orwarding the packet to the WAN side. W hen the response comes back, NAT tra nslates the destination ad d[...]

  • Página 109

    Prestige 202H User’s Guide Dial-in Setup 11-3 Figure 11-1 How NAT Works 11.1.4 NA T Application The following figure illu strates a possible NAT applicatio n, where three inside LANs (logical LANs using IP Alias) behind the Prestige can comm unicate with three distinct WAN networks. More examples follow at th e end of this chapter.[...]

  • Página 110

    Prestige 202H User’s Guide 11-4 Dial-in Setup Figure 11-2 NAT Application With IP Alias 11.1.5 NA T Mapping T ypes NAT supports five types o f IP/port m apping. They are: 1. One to One : I n One-to-One mode, the Pres tige maps one local IP address to one gl obal IP address. 2. Many t o One : In Many-to-One m ode, the Prestige maps multiple local [...]

  • Página 111

    Prestige 202H User’s Guide Dial-in Setup 11-5 5. Server : This type allows you to specify inside server s of different services b ehind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many-to-Many No Overload NA T mapping types. The following table su mm arizes these types. Table 11-2 NAT Mapping Types[...]

  • Página 112

    Prestige 202H User’s Guide 11-6 Dial-in Setup 1. Choose SUA Only if you have just one public W AN IP address for y our Prestige. 2. Choose Full Feature if you have multiple public W AN IP addresses for y our Prestige. 11.2 Applying NA T You apply NAT via m enus 4 or 11.3 as dis played ne xt. The next figu re shows y ou how t o apply NA T for Inte[...]

  • Página 113

    Prestige 202H User’s Guide Dial-in Setup 11-7 Figure 11-4 Apply ing NAT to the Remote Node Table 11-3 Applying NAT to the Remote Node FIELD DESCRIPTION EX AMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP address es for your Prestige. The SMT uses the address mapping set that you configure and ente[...]

  • Página 114

    Prestige 202H User’s Guide 11-8 Dial-in Setup Figure 11-5 Menu 15 NAT Setup 11.3.1 Address Mapping Set s Enter 1 to brin g up Menu 15.1 — Address Mapping Sets . Figure 11-6 Menu 15.1 Address Map ping Sets SUA Address Mapping Set Enter 255 to display the next screen (see also section 11.1.6 ) . The fields in t his menu ca nnot be c hanged. Menu [...]

  • Página 115

    Prestige 202H User’s Guide Dial-in Setup 11-9 Figure 11-7 Menu 15.1.255 SUA Addr ess Mapping Rules Table 11-4 Menu 15.1.255 SUA Ad dress Mapping Rules FIELD DESCRIPTION EXAMPLE Set Name This is the name of the set you selected in menu 15.1 or enter the name of a new set you want to create. SUA Idx This is the index or rule num ber. 1 Local Start [...]

  • Página 116

    Prestige 202H User’s Guide 11-10 Dial-in Setup screen. Note also that the [?] in the Se t Name field means t hat this is a required field and you must enter a name for the se t. If the Set Name field is left blank, the entire set will be deleted. Figure 11-8 Menu 15.1.1 Address Ma pping Rules First Set The T ype, Local and Global S t art/End IPs [...]

  • Página 117

    Prestige 202H User’s Guide Dial-in Setup 11-11 Table 11-5 Fields in Menu 15.1.1 FIELD DESRIPTION EXAMPLE Action The default is Edit . Edit means you want to edit a selected rule (see following field). Insert Before means to inser t a rule before the rule selected. The rules after the selected rule will then be moved do wn by one rule. Delete mean[...]

  • Página 118

    Prestige 202H User’s Guide 11-12 Dial-in Setup Table 11-6 Menu 15.1.1.1 Address Ma pping Rule FIELD DESCRIPTION EX AMPLE Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping typ es discussed in Tabl e 11-2. Server allows you to specify multiple servers of different types behind NAT to this computer. [...]

  • Página 119

    Prestige 202H User’s Guide Dial-in Setup 11-13 In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly design ated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded. Many residential broadband ISP acco[...]

  • Página 120

    Prestige 202H User’s Guide 11-14 Dial-in Setup Step 2. Enter 2 to displ ay Menu 15.2 - NAT Server Sets a s shown next. Figure 11-10 Menu 15.2 NAT Server Sets Step 3. Enter 1 to go to Menu 15. 2 NAT Server Se tup as follows. Figure 11-11 Menu 15.2 NAT Server Setup Step 4. Enter a port number in an unused Start Port No field. To forward only one po[...]

  • Página 121

    Prestige 202H User’s Guide Dial-in Setup 11-15 Step 6. Press [ENTER] at the “Press ENTER to confirm …” prompt to save your configuratio n after you define all the s ervers or press [ESC] at any time to cancel. Figure 11-12 Multiple Servers Behind NAT Ex ample 11.5 General NA T Examples This section pr ovides som e examples wit h Network A d[...]

  • Página 122

    Prestige 202H User’s Guide 11-16 Dial-in Setup Figure 11-13 NAT Example 1 Figure 11-14 Menu 4 Internet Access & NAT Example From m enu 4, choose the SUA Onl y option from the NAT field. This i s the Many -to-One mappi ng discussed in se ction 11.5. The SUA Only read-only option from the Network Address Translation field in menus 4 an d 11.3 i[...]

  • Página 123

    Prestige 202H User’s Guide Dial-in Setup 11-17 11.5.2 Example 2: Internet A ccess w ith an Inside Server Figure 11-15 NAT Example 2 In this case, you do exactly as above (use the conve nient pre-configured S UA Only set) and also go to menu 15.2 to specify the Inside Se rver behin d the NAT as s hown in the next fig ure.[...]

  • Página 124

    Prestige 202H User’s Guide 11-18 Dial-in Setup Figure 11-16 Menu 15.2 Specifying an Inside Server 11.5.3 Example 3: Multip le Public IP Addresses With Inside Servers In this exam ple, there are 3 IGAs from our ISP. T here are ma ny department s but two ha ve their ow n FTP server. All departments share the same router. The ex ample will reserve o[...]

  • Página 125

    Prestige 202H User’s Guide Dial-in Setup 11-19 Figure 11-17 NAT Example 3 Step 1. In this case yo u need to confi gure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in m enu 4 or menu 11. 3) in Figure 11-18 . Step 2. Then enter 15 from t h[...]

  • Página 126

    Prestige 202H User’s Guide 11-20 Dial-in Setup Figure 11-18 Example 3: Menu 11.3 The following figure shows ho w to conf igure the firs t rule Figure 11-19 Example 3: Menu 15.1.1.1 Repeat the previous step for rules 2 to 4 as outlined abov e. Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: St[...]

  • Página 127

    Prestige 202H User’s Guide Dial-in Setup 11-21 Figure 11-20 Example 3: Final Menu 15.1.1 Step 7. Menu 15.1.1 sh ould look as above. Now conf igure th e IGA3 to map to our web ser ver and ma il serv er on the LA N. Step 8. Enter 15 from the main menu. Step 9. Enter 2 in Menu 15 - NAT Setup . Step 10. Enter 1 in Menu 15.2 - NAT Server Sets to see t[...]

  • Página 128

    Prestige 202H User’s Guide 11-22 Dial-in Setup 11.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Ov erload mapping as po rt numbers do not change fo r Many-to-M any No Overload (and One-to-One ) NAT m appi[...]

  • Página 129

    Prestige 202H User’s Guide Dial-in Setup 11-23 Figure 11-22 Example 4: Menu 15.1.1.1 Address M apping Rule After you’ve configured your rule, you should b e able to check the settings in menu 15.1.1 as shown next. Figure 11-23 Example 4: Menu 15.1.1 Address Ma pping Rules Menu 15.1.1.1 Address Mapping Rule Type= Many-to-Many No Overload Local I[...]

  • Página 130

    Firewall III Part III: Firewall This part introduces fire walls in general and the Prestige firewall. It also explains cu stomized services and logs and gives example firewall rule s.[...]

  • Página 131

    Prestige 202H User’s Guide Firewalls 12-1 Chapter 12 Firewalls This chapter gives som e background inform ation on firewalls and explai ns how to get started with the Prestige firewall. 12.1 Firewall Overview Originally, the term firewall referred to a construction techn ique designed to preven t the spread of fire from one room to another. T he [...]

  • Página 132

    Prestige 202H User’s Guide 12-2 Fire walls i. Information hidin g prevents t he names of int ernal system s from bein g made know n via DNS to outside system s, since the app lication gate way is the onl y host whose name must be made known t o outside systems. ii. Robust authenticatio n and logging pr e-authenticat es applicatio n traffic before[...]

  • Página 133

    Prestige 202H User’s Guide Firewalls 12-3 Figure 12-1 Prestige Firewall Application 12.4 Denial of Service Denials of Service (DoS) attacks are aim ed at devices an d networks wi th a connection to the Internet. T heir goal is not to steal information, but to disable a devi ce or network so users no longer have access to network resources. The Pr[...]

  • Página 134

    Prestige 202H User’s Guide 12-4 Fire walls Table 12-1 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 12.4.2 T ypes of DoS Att acks There are four types of DoS a ttacks: 1. Those that exploi t bugs in a TCP/IP im plem entation. 2. Those that exploit weaknesse s in t he TCP/IP specification. 3. Brute-force attacks that flood a net[...]

  • Página 135

    Prestige 202H User’s Guide Firewalls 12-5 Figure 12-2 Three-Way Handshake Under normal circumstances, the application that initiate s a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (ack nowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). Af ter this[...]

  • Página 136

    Prestige 202H User’s Guide 12-6 Fire walls 2-b In a LAND Atta ck , hackers flood S YN packets i nto th e network with a spoofed source IP address of the targeted system. Th is makes it appear as if the host computer sent t he packets to itself, making the system unavailable while the target system tries to respond to itself. 3. A br ute-force att[...]

  • Página 137

    Prestige 202H User’s Guide Firewalls 12-7 Table 12-3 Legal NetBIOS Command s MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP commands are illegal excep t for th ose displayed in the following tables. Table 12-4 Legal SMTP Commands AUTH DATA EHLO ET RN EXPN HELO HELP MAIL NOOP QUIT RCPT RSET SAML SEND SOML TURN VRFY  Tracero[...]

  • Página 138

    Prestige 202H User’s Guide 12-8 Fire walls  Denies all sessions originatin g from the WAN to the LAN. Figure 12-5 Stateful Inspection The previous figure shows the Prestig e’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Teln et session from within the LAN and responses to this[...]

  • Página 139

    Prestige 202H User’s Guide Firewalls 12-9 access list entry is designed to permit inbound pa c kets of the same conn ection as the outbound packet just inspected. 5. The outbound packet is forwarded out through th e interface. 6. Later, an inbound pack et reaches the interface. This pa cket is part of the connection previously established with th[...]

  • Página 140

    Prestige 202H User’s Guide 12-10 Fire walls 12.5.3 TCP Secur ity The Prestige uses state information embedded in TCP pack ets. The first packet of any new connection has its SYN flag set and its ACK flag cleared; these are "initiation" packets. All pack ets that do not have this flag structure are called "subseque nt" packet s[...]

  • Página 141

    Prestige 202H User’s Guide Firewalls 12-1 1 work properly, this co nnection must be allowed to pass through even thou gh a connection fro m the Internet would normally be rej ected. In order to achieve this , the Pres tige inspects the application-level FTP data. Specifically, it searches for outgoing "P ORT" comm ands, and when i t see[...]

  • Página 142

    Prestige 202H User’s Guide 12-12 Fire walls 3. Never give out a password or any sensitive information to an unsolicited telephone call or e-mail. 4. Never e-mail sensitive information su ch as passwor ds, credit card information, etc., without encrypting the information first. 5. Never submit sensitive information via a web page unless the web si[...]

  • Página 143

    Prestige 202H User’s Guide Firewalls 12-1 3 3. To bloc k/allow bot h inbound ( WAN to LA N) and out bound (LAN t o WAN) tra ffic between t he specific inside host/network "A" and outside host/network "B". If the filter blocks the traffic from A to B, it also blocks the traffic from B to A. Filters can not distin guish traffic [...]

  • Página 144

    [...]

  • Página 145

    Prestige 202H User’s Guide Introducing the Prestige Firewall 13-1 Chapter 13 Introducing the Prestige Firewall This chapter shows you how to get st arted with the Prestige firewall. 13.1 Access Methods The web configurator is, by far, t he most comprehens ive fi rewall configuration tool your Prestige has to offer. For this reason, it is recommen[...]

  • Página 146

    Prestige 202H User’s Guide 13-2 Introducing the Prestige Firewall Figure 13-2 Menu 21.2 Fire wall Setup Configure the fire wall rules using the w eb configurator or Command Interpreter . 13.2.2 Vie wing the Firewall Log In menu 21, enter 3 to view the firewall log. An example of a firewall log is shown next. Figure 13-3 Example Fire wall Log An ?[...]

  • Página 147

    Prestige 202H User’s Guide Introducing the Prestige Firewall 13-3 Table 13-1 View Firewall Log FIELD DESCRIPTION EXAMPLES # This is the index number of the fire wall log. 128 entries are available number ed from 0 to 127. Once they are all used, the log wraps aroun d and the old logs are lost. 23 mm:dd:yy e.g., Jan 1 00 Time This is the time the [...]

  • Página 148

    [...]

  • Página 149

    Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-1 Chapter 14 Configuring Firewall with the Web Configurator This chapter shows you how to configure y our firewall with the web configurator. 14.1 Web Configurator Login and Main Menu Screens Use the Prestige we b configur ator, to confi gure your fire wall. To get st ar[...]

  • Página 150

    Prestige 202H User’s Guide 14-2 Configuring F irewall with the Web Configurator Figure 14-2 Fire wall Functions The following table describes the fields in this screen. Table 14-1 Predefined Services LINK DESCRIPTION Config Click this link to enable the firewall. Email Click this link to configure an aler t report to be sent to a specific e-mail [...]

  • Página 151

    Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-3 Table 14-1 Predefined Services Rule Summary Click this link to set up firewall rules for WAN to LAN traffic. Timeout Click this link to set up protocol timeout values for WAN to LAN traffic. Logs Click this link to view the firewall’s logs. 14.2 Enabling the Firewall[...]

  • Página 152

    Prestige 202H User’s Guide 14-4 Configuring F irewall with the Web Configurator 14.3.1 Alert s Alerts are reports on ev ents, such as attacks, that you may wa nt to know about right aw ay. You can choose to generate an alert when an attack is detected in the Attack Alert scree n (Figur e 14-6 - check th e Generate alert when attack detected check[...]

  • Página 153

    Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-5 The following table describes the fields in this screen. Table 14-2 E-mail FIELD DESCRIPTION EXAMPLE Address Info Mail Server Enter the IP address of your mail server in d otted decimal notation. Your Internet Serv ice Provider (ISP) should be able to provide this info[...]

  • Página 154

    Prestige 202H User’s Guide 14-6 Configuring F irewall with the Web Configurator 14.3.2 SMTP Error Messages If there are difficulties in sending e-mail the fo llowing error messages appear. Please see the Support Notes on the include d disk for i nformation o n other ty pes of error m essages. E-mail error me ssages appear in SM T m enu 24.3.1 as [...]

  • Página 155

    Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-7 Figure 14-5 E-mail Log 14.4 Att ack Alert Attack alerts are real-time re ports of DoS attacks. In the Attack Al ert screen, shown l ater, you m ay choose to generate an alert whene ver an attack is detected. Fo r DoS attacks, the Prestige uses thresholds to determine w[...]

  • Página 156

    Prestige 202H User’s Guide 14-8 Configuring F irewall with the Web Configurator 2. The m inimum capacity of server backlog i n your LAN network. 3. The CPU power of servers in your LAN network. 4. Network bandwidth . 5. Type of t raffic for certain se rvers. If your networ k is slo wer th an aver age for any of th ese f actors (especially if you [...]

  • Página 157

    Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-9 2. If the Blocking Time timeout is greater than 0, then th e Prestige blocks all new connection requests to the host giving the server time to handle the present conn ections. The Prestig e continues to block all new connection requests u ntil the Blocking Time expires[...]

  • Página 158

    Prestige 202H User’s Guide 14-10 Configuring F irewall with the Web Configurator Table 14-4 Attack Alert Denial of Service Thresholds One Minute Low T his is the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions. T he Prestige continues to delete half-open sessio ns as necessary, until the rate of new con[...]

  • Página 159

    Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-11 Table 14-4 Attack Alert TCP Maximum Incomplete This is the number of existing half-open TCP sessions with the same destination host IP address that causes the firewall to start dropping half-open sessi ons to that same destination host IP address. Enter a number betwe[...]

  • Página 160

    [...]

  • Página 161

    Prestige 202H User’s Guide Creating Custom Rules 15-1 Chapter 15 Creating Custom Rules This chapter contains instructions for defin ing both L ocal Network and Internet rules. 15.1 Rules Overview Firewall rules are subdivided into “Local Network” and “I nternet”. By default, the Prestige’s stateful packet inspection allows all communica[...]

  • Página 162

    Prestige 202H User’s Guide 15-2 Creating Custom Rules 2. Is the intent of the rule to forward or block traffic? 3. What is the directi on connection: from the L AN to the Internet, or from the Internet to t he LAN? 4. What IP services will be affected? 5. What com puters on the LAN are to be affected (if any)? 6. What computers on the Internet wi[...]

  • Página 163

    Prestige 202H User’s Guide Creating Custom Rules 15-3 Source Address What is the connection’s source addres s; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? Destination Address What is the connection’s destination add ress; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? 15.3 Connection Direct[...]

  • Página 164

    Prestige 202H User’s Guide 15-4 Creating Custom Rules 15.3.2 W AN to LAN Rules The default rule for WAN to LAN traffic blocks all in coming conn ections (WAN to LAN) . If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it. See the following figure. Figure 15-2 WAN to LA N Traffic 15.4 [...]

  • Página 165

    Prestige 202H User’s Guide Creating Custom Rules 15-5 Figure 15-3 Fire wall Rules Summary: First Screen Table 15-1 Firewall Rules Summary: First Scre en FIELD DESCRIPTION EXAMPLE The default action for packets not matching following rules: Should packets that do not match the follo wing rules be blocked or forwarded? Mak e your choice from the dr[...]

  • Página 166

    Prestige 202H User’s Guide 15-6 Creating Custom Rules Table 15-1 Firewall Rules Summary: First Scre en FIELD DESCRIPTION EXAMPLE The following fields summariz e the rules you have cr eated. Note that these fields are re ad only. Click the tab at the top of t he box to order the rules accordi ng to that tab. No. This is your firewall rule number. [...]

  • Página 167

    Prestige 202H User’s Guide Creating Custom Rules 15-7 Table 15-2 Predefined Services SERVICE DESCRIPTION AIM(TCP:5190) AOL’s Internet Messenger se rvice, used as a listening port by ICQ. BGP(TCP:179) Border Gateway Protocol. BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) DHCP Server. CU-SEEME(TCP/UDP:7648, 24032) A popular videoconferen[...]

  • Página 168

    Prestige 202H User’s Guide 15-8 Creating Custom Rules Table 15-2 Predefined Services NNTP(TCP:119) Network News Transport Protoc ol is the deliver y mechanism for the USENET newsgroup service. PING(ICMP:0) Packet INterne t Groper is a pr otocol that sends out ICMP echo requests to test whether or not a remote host is reachable. POP3(TCP:110) Post[...]

  • Página 169

    Prestige 202H User’s Guide Creating Custom Rules 15-9 Table 15-2 Predefined Services TACACS(UDP:49) Login Host Protocol used for (Terminal Acce ss Controller Access Control System). TELNET(T CP:23) Telnet is the login and terminal emu lation protocol common on the Internet and in UNIX environm ents. It operates over TCP/IP net works. Its primary [...]

  • Página 170

    Prestige 202H User’s Guide 15-10 Creating Custom Rules Figure 15-4 Creating/Editing A Fire wall Rule The following table describes the fields in this screen.[...]

  • Página 171

    Prestige 202H User’s Guide Creating Custom Rules 15-11 Table 15-3 Creating/Editing A Fire wall Rule FIELD DESCRIPTION EX AMPLE Source Address: Click Src Add to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one. Pleas e see the next section for more information on adding and editing source addr esses. SrcAdd Destination[...]

  • Página 172

    Prestige 202H User’s Guide 15-12 Creating Custom Rules Figure 15-5 Adding/Editing Source a nd Destination Addresses The following table describes the fields in this screen. Table 15-4 Adding/Editing Source and Destination Addresse s FIELD DESCRIPTION EXAMPLE Address Type Do you want your rule to apply to packets with a particular (single) IP addr[...]

  • Página 173

    Prestige 202H User’s Guide Creating Custom Rules 15-13 15.6.1 Configuring Timeout V alues The factors infl uencing choic es for tim eout values ar e t he same as the factors influencing choices for threshold value s – see section 14.4.1. Click Timeout for either Local N etwork to Inte rnet S et or Internet to Local Netw ork Set . Figure 15-6 Ti[...]

  • Página 174

    Prestige 202H User’s Guide 15-14 Creating Custom Rules Idle Timeout This is the length of time of inactivity a TCP connectio n remains open before the Prestige cons iders the connection closed. 3600 seconds (1 hour) UDP Idle Timeout This is the leng th of time of inactivity a UDP connection remains open before the Prestige cons iders the connecti[...]

  • Página 175

    Prestige 202H User’s Guide Customized Services 16-1 Chapter 16 Customized Services This chapter covers creating, viewing and editing custom services. 16.1 Customized Services Overview Configure cust omized servic es and port numbers n ot predefi ned by the Pre stige (see Figure 15-4) . F or a comprehensive list of p ort num bers and services, vi [...]

  • Página 176

    Prestige 202H User’s Guide 16-2 Customized Services The following table describes the fields in this screen. Table 16-1 Customized Services FIELD DESCRIPTION No. This is the number of your customized po rt. Click a rule’s number to edit the rule. Name This is the name of your customized port. Protocol This shows the IP protocol (TCP, UDP or Bot[...]

  • Página 177

    Prestige 202H User’s Guide Customized Services 16-3 The next tabl e describes the fi elds in this sc reen. Table 16-2 Creating/Editing A Custo m Port FIELD DESCRIPTION EXAMPLE Service Name Enter a unique name for your custom port. Service Type Choose the IP port ( TCP , UDP or TCP/UDP ) that defines your customized port from the drop down list bo[...]

  • Página 178

    Prestige 202H User’s Guide 16-4 Customized Services Figure 16-3 Configure Source IP Step 5. Click Edit Available Serv ice in the ed it rule screen and then click a rule number to bring up the Firewall Customized Services Config scre en. Configure as follows. Figure 16-4 Customized Serv ice for MyService Customized services show up with an “*”[...]

  • Página 179

    Prestige 202H User’s Guide Customized Services 16-5 Step 5. Follow the procedures outlined earlier in this ch apter to configure all your rules. Con figure the rule configuration screen lik e the one below and apply it. Figure 16-5 MyService Rule Config uration This is your “ MyService” custom port. This is the address range of the “MyServi[...]

  • Página 180

    Prestige 202H User’s Guide 16-6 Customized Services Step 6. On completing the configuration pro cedure for these Internet firewall rules, the Rule Summary screen should look lik e the following. Don ’t forget to click Apply whe n you ha ve finis hed configuring your rule(s) to sav e your settings back to the Prestige. Figure 16-6 Example Rule S[...]

  • Página 181

    Prestige 202H User’s Guide Firewall Logs 17-1 Chapter 17 Firewall Logs This chapter contains informati on about using the log screen to view the results of the rules you have configured. 17.1 Log Screen When you co nfigure a ne w rule y ou also ha ve the optio n to log events that match, don’t match (or both) this rule (see Figure 15-4 ). Click[...]

  • Página 182

    Prestige 202H User’s Guide 17-2 Firewall Logs The following table describes the fields in this screen. Table 17-1 Log Screen FIELD DESCRIPTION EXAMPLE No. This is the inde x number of the firewall log. 128 entries are available numbere d from 0 to 127. Once they are all used, the log will wrap around and the old logs will be lost. dd:mm:yy e.g., [...]

  • Página 183

    Advanced Management IV Part IV: Advanced Management This part discusse s Filtering, SNMP , Syst em Information and Diagnosi s, Firmware and Configuration File Maintenance, System Maint enance and Information, Call Sche duling, Remote Management and V irtual Private Networking (VPN/IPSec).[...]

  • Página 184

    [...]

  • Página 185

    Prestige 202H User’s Guide Filter Configuration 18-1 Chapter 18 Filter Configuration This chapter shows you how to create and apply filters. 18.1 Filtering Overview Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filter applications: da ta filtering and call filte[...]

  • Página 186

    Prestige 202H User’s Guide 18-2 Filter Configuration Figure 18-1 Outgoing Packet Filtering Process Two sets of factory filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls. A summary of their filter rules is shown in the figures that follow. The following figure illustrates the logic flow when executing a [...]

  • Página 187

    Prestige 202H User’s Guide Filter Configuration 18-3 Start Fetch First Filter Set Fetch First Filter Rule Active? Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available? Fetch Next Filter Set Next Filter Set Available? Accept Packet Drop Packet Yes No Yes No Yes Packet intoFilter Filter Set Forward Drop No Check Next Rule Figure 18[...]

  • Página 188

    Prestige 202H User’s Guide 18-4 Filter Configuration For incoming packets, your Prestige ap plies data filters only. Packets are p rocessed depending on whether a match is found. The following section s describe how to configure filter sets. The Filter Structur e of the Prestige A filter set consists of one or more filter rules. Usua lly, you wou[...]

  • Página 189

    Prestige 202H User’s Guide Filter Configuration 18-5 Figure 18-4 Menu 21.1 Filter Set Configuration Step 3. Select the filter set you wish to configure (1 -12) and press [ENTER] . Step 4. Enter a descriptive name or comment in th e Edit Comments field and press [ENTER] . Step 5. Press [ENTER] at the message [Press ENTER to confirm] to open Menu 2[...]

  • Página 190

    Prestige 202H User’s Guide 18-6 Filter Configuration Figure 18-5 NetBIOS_WAN Filte r Rules Summary Figure 18-6 NetBIOS _LAN Filter Rul es Summary Menu 21.1.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------------------------------- --------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 2 Y IP Pr=6, SA=0.0[...]

  • Página 191

    Prestige 202H User’s Guide Filter Configuration 18-7 Figure 18-7 Telnet WAN Filter Rules Summary Figure 18-8 FTP_WAN Filter Rules Summary 18.2.1 Filter Rules Summary Menus The following tables briefly describe the abbreviations used in th e previous menus. Menu 21.1.4 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------[...]

  • Página 192

    Prestige 202H User’s Guide 18-8 Filter Configuration TABLE 18-1 FILTER RULES SUMMARY MENU ABBREVIATIONS FIELD DESCRIPTION # The filter rule number: 1 to 6. A Active: “Y” means the rule is acti ve. “N” means the rule is inactive. Type The type of filter rule: “GEN” for Generic, “IP” for TCP/IP. Filter Rules T hese paramet ers are d[...]

  • Página 193

    Prestige 202H User’s Guide Filter Configuration 18-9 18.3 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.x – F ilter Rules Summary and press [ENTER] to open me nu 21.1.x. x for the rule. There are two types of filter rules: TCP/IP and Generic . Depending on the type of rule, the parameters for each type will [...]

  • Página 194

    Prestige 202H User’s Guide 18-10 Filter Configuration Figure 18-9 Menu 21.1.7.1 TCP/IP Filter Rule Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Filter # T his is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the th ird filter rule of that set. 7,1 Filter Type Use [SPACE BA[...]

  • Página 195

    Prestige 202H User’s Guide Filter Configuration 18-11 Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Port # Type the destination port of the pac kets you want to filter. The field range is 0 to 65535. A 0 field is ignored. 0 to 65535 Port # Comp Select the comparison to apply to the desti nation port in the packet against t[...]

  • Página 196

    Prestige 202H User’s Guide 18-12 Filter Configuration Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Action Not Matched Select the action for a packet not matching the rule. Choic es are Check Next Rule , Forw ard or Drop . Check Next Rule (default) When you have compl eted this menu, press [ENTER] at the prompt “Press [E[...]

  • Página 197

    Prestige 202H User’s Guide Filter Configuration 18-13 Packet into IP Filter Matched Matched Yes Action Matched Action Not Matched More? No Filter Active? Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched C[...]

  • Página 198

    Prestige 202H User’s Guide 18-14 Filter Configuration 18.3.2 Generic Filter Rule This section shows you how to co nfigure a generic filte r rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Pre stige treats a packet as a byte stream a s [...]

  • Página 199

    Prestige 202H User’s Guide Filter Configuration 18-15 Table 18-4 Menu 21.1.5.1 Generic Filter Rule FIELD DESCRIPTION EXAMPLE Filter Type Press [SPACE BAR] and then [ENTER] to select a t ype of rule. Parameters displayed belo w each type will be different. Choices ar e Generic Filter Rule or TCP/IP Filter Rule . Generic Filter Rule Active Select Y[...]

  • Página 200

    Prestige 202H User’s Guide 18-16 Filter Configuration 18.4 Filter T ypes and NA T There are two classe s of filter rules, Generic Filter Device rules and Protocol Filter ( TCP/IP ) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets. When NAT (Network Ad dress Translation) is enabled, the i[...]

  • Página 201

    Prestige 202H User’s Guide Filter Configuration 18-17 Figure 18-13 Sample Telnet Filter Step 1. Enter 21 from the m ain me nu to open Menu 21 - Filter and Firewall Setup . Step 2. Enter 1 to ope n Menu 21.1 - Filter Set Configuration . Step 3. Enter the index of the filter set you wish to configure (such as 4) and press [ENTER] . Step 4. Enter a [...]

  • Página 202

    Prestige 202H User’s Guide 18-18 Filter Configuration Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as sho wn in the f ollowing fi gure. Figure 18-14 Sample Filter Menu 21.1.9.1 Step 7. Type 1 to configure the first filter rule. Make the entries in this menu as shown next. Men[...]

  • Página 203

    Prestige 202H User’s Guide Filter Configuration 18-19 When you press [ENTER] to confirm, the following screen appears. Note that there is only on e filter rule in this set. Figure 18-15 Sample Filter Rules Summary Menu 21.1.9 After you have created the filter set, you must apply it. Step 8. Type 11 in t he main m enu to go t o menu 1 1 and type t[...]

  • Página 204

    Prestige 202H User’s Guide 18-20 Filter Configuration Table 18-5 Filter Sets Table FILTER SETS DESCRIPTION Input Filter Sets: Appl y filters for incoming traffic. You may apply protocol or device filter rules. Output Filter Sets: Apply filters for traffic leav ing the Prestige. You may ap ply filter rules for protocol or device filters. Call Filt[...]

  • Página 205

    Prestige 202H User’s Guide Filter Configuration 18-21 Figure 18-17 Filtering Remote Node T raffic Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= 3,4,5 device filters= Output Filter Sets: protocol filters= 1 device filters= Enter here to CONFIRM or ESC to CANCEL: A pply filter 3 to block Telnet traffic from the WAN; filter 4 t[...]

  • Página 206

    [...]

  • Página 207

    Prestige 202H User’s Guide SNMP Configuration 19-1 Chapter 19 SNMP Configuration This chapter explains SNMP Configuration menu 22. 19.1 SNMP Overview Simple Netw ork Managem ent Protoc ol is a p rotocol use d for excha nging ma nagement info rmation bet ween network de vices. SNMP is a mem ber of the TCP/ IP protocol suite. Yo ur Prestige sup por[...]

  • Página 208

    Prestige 202H User’s Guide 19-2 SNMP Configuration An agent is a managem ent software m odule that resides i n a managed device (the P restige). An a gent translates the local management information from the managed device into a form compatible with SNMP. The manager i s the co nsole throug h which net work ad m inistrat ors perform network m an[...]

  • Página 209

    Prestige 202H User’s Guide SNMP Configuration 19-3 Figure 19-2 Menu 22 SNMP Configuration The following table d escribes the SNMP configuration parameters. Table 19-1 Menu 22 SNMP Configur ation FIELD DESCRIPTION EXAMPLE SNMP: Get Community Type the Get Community , which is the password for the incoming Get- and GetNext requests from the manageme[...]

  • Página 210

    Prestige 202H User’s Guide 19-4 SNMP Configuration Table 19-2 SNMP Traps TRAP # TRAP NA ME DESCRIPTION 1 coldStart ( defined in RFC-121 5 ) A trap is sent after booting (power on). 2 warmStart ( defined in RFC-1215 ) A trap is sent after booting (s oftware reboot). 3 linkUp ( defined in RF C-1215 ) A trap is sent with the port number. 4 authentic[...]

  • Página 211

    Prestige 202H User’s Guide System Information and Diagnosis 20-1 Chapter 20 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. 20.1 System S t atus Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. [...]

  • Página 212

    Prestige 202H User’s Guide 20-2 System Information and Diagnosis Figure 20-2 Menu 24.1 Sy stem Maintenance Status Table 20-1 Menu 24.1 Sy stem Maintenance Status FIELD DESCRIPTION Chan This shows statistics for B1 and B2 channels respectively. This is the information displayed for ea ch channel. Link This shows the name of the remote node or the [...]

  • Página 213

    Prestige 202H User’s Guide System Information and Diagnosis 20-3 Table 20-1 Menu 24.1 Sy stem Maintenance Status FIELD DESCRIPTION Own CLID Sho ws your Caller ID. Peer IP Address This refers to the IP address of the peer. Peer CLID T his shows the Caller ID of the peer. Ethernet This shows statistics for the LAN. Status T his displays the port sp[...]

  • Página 214

    Prestige 202H User’s Guide 20-4 System Information and Diagnosis Figure 20-3 Menu 24.2 Sy stem Information and Console Port Speed 20.3.1 System Information Enter 1 in menu 24.2 to di splay the scree n shown next. Figure 20-4 Menu 24.2.1 Sy stem Maintenance Information Table 20-2 Menu 24.2.1 Sy stem Maintenance Information FIELD DESCRIPTION Name D[...]

  • Página 215

    Prestige 202H User’s Guide System Information and Diagnosis 20-5 Table 20-2 Menu 24.2.1 Sy stem Maintenance Information FIELD DESCRIPTION IP Address This is the IP address of the Prestige in dotted decim al notation. IP Mask This shows the subnet mask of the Prestige. DHCP This field sho ws the DHCP setting (None, Relay or Server) of the Prestige[...]

  • Página 216

    Prestige 202H User’s Guide 20-6 System Information and Diagnosis Figure 20-6 Menu 24.3 Sy stem Maintenance Log and Trace Step 3. Enter 1 from Menu 2 4.3 – System Main tenance – Log and Trace to display the error log in the system. After the Prestige finishes displaying the error log, you will have the option to clear it. Samples of typical er[...]

  • Página 217

    Prestige 202H User’s Guide System Information and Diagnosis 20-7 Figure 20-8 Menu 24.3.2 Sy stem Maintenance Unix Syslog You need to co nfigure the U NIX syslog p arameters desc ribed in the following table to activate syslog then choose what you want to log. Table 20-3 Menu 24.3.2 Sy stem Maintenance Unix Sy slog FIELD DESCRIPTION Syslog: Active[...]

  • Página 218

    Prestige 202H User’s Guide 20-8 System Information and Diagnosis Table 20-3 Menu 24.3.2 Sy stem Maintenance Unix Sy slog FIELD DESCRIPTION Firewall log Firewall events are logged when this field is set to Yes. When finished configurin g this screen, press [E NTER] to confirm or [ESC] to cancel. The following are exam ples of sysl og messages sent[...]

  • Página 219

    Prestige 202H User’s Guide System Information and Diagnosis 20-9 3. Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D). S[...]

  • Página 220

    Prestige 202H User’s Guide 20-10 System Information and Diagnosis Figure 20-9 Menu 24.3.3 Sy stem Maintenance Accounting Server FIELD DESCRIPTION EXAMPLE Accounting Server Active Press the [SPACE BAR] to select Yes and press [ENTER] to enable wireless client auth entication through an e xternal accounting server. Yes Type This non-editable field [...]

  • Página 221

    Prestige 202H User’s Guide System Information and Diagnosis 20-11 Figure 20-10 Menu 24.3.4 Call Triggering Packet. 20.7 Diagnostic The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly. Menu 24.4 allows you to ch oose among various t ypes of diagnostic tests to eva luate your syst[...]

  • Página 222

    Prestige 202H User’s Guide 20-12 System Information and Diagnosis Menu 24.4 - System Maintenance – Diagnostic ISDN System 1. Hang Up B1 Call 21. Reboot System 2. Hang Up B2 Call 22. Command Mode 3. Reset ISDN 4. ISDN Connection Test 5. Manual Call TCP/IP 11. Internet Setup Test 12. Ping Host Enter Menu Selection Number: Manual Call Remote Node=[...]

  • Página 223

    Prestige 202H User’s Guide System Information and Diagnosis 20-13 Table 20-4 System Maintenance Men u Diagnostic FIELD DESCRIPTION Internet Setup Test This test checks to see if y our Internet access c onfiguration has been done correctly. When this option is chosen, the Prestige places a manual call to the ISP remote node. If everything is worki[...]

  • Página 224

    [...]

  • Página 225

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-1 Chapter 21 Firmware and Configuration File Maintenance This chapter tells you how to back up and restore your configurati on file as well as upload new firmware and a new configuration file. 21.1 Filename Conventions The configu ration file ( often calle d the romfil e or[...]

  • Página 226

    Prestige 202H User’s Guide 21-2 Firmware and Configuration File Maintenance Table 21-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration File Rom-0 This is the configurat ion filename on the Pres tige. Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-re[...]

  • Página 227

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-3 21.2.1 Backup Configuration Follow the instructions as shown in the next screen. Figure 21-1 Menu 24.5 Sy stem Maintenance – Backup Configuration 21.2.2 Using the FTP Command from the Command Line Step 1. Launch the FTP client on your c omputer. Step 2. Enter “open”[...]

  • Página 228

    Prestige 202H User’s Guide 21-4 Firmware and Configuration File Maintenance Figure 21-2 FTP Session Example 21.2.4 GUI-based FTP Client s The followin g table describes some of t he commands t hat you m ay see in GUI-base d FTP client s. Table 21-2 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of th[...]

  • Página 229

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-5 3. There i s already anot her remote management session of the same type (web, FTP or Telnet) running. Y ou may onl y have one rem ote m anagement session of the sam e type running at one time. 4. There is a web remote management session running with a Telnet session. A T[...]

  • Página 230

    Prestige 202H User’s Guide 21-6 Firmware and Configuration File Maintenance 21.2.8 GUI-based TFTP Client s The followin g table describes some of t he fields that you may see in GU I-based TF TP clients. Table 21-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 19 2.168.1.1 is the Presti[...]

  • Página 231

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-7 Step 2. The followin g screen indicates that the Xmodem download has started. Figure 21-4 System Maintena nce: Starting Xmodem Do wnload Screen Step 3. Run the Hype rTerm inal program by clic king Transfer , then Receive File as shown in the following screen. Figure 21-5 [...]

  • Página 232

    Prestige 202H User’s Guide 21-8 Firmware and Configuration File Maintenance WA R N I N G ! DO NOT INTERRUPT THE FILE TR ANSFER PROCESS AS THIS MA Y PERMANENTL Y DAMAGE YOUR PRESTIGE, WHEN THE UPLOAD CONFIGURA TION/FIRMW ARE PROCESS IS COMPLETE, THE PRESTIGE WILL AUTOMA TICALL Y RESET . 21.3.1 Restore Using FTP For details about backup using (T)FT[...]

  • Página 233

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-9 Step 8. Enter “quit” to exit the ftp pr ompt. The Prestige will autom atica lly restart after a successful restore process. 21.3.2 Restore Using FTP Session Example Figure 21-8 Restore Usi ng FTP Session Example Refer to section 21 .2.5 to read about configurations th[...]

  • Página 234

    Prestige 202H User’s Guide 21-10 Firmware and Configuration File Maintenance Figure 21-11 Restore Configuration Example Step 4. After a successful restoration you will see the fo llowing screen. Press any key to restart the Prestige and return to the SMT menu. Figure 21-12 Successful Restoration Confirmation Screen 21.4 Uploading Firmware and Con[...]

  • Página 235

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-11 Figure 21-13 - System Maintenan ce Upload Firmware Enter 1 in menu 24.7 to display the following screen an upload firmware using FTP. Figure 21-14 Menu 24.7.1 Upload Sy stem Firmware 21.4.2 Configuration File Upload Menu 24.7.1 - System Maintenance - Upload System Firmwa[...]

  • Página 236

    Prestige 202H User’s Guide 21-12 Firmware and Configuration File Maintenance You can see th e following screen when y ou enter 2 i n menu 24 .7. Figure 21-15 Menu 24.7.2 - Sy stem Mainte nance – Upload Configuration File To upload the firmware and the conf iguration file, follow these examples 21.4.3 FTP File Upload Command from the DOS Prompt [...]

  • Página 237

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-13 21.4.4 FTP Session Example of Firmware File Upload Figure 21-16 FTP Session Example of Firmware File Upload More comm ands (found in G UI-based FTP clie nts) are listed earlier in this chapter. Refer to section 21 .2.5 to read about configurations that disallow TFTP and [...]

  • Página 238

    Prestige 202H User’s Guide 21-14 Firmware and Configuration File Maintenance 21.4.6 TFTP Upload Command Example The following is an exam ple TFTP command: tftp [-i] host put firmware.bin ras where “i” specifies binary image tra nsfer mode (use t his mode when transferring binary files), “host” is the Prestige’s IP address and “ put”[...]

  • Página 239

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-15 21.4.9 Example Xmodem Firmware Upload Using HyperT er minal Click Transfer , then Send File to display the following screen. Figure 21-18 Example Xmodem Upload After the co nfiguration upload process has c ompleted, rest art the Presti ge by ente ring “atgo” . 21.4.1[...]

  • Página 240

    Prestige 202H User’s Guide 21-16 Firmware and Configuration File Maintenance Figure 21-19 Menu 24.7.2 as Seen Using the Cons ole Port Step 2. After the "St arting Xm odem upl oad" message ap pears, activate t he Xmodem protoc ol on your computer. Fol low the p rocedure as s hown previ ously for t he HyperTerm inal prog ram. The procedur[...]

  • Página 241

    Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-17 Figure 21-20 Example Xmodem Upload After the co nfiguration upload process has c ompleted, rest art the Presti ge by ente ring “atgo” . Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send .[...]

  • Página 242

    [...]

  • Página 243

    Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-1 Chapter 22 SMT Menus 24.8 to 24.10 This chapter leads you through System Maintenance SM T menus 24.8 to 24.10. 22.1 Command Interpreter Mode The Comm and Interpreter (CI) is a part o f the main system firmware. The CI provi des much of the same functionality as the SMT, while adding some low[...]

  • Página 244

    Prestige 202H User’s Guide 22-2 SMT Menus 24.8 to 24.10 Menu 24.9 - System Maintenance - Call Control 1. Call Control Parameters 2. Black List 3. Budget Management 4. Call History Enter Menu Selection Number: Figure 22-2 Valid Commands 22.2 Call Control Support The Prestige provides four call control function s: call control parameters, blacklist[...]

  • Página 245

    Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-3 Menu 24.9.1 - Call Control Parameters Dialer Timeout: Digital Call(sec)= 60 Retry Counter= 0 Retry Interval(sec)= N/A Press ENTER to confirm or ESC to Cancel: Please enter a number from 5 to 300 22.2.1 Call Control Parameters Menu 24.9.1 s hows the call c ontrol param eters. Ent er 1 from Me[...]

  • Página 246

    Prestige 202H User’s Guide 22-4 SMT Menus 24.8 to 24.10 Menu 24.9.2 - Blacklist Phone Number 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Remove Selection (1-14): Figure 22-5 Menu 24.9.2 Blacklist 22.2.3 Budget Management Menu 24.9. 1 shows the b udget managem ent stati stics for outg oing calls. Ent er 3 from Menu 24. 9 to bring up the followi[...]

  • Página 247

    Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-5 hours, meaning no budget control. You can reset the accumulated connection time in this menu b y entering the index of a remote node. Enter 0 t o update t he scr een. The budget and the reset period can be configured in menu 11.1 for the remote nod e when PPPoE encapsulation is selected. Tab[...]

  • Página 248

    Prestige 202H User’s Guide 22-6 SMT Menus 24.8 to 24.10 Table 22-3 Menu 24.9.4 Call History FIELD DESCRIPTION Phone Number T his is the telephone number of past incomi ng and outgoing calls. Dir This shows whether the call was incoming or outgoing. Rate This is the transfer rate of the call. #call This is the number of calls made to or received f[...]

  • Página 249

    Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-7 Enter 10 to go to Menu 24.10 - Sys tem Maintenance - Ti me and Date Setting t o update the time and date settings of your Prestige as sho wn in the follow ing screen. Figure 22-9 Menu 24.10 Sy stem Maintenance: Time and Date Setting The following table describes the fields in this screen. Ta[...]

  • Página 250

    Prestige 202H User’s Guide 22-8 SMT Menus 24.8 to 24.10 Table 22-4 Time and Date Setting Fields FIELD DESCRIPTION Time Server Address Enter the IP address or domain nam e of your timeserver. Check with your ISP/network administrator if you are unsure of this information. The default is tick.stdtime.gov.tw Current Time This field displays an updat[...]

  • Página 251

    Prestige 202H User’s Guide Call Scheduling 23-1 Chapter 23 Call Scheduling Call scheduling allows you to dictate when a remote node should be called and for how long. 23.1 Call Scheduling Overview The call scheduling feature allows the Prestige to mana ge a remote no de and dictate whe n a remote no de should be called and fo r how long. This fea[...]

  • Página 252

    Prestige 202H User’s Guide 23-2 Call Scheduling T o delete a schedule set, enter the set number and press [SP ACE BAR] and then [ENTER] or [DEL] in the Edit Name field. To set up a schedule set, select the schedule set you wan t to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 - Sch edule Set Setup as show n next. Figure 23-2 Menu [...]

  • Página 253

    Prestige 202H User’s Guide Call Scheduling 23-3 Table 23-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION OPTIONS Weekday: Day If you selected Weekly in the How Often field above, then select the day( s) when the set should activate (and recur) by going to that d ay(s) and pressing [SPACE BAR] to select Yes , then press [ENTER]. Yes No N/A Start [...]

  • Página 254

    Prestige 202H User’s Guide 23-4 Call Scheduling Figure 23-3 Apply ing Schedule Set(s) Menu 11.1 - Remote Node Profile Rem Node Name= ? Edit PPP Options= No Active= Yes Rem IP Addr= ? Call Direction= Both Edit IP= No Incoming: Telco Option: Rem Login= ? Transfer Type= 64K Rem Password= ? Allocated Budget(min)= Rem CLID= Period(hr)= Call Back= No S[...]

  • Página 255

    Prestige 202H User’s Guide Remote Management 24-1 Chapter 24 Remote Management This chapter provides information on confi guring remote management (SMT menu 24. 11). 24.1 Remote Management Overview Remote management allows you to determine which services/protocols ca n acces s which Prestige interface (if any) fr om whic h comput ers. You may man[...]

  • Página 256

    Prestige 202H User’s Guide 24-2 Remote Management  Use the Prestige’s LAN IP address when configuring from the LAN. 24.1.3 System T imeout There is a syst em tim eout of five m inutes (three hundred seconds) for eith er the console port or telnet/web/FTP connections. Your Prestige automatically logs you out if you d o nothin g in this time o[...]

  • Página 257

    Prestige 202H User’s Guide Remote Management 24-3 Figure 24-2 Remote Management The following table describes the labels in this screen. Table 24-1 Remote Management FIELD DESCRIPTION Telnet Server FTP Server Web Server Each of these read-only l abels denotes a ser vic e that you may use to remotel y manage the Prestige. Port This field shows the[...]

  • Página 258

    [...]

  • Página 259

    Prestige 202H User’s Guide Introduction to VPN/IPSec 25-1 Chapter 25 Introduction to VPN/IPSec This chapter introduces the basics of IPSec VPNs. 25.1 VPN Overview A VPN (Virt ual Private Net work) pr ovides secure com municati ons between sit es without the expense of leased site-to-site lines. A secure VPN is a com bination of tunn eling, encryp[...]

  • Página 260

    Prestige 202H User’s Guide 25-2 Introduction to VPN/IPSec Figure 25-1 Encryption and Dec ryption  Data Confidentiality The IPSec sender can enc rypt packets befo re transm itting them across a network.  Data Integrity The IPSec receiver ca n validate pack ets sent by the IPSec sender t o en sure that the data has not been altered durin g tr[...]

  • Página 261

    Prestige 202H User’s Guide Introduction to VPN/IPSec 25-3 Figure 25-2 VPN Application 25.2 IPSec Architecture The overall IPSec architect ure is shown as follows.[...]

  • Página 262

    Prestige 202H User’s Guide 25-4 Introduction to VPN/IPSec Figure 25-3 IPSec Architecture 25.2.1 IPSec Algorithms The ESP (Encapsulat ing Securit y Payload) Protocol (R FC 2406) and AH (A uthenticat ion Header) prot ocol (RFC 2402) describe the packet formats and the default stand ards for packet structure (includ ing implementation algorithms). T[...]

  • Página 263

    Prestige 202H User’s Guide Introduction to VPN/IPSec 25-5 25.3 Encap sulation The two modes of ope ration for IPSec VPNs are Tr ansport m ode and Tunnel m ode. Figure 25-4 Transport and Tunnel Mo de IPSec Encapsulation 25.3.1 T ransport Mode Transport m ode is use d to protect u pper lay er protocol s and only affects the data in the I P packet. [...]

  • Página 264

    Prestige 202H User’s Guide 25-6 Introduction to VPN/IPSec 25.4 IPSec and NA T Read this section if you ar e running IPSec on a host co mputer behind the Prestige. NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN us ing the AH protocol di gitally signs the outbound pac ket, both data payl oad and headers, wi[...]

  • Página 265

    Prestige 202H User’s Guide VPN/IPSec Setup 26-1 Chapter 26 VPN/IPSec Setup This chapter shows you how to set up VNP/IPSec on your Prestige. 26.1 VPN/IPSec Overview Use the screens docum ented in th is chapter to config ure rules f or VPN co nnections and manage VPN connections. 26.1.1 VPN/IPSec SMT Menus The VPN/IPSe c main SMT me nu has three m [...]

  • Página 266

    Prestige 202H User’s Guide 26-2 VPN/IPSec Setup From the m ain menu, e nter 27 to display the first VPN/ IPSec m enu (shown next). Figure 26-2 Menu 27 VPN/IPSec Setup 26.2 IPSec Algorithms The ESP and AH protocols are necessary t o create a Security Associat ion (SA), the foundatio n of an IPSec VPN. An SA is built from the authentication provid [...]

  • Página 267

    Prestige 202H User’s Guide VPN/IPSec Setup 26-3 Table 26-1 AH and ESP ESP AH Select DES for minimal security and 3DES for maximum. Select NULL to set up a tunnel without encryption. Select MD5 for minimal security and SHA-1 for maximum security. DES (default) Data Encryption Standard (D ES) is a widely used method of data encryption using a pr iv[...]

  • Página 268

    Prestige 202H User’s Guide 26-4 VPN/IPSec Setup 26.4.1 Dynamic Secure Gateway Address If the remote secure gateway has a dy namic WAN IP ad dress and does not use DDNS, e nter 0.0.0.0 as the secure gateway’s address. In this case only the remote secure gateway can initiate SAs. This may be useful for telecommuters initiating a VPN tunnel to the[...]

  • Página 269

    Prestige 202H User’s Guide VPN/IPSec Setup 26-5 Menu 27.1 – IPSec Summary # Name A Local Addr Start - Local Addr End Encap IPSec Algorithm Key Mgt Remote Addr Start - Remote Addr End Secure Gw Addr - ------ - ----------------- --------------- ------ ------------------ 001 Taiwan Y 192.168.1.35 192.168.1.38 Tunnel ESP DES MD5 IKE 172.16.2.40 172[...]

  • Página 270

    Prestige 202H User’s Guide 26-6 VPN/IPSec Setup Table 26-2 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXA MPLE Local Addr End When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single , this is the same (static) IP address as in the Local A ddr Start field. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Rang[...]

  • Página 271

    Prestige 202H User’s Guide VPN/IPSec Setup 26-7 Table 26-2 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXA MPLE Remote Addr Start When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single , this is a (static) IP address on the network behind the remote IPSec router. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured[...]

  • Página 272

    Prestige 202H User’s Guide 26-8 VPN/IPSec Setup Table 26-2 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXA MPLE Select Rule Type the VPN rule index number you wish to edit or delete and the n press [ENTER]. 3 When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at[...]

  • Página 273

    Prestige 202H User’s Guide VPN/IPSec Setup 26-9 Table 26-3 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= IP Type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. DNS Type a domain name (up to 31 characters) by which to identify this Prestige. E-mail Type an e-mail addre[...]

  • Página 274

    Prestige 202H User’s Guide 26-10 VPN/IPSec Setup Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2 Peer ID content: tom@yourcompany.com The two Prestiges in this e xample cannot com p lete their negotiation because Presti ge B’s Local ID type is IP , but Prestige A’s Peer ID type is set to E-ma il . An “ID mismatched” message[...]

  • Página 275

    Prestige 202H User’s Guide VPN/IPSec Setup 26-11 Figure 26-5 Menu 27.1.1 IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EX AMPLE Index This is the VPN rule index number you selected in the pr evious menu. 1 Name Enter a unique identification name for this VPN rule. T he name may be up to 32 characters long but onl y 10 character[...]

  • Página 276

    Prestige 202H User’s Guide 26-12 VPN/IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EX AMPLE Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige a utomatically use it s own IP address. When you select DNS in the Local ID Type field, type a doma[...]

  • Página 277

    Prestige 202H User’s Guide VPN/IPSec Setup 26-13 Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EX AMPLE Secure Gateway Addr Type the WAN IP address or the domain nam e (up to 31 characters) of the IPSec router with which you’re making the VPN connection. Set this field to 0.0.0.0 if the remo te IPSec router has a dynamic WAN IP address ([...]

  • Página 278

    Prestige 202H User’s Guide 26-14 VPN/IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EX AMPLE End Enter a port number in this field to define a port range. T his port number must be greater than that specified in the previous field. T his field is N/A when 0 is configured in the Port Start field. N/A Remote Remote IP add resses m[...]

  • Página 279

    Prestige 202H User’s Guide VPN/IPSec Setup 26-15 Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EX AMPLE End Enter a port number in this field to define a port range. T his port number must be greater than that specified in the previous field. T his field is N/A when 0 is configured in the Port Start field. Enable Replay Detection As a VPN [...]

  • Página 280

    Prestige 202H User’s Guide 26-16 VPN/IPSec Setup Figure 26-6 T wo Phases to Set Up the IPSec SA In phase 1 you m ust:  Choose a negot iation m ode.  Authenticate the connection by en tering a pre-sh ared key.  Choo se an en cryption algori thm.  Choose an authentication algorith m.  Choose a D iffie-Hellman public-key cryp tography[...]

  • Página 281

    Prestige 202H User’s Guide VPN/IPSec Setup 26-17 especially when used with "m ain mode" IKE and a group pr e-shared key as describe d above. XAUTH also carries known plaintext (name an d passw ord prom pts) as encry pted payloa d— hints an attacker might use t o try to "crack" the enc ryption key . if both IP Sec routers ha [...]

  • Página 282

    Prestige 202H User’s Guide 26-18 VPN/IPSec Setup 26.11 Configuring IKE Settings This may be u nnecessary for data that d oes not require such sec urity, so P FS is disable d ( None ) by def ault in the Prestige. Disabling PFS means new authen tication an d en cryption keys are der ived from the same root secret (which may have security im plicati[...]

  • Página 283

    Prestige 202H User’s Guide VPN/IPSec Setup 26-19 Table 26-8 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EX AMPLE Encryption Algorithm When DES is used for data communications, both sender and receiver mus t know the same secret key, which can be used to encrypt and decrypt the message or to generate and verif y a message authentication code. Presti[...]

  • Página 284

    Prestige 202H User’s Guide 26-20 VPN/IPSec Setup Table 26-8 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EX AMPLE Perfect Forward Secrecy (PFS) Perfect Forward Secrecy (PFS) is disabled ( None ) by default in phase 2 IPSec SA setup. This allows faster IPSe c setup, but is not so secure. Press [SPACE BAR] and choose from DH1 or DH2 to enable PF S. DH[...]

  • Página 285

    Prestige 202H User’s Guide VPN/IPSec Setup 26-21 Figure 26-8 Menu 27.1.1.2 Manual Setup Table 26-10 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXA MPLE Active Protocol Press [SPACE BAR] to choos e from ESP Tunnel , ESP Transport , AH Tunnel or AH Transport and then press [ENTER]. Choosing an ESP combination causes the AH S et u p fields to be n[...]

  • Página 286

    Prestige 202H User’s Guide 26-22 VPN/IPSec Setup Table 26-10 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXA MPLE Key Enter the authentication key to be used by IPSec if applica ble. The key must be unique. Enter 16 characters for MD5 authentication and 2 0 characters for SHA-1 authentication. Any character may be used, including spaces, but tra[...]

  • Página 287

    Prestige 202H User’s Guide VPN/IPSec Setup 26-23 Table 26-11 Telecommuter and Head quarters Configura tion Example TELECOMMUTER HEADQUARTERS My IP Address : 0.0.0.0 (dynamic IP address assigned by the ISP) Public static IP address Secure Gateway IP A ddress : Public static IP address or domain name. 0.0.0.0 With this IP address only the telecommu[...]

  • Página 288

    Prestige 202H User’s Guide 26-24 VPN/IPSec Setup 26.13.2 T elecommuters Using Unique VPN Rules Example With aggressiv e negotiatio n mode (see sect ion 26.10.1Negotia tion Mod e ) the Prestige can use t he ID types and contents t o distinguis h between VPN r ules. Te lecomm uters can each use a separate VPN rule to simultaneously access a Presti [...]

  • Página 289

    Prestige 202H User’s Guide SA Monitor 27-1 Chapter 27 SA Monitor This chapter teaches you how to manage your SA s by using the SA Monitor in SMT menu 27.2. 27.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. Th is menu (shown next) displays activ e VPN connections. An SA times o[...]

  • Página 290

    Prestige 202H User’s Guide 27-2 SA Monitor Table 27-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EXAMPLE # This is the security association index numbe r. 1 Name This field displays th e identification name for this VPN policy. This name i s unique for each connection where the secure gateway IP address is a public static IP address. When the secure [...]

  • Página 291

    Prestige 202H User’s Guide IPSec Log 28-1 Chapter 28 IPSec Log This chapter interprets common IPSec log messages. 28.1 IPSec Logs To view the IPSec and IKE connection log, type 3 in menu 27 and pr ess [ENT ER] to display the IPSec lo g as shown next. The following figure shows a typi cal lo g from the initiator of a VPN connection. Figure 28-1 Ex[...]

  • Página 292

    Prestige 202H User’s Guide 28-2 IPSec Log Figure 28-2 Example VPN Responde r IPSec Log This menu is useful f or troubleshoot ing. A lo g index num ber, the dat e and tim e the log was creat ed and a log message a re displaye d. Double exclamation marks (!!) d enote an error or warning message. The following table sh ows sample log messages during[...]

  • Página 293

    Prestige 202H User’s Guide IPSec Log 28-3 Table 28-1 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Start Phase 2: Quick Mode Phase 2 negoti ation is beg inning using Quick Mode. !! IKE Negotiation is in process The Prestige has begun nego tiation with the peer for the connection already, but the IKE key exchange has not finished yet. !! Du[...]

  • Página 294

    Prestige 202H User’s Guide 28-4 IPSec Log The following table shows sample log me ssages during packet transmission. Table 28-2 Sample IPSec Logs During Packet Transmission LOG MESSAGE DESCRIPTION !! WAN IP changed to <IP> If the Prestige’s WAN IP changes, all configu red “My IP Addr” are changed to b “0.0.0.0”.. If this fi eld is[...]

  • Página 295

    Prestige 202H User’s Guide IPSec Log 28-5 Table 28-3 RFC-2408 ISAKMP Payload Ty pes LOG DISPLAY P AYLOA D TYPE NONCE Nonce NOTFY Notification DEL Delete VID Vendor ID[...]

  • Página 296

    Appendices and Index V Part V: Appendices and Index This part prov ides appendices and a n index of key terms.[...]

  • Página 297

    [...]

  • Página 298

    Prestige 202H User’s Guide Troubleshooting A Appendix A T roubleshooting This Appendix covers potential problems and the corresponding remedies. Problems S t arting Up the Prestige Chart 1 T roubleshooting the St art-Up of Y our Prestige PROBLEM CORRECTIVE ACTION Make sure that you have the included power adaptor connected to the Prestige an d to[...]

  • Página 299

    Prestige 202H User’s Guide B Troubleshooting Problems With the ISDN Line Chart 2 Troubleshooting the ISDN Line PROBLEM CORRECTIVE ACTION The ISDN initialization failed. This problem occurs when yo u attempt to save the parameters entered in Menu 2, but receive the message, ‘Save successful, but Failed to initialize ISDN; Press [Esc] to exit’.[...]

  • Página 300

    Prestige 202H User’s Guide Troubleshooting C Problems Connecting to a Remote Node or ISP Chart 4 Troubleshooting a Connectio n to a Remote Node or ISP PROBLEM CORRECTIVE ACTION Check Menu 24.1 to verify the line st atus. If it indica tes [down], then refer to the section on the line problems. Cannot connect to a remote node or ISP. In Menu 24.4.5[...]

  • Página 301

    Prestige 202H User’s Guide D Troubleshooting Problems With Remote Management Chart 7 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION When NAT is enabled:  Use the Presti ge’s WAN IP address wh en configurin g from the WAN.  Use the Presti ge’s LAN IP address when configuring from the LAN. Cannot access the Prestige from the LAN or WAN.[...]

  • Página 302

    Prestige 202H User’s Guide Power Adaptor Specifications E Appendix B Power Adapter S pecifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model DV-121AACS Input Power AC120Volts/60Hz/23W max Output Power AC12Volts/1.0A Power Consumption 8 W Safety Standards UL, CUL (UL 1310, CSA C2 2.2 No.223) NORTH AMERICAN PLUG STANDARDS AC Power Adapte[...]

  • Página 303

    Prestige 202H User’s Guide F Power Adapter Specifications EUROPEAN PLUG STANDARDS AC Power Adapter Model DV-121AACCP-5716 Input Power AC230Volts/50Hz/100mA Output Power AC12Volts/1.0A Power Consumption 8W Safety Standards TUV-GS, CE (EN 609 50) EUROPEAN PLUG STANDARDS AC Power Adapter Model AA-121ABN Input Power AC230Volts/50Hz/140mA Output Power[...]

  • Página 304

    Prestige 202H User’s Guide Index G Index Number 4-Port Switch .................................................... 1-1 A Action for Matched Packets .......................... 15-11 Alert Sched ule ................................................ 14-5 Allocated Bu dget .............................................. 8-5 Application-leve l Firewa ll[...]

  • Página 305

    Prestige 202H User’s Guide H Index Customer S upport ............................................... vi D data compre ssion .............................................. 1-4 Data Filter ing ................................................... 18-1 Data Link Co nnection ........................................5-3 DDNS Configura tion ..............[...]

  • Página 306

    Prestige 202H User’s Guide Index I Activatin g........................................................... 13-1 Address Type ................................................. 15-1 2 Alerts.................................................................. 14-4 Connection Dire ction ......................................... 15-3 Creating/Editing Rul[...]

  • Página 307

    Prestige 202H User’s Guide J Index Logging .............................................................1-3 Logging Option ...................................18-11, 18-15 Login ................................................................. 8-3 login scree n ....................................................... 3-2 Logs ......................[...]

  • Página 308

    Prestige 202H User’s Guide Index K Remote N ode ........................ 8-1, 8-8, 20-2, 20-12 Remote Node Pr ofile............................................ 8-2 Remote Node Se tup ...................................... 8-1, 8-2 Repairs ................................................................. v Replacem ent ............................[...]

  • Página 309

    Prestige 202H User’s Guide L Index T Target Ut ility ...................................................... 8-7 TCP Maximum Incomplete ......... 14-8, 14-9, 14-11 TCP Securi ty ................................................. 12-10 TCP/IP............. 6-6, 12-3, 12 -4, 18-16, 20-13, 24-2 TCP/IP Ethernet Se tup and D HCP .................... 6-5 [...]