Specifications are subject to change without notice.
Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2006 Cisco Systems, Inc. All rights reserved. Other brands and product names are trademarks or registered trademarks of their respective holders. WARNING: This product contains chemicals, including lead, known to the State of California to cause cancer, and birth defects or other reproductive harm. Wash hands after handling.
Table of Contents Chapter 1 : Introduction 1 Welcome 1 What’s in this Guide? 2 Chapter 2 : Networking and Security Basics 4 4 An Introduction to LANs The Use of IP Addresses 5 The Intrusion Prevention System (IPS) 7 Chapter 3 : Planning Your Virtual Private Network (VPN) 9 Why do I need a VPN? 9
What is a VPN? 10 Chapter 4 : Getting to Know the Router 12 The Front Panel 12 The Back Panels 14 Antennas and Positions 15 Chapter 5 : Connecting the Router 16 Overview 16 Connection Instructions Placement Options 17 18 Chapter 6 : Setting Up and Configuring the Router 20 Overview 20
Basic Setup 20 How to Access the Web-based Utility How to Navigate the Utility Setup Tab 25 Wireless Tab 38 Firewall Tab 47 VPN Tab 58 QoS Tab 65 Administration Tab IPS Tab 67 72 L2 Switch Tab Status Tab 21 76 80 Appendix A: Troubleshooting Frequently Asked Questions 95 85 21
Appendix B: Using the Linksys QuickVPN Software for Windows 2000 or XP 99 Overview 99 Before You Begin 99 Installing the Linksys QuickVPN Software Using the Linksys QuickVPN Software 100 101 Appendix C: Configuring a Gateway-to-Gateway IPSec Tunnel Overview 103 Before You Begin 103 Configuring the VPN Settings for the VPN Routers Configuring the Key Management Settings 104 106 Configuring PC 1 and PC 2 107 Appendix D: Finding the MAC Address and IP Address for 103
Your Ethernet Adapter 108 Windows 98 or Me Instructions 108 Windows 2000 or XP Instructions 108 For the Router’s Web-based Utility 109 Appendix E: Trend Micro ProtectLink Gateway Service Appendix F: Glossary 110 Appendix G: Specifications 116 Appendix H: Warranty Information 119 Appendix I: Regulatory Information 120 Appendix J: Contact Information 126 110
List of Figures Figure 2-1: Example network 5 Figure 2-2: IPS Scenarios 7 Figure 3-1: VPN Router to VPN Router 11 Figure 3-2: Computer to VPN Router 11 Figure 4-1: Front Panel 12 Figure 4-2: Back Panel 14 Figure 4-3: Stackable Position and its Antenna Setup 15 Figure 4-4: Standalone Position and its Antenna Setup 15 Figure 5-1: Example of a Typical Network 16 Figure 5-2: Connect a PC 17 Figure 5-3: Connect the Internet 17 Figure 5-4: Connect the Power 17 Figure 5-5: The Stand Option 18 Figure 5-6: Stand 18
Figure 6-13: Setup - MAC Address Clone 34 Figure 6-14: Setup - Advanced Routing 35 Figure 6-15: Setup - Advanced Routing (Routing Table) 36 Figure 6-16: Setup - Time 37 Figure 6-17: Wireless - Basic Wireless Settings 38 Figure 6-18: Wireless - Wireless Security (Disabled) 40 Figure 6-19: Wireless - Wireless Security (WPA-Personal) 40 Figure 6-20: Wireless - Wireless Security (WPA2-Personal) 41 Figure 6-21: Wireless - Wireless Security (WPA2-Personal Mixed) 41 Figure 6-22: Wireless - Wireless Security (WPA-E
Figure 6-46: VPN - VPN Passthrough 64 Figure 6-47: QoS - Application Based 65 Figure 6-48: Port-based 66 Figure 6-49: Administration - Management 67 Figure 6-50: Administration - Log 68 Figure 6-51: View Log pop-up window 68 Figure 6-52: Administration - Diagnostics 69 Figure 6-53: Ping Test Screen 69 Figure 6-54: Trace Route Test Screen 70 Figure 6-55: Administration - Config Management 70 Figure 6-56: Administration - Factory Default 71 Figure 6-57: Administration - Firmware Upgrade 71 Figure 6-58: IPS -
Figure B-6: Activating Policy 101 Figure B-7: Verifying Network 101 Figure B-8: QuickVPN Software - Status 102 Figure B-9: QuickVPN Tray Icon - Connection 102 Figure B-10: QuickVPN Tray Icon - No Connection 102 Figure B-11: QuickVPN Software - Change Password 102 Figure C-1: Diagram of Gateway-to-Gateway VPN Tunnel 103 Figure C-2: Login Screen 104 Figure C-3: VPN - IPsec VPN Configuration 104 Figure C-4: Advanced IPsec VPN Tunnel Settings 106 Figure C-5: Auto (IKE) Advanced Settings Screen 106 Figure D-1: I
Chapter 1: Introduction Welcome Thank you for choosing the Wireless-N Gigabit Security Router with VPN. The Wireless-N Gigabit Security Router with VPN is an advanced Internet-sharing network solution for your small business needs. The Router features a built-in 4-Port full-duplex 10/100/1000 Ethernet switch to connect four PCs directly, or you can connect more hubs and switches to create as big a network as you need.
. • Chapter 4: Getting to Know the Router This chapter describes the physical features of the Router. . • Chapter 5: Connecting the Router This chapter instructs you on how to connect the Router to your network. . • Chapter 6: Setting Up and Configuring the Router This chapter explains how to use the Web-Based Utility to perform basic setup and configure its advanced settings. .
Chapter 2: Networking and Security Basics An Introduction to LANs A Router is a network device that connects multiple networks together and forward traffic based on IP destination of each packet. The Wireless-N Gigabit Security Router can connect your local area network (LAN) or a group of PCs interconnected in your home or office to the Internet.
The Use of IP Addresses IP stands for Internet Protocol. Every device in an IP-based network, including PCs, print servers, and routers, requires an IP address to identify its location, or address, on the network. This applies to both the Internet and LAN connections. There are two ways of assigning IP addresses to your network devices. NOTE: Since the Router is a device that connects two networks, it needs two IP addresses—one for the LAN, and one for the Internet.
assigned it will always have that same IP address until you change it. Static IP addresses are commonly used with dedicated network devices such as server PCs or print servers. Since a user’s PC is moving around in a network and is being powered on or off, it does not require a dedicated IP address that could be a precious resource in your network. If you use the Router to share your cable or DSL Internet connection, contact your ISP to find out if they have assigned a static IP address to your account.
IPS is an advanced technology to protect your network from malicious attacks. IPS works together with your SPI Firewall, IP Based Access List (IP ACL), Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to achieve the highest amount of securities. IPS works by providing real-time detection and prevention as an in-line module in a router. The Wireless-N Security Router has hardware-based acceleration for real-time pattern matching for malicious attacks.
Chapter 3: Planning Your Virtual Private Network (VPN) Why do I need a VPN? Computer networking provides a flexibility not available when using an archaic, paper-based system. With this flexibility, however, comes an increased risk in security. This is why firewalls were first introduced. Firewalls help to protect data inside of a local network.
packet: a unit of data sent over a network These are only a few of the methods hackers use and they are always developing more. Without the security of your VPN, your data is constantly open to such attacks as it travels over the Internet. Data travelling over the Internet will often pass through many different servers around the world before reaching its final destination. That's a long way to go for unsecured data and this is when a VPN serves its purpose.
VPN Router to VPN Router An example of a VPN Router-to-VPN Router VPN would be as follows. At home, a telecommuter uses his VPN Router for his always-on Internet connection. His router is configured with his office's VPN settings. When he connects to his office's router, the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs utilize the Internet, distance is not a factor.
Chapter 4: Getting to Know the Router The Front Panel The Router’s LEDs are located on the front panel of the Router. LEDs POWER Green. The POWER LED lights up when the Router is powered on. The LED flashes when the Router runs a diagnostic test. IPS Green/Red. The IPS LED lights up when the IPS function is enabled. The LED light is off when the IPS functions are disabled. The IPS LED flashes green when an external attack is detected. The IPS LED flashes red when an internal attack is detected.
sending or receiving data. INTERNET Green. The INTERNET LED lights up the appropriate LED depending upon the speed of the device that is attached to the Internet port. If the Router is connected to a cable or DSL modem, typically the 10 LED will be the only LED lit up (i.e. 10Mbps). The LED Flashes during activity.
Chapter 5: Connecting the Router Overview To set up your network, you will do the following: . • Connect the Router to one of your PCs according to the instructions in this chapter. . • By default, Windows 98, 2000, Millennium, and XP computers are set to obtain an IP address automatically, so unless you have changed the default setting, then you will not need to configure your PCs. (If you do need to configure your PCs, refer to Windows Help for more information.) .
Proceed to “Chapter 6: Setting Up and Configuring the Router.” There are three ways to place the Wireless-N Router. The first way is to place it horizontally on a surface, so it sits on its four rubber feet. The second way is to stand the Wireless Router vertically on a surface. The third way is to mount it on a wall. The stand and wall-mount options are explained in further detail below. Stand Option 1. 1. Locate the Router’s left side panel. 2. 2. The Router includes two stands.
You will need two suitable screws (See Figure 5-7) to mount the Router. Make sure the screw size can fit into the criss-cross wall-mount slots. 1. 1. On the Wireless Router’s back panel are two criss-cross wall-mount slots. 2. 2. Determine where you want to mount the Wireless Router, and install two screws that are 2-9/16 in (64.5mm) apart. 3. 3. Line up the Wireless Router so that the wall-mount slots line up with the two screws. Figure 5-7: Mounting Dimensions 4. 4.
Configuring the Wireless-N Router,” for directions on how to set up the Wireless-N Router.
Chapter 6: Setting Up and Configuring the Router Overview The Wireless Router has been designed to be functional right out of the box with the default settings. However, if you'd like to change these settings, the Wireless Router can be configured through your web browser with the Web-based Utility. This chapter explains how to use the Utility to perform the most basic settings.
How to Navigate the Utility The Web-based Utility consists of the following nine main tabs: Setup, Wireless, Firewall, VPN, QoS, Administration, IPS, L2 Switch and Status. Additional screens (sub tabs) will be available from most of the main tabs. The following briefly describes the main & sub tabs of the Utility. Setup You will use the Setup tabs to define the Router’s basic functionality. •Summary. This screen displays a read-only summary of the Router’s basic information. •WAN.
•Basic Settings. Choose the wireless network mode (e.g. B/G/N-Mixed), SSID, and radio channel on this screen. •Security Settings. Use this screen to configure the built-in access point’s security settings. •Connection Control. Use this screen to control the wireless connections from client devices to the Router. •Advanced Settings. Use this screen to configure the built-in access point’s more advanced wireless settings (e.g. Tx Rate Limiting, Channel Bandwidth, etc.). •VLAN & QoS.
QoS The Router support two types of Quality of Service (QoS) traffic. •Bandwidth Management. This allows you to perform Bandwidth Management, by either Rate Control or Priority. •QoS Setup. This allows users to configure QoS Trust Mode for each LAN port. •DSCP Settings. This allows you to set the DSCP (Differentiated Services Code Point) settings. Administration You will use Administration tabs for systems administration purposes. •Management.
may need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL, cable modem) carrier. Summary System Information Firmware version Displays the Router’s current software version. CPU Displays the Router’s CPU type. System up time Displays the length of time that has elapsed since the Router was last reset. DRAM Displays the amount of DRAM installed in the Router. Flash Displays the amount of flash memory installed in.
Firewall Setting Status DoS (Denial of Service) Indicates whether the DoS Protection feature is enabled to block DoS attacks. Block WAN Request Indicates whether the Block WAN Request feature is enabled. Remote Management Indicates whether the Remote Management feature is enabled. IPSec VPN Setting Status IPSec VPN Summary Click the IPSec VPN Summary hyperlink to display the VPN > Summary screen. Tunnel(s) Used Displays the number of VPN tunnels currently being used.
WAN The WAN Setup screen provides Internet Connection Type and DDNS configurations on the WAN port of the Wireless Router. Before starting, you need to find out the Internet Connection Type and settings used by your ISP. If the Router is used as an Intranet Router, you can mostly use the default settings. If you want to use the dynamic DNS feature, you will need to sign up for a DDNS service. Internet Connection Type The Router supports six connection types.
Internet IP Address. This is the Router’s IP address on the WAN port that can be reached from the Internet. Your ISP will provide you with the IP Address you need to specify here. Subnet Mask. This is the Router’s Subnet Mask on the WAN port. Your ISP will provide you this information and your IP Address. Default Gateway. Your ISP will provide you with the Default Gateway (Router) to reach the Internet. Primary DNS (Required) and Secondary DNS (Optional).
your connection as soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, click the Connect on Demand option and enter the number of minutes you want to have elapsed before your Internet connection terminates in the Max Idle Time field. Use this option to minimize your DSL connection time if it is charged based on time. This option is disabled by default. Keep Alive Redial period. This option allows the Router will periodically check your Internet connection.
PPTP Point-to-Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only. IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide you with the IP Address you need to specify here. Subnet Mask. This is the Router’s Subnet Mask. Your ISP will provide you the Subnet Mask and your IP address. Default Gateway. Your ISP will provide you with the Default Gateway IP Address. PPTP Server.
Heart Beat Signal Heart Beat Signal is a service used in Australia. Check with your ISP for the necessary setup information. User Name and Password. Enter the User Name and Password provided by your ISP. Heart Beat Server. Enter the IP address of the Heart Beat server. Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection after it has been inactive for a specified period of time (Max Idle Time).
L2TP Layer 2 Tunneling Protocol (L2TP) is a service that tunnels Point-to-Point Protocol (PPP) across the Internet. It is used mostly in European countries. Check with your ISP for the necessary setup information. IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide you with the IP Address you need to specify here. Subnet Mask. This is the Router’s Subnet Mask. Your ISP will provide you with the Subnet Mask and your IP address. Gateway.
Option Settings (Required by some ISPs) This section is common for all the Internet Connection Types. Some of these settings may be required by your ISP. Verify with your ISP before making any changes. Host Name: Some ISPs, usually cable ISPs, require a host name as identification. You may need to check with your ISP to see if your broadband Internet service is configured with a host name. In most cases you can leave this field blank.
DDNS The Router offers a Dynamic Domain Name System (DDNS) feature. DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the Router. Before you can use this feature, you need to sign up for DDNS service at DynDNS.org or TZO.com. DDNS Service. If your DDNS service is provided by DynDNS.org, then select DynDNS.org from the drop-down menu. If your DDNS service is provided by TZO.
After entering the necessary information, the Router will advise the DDNS Service of your current WAN (Internet) IP address whenever this address changes. If using TZO, you should NOT use the TZO software to perform this “IP address update”. Connect button: When DDNS is enabled, the Connect button is displayed. Use this button to manually update your IP address information on the DDNS server. The Status area on this screen also updates.
LAN The LAN Setup section allows you to change the Router’s local network settings for the four Ethernet ports. IPv4 The Router’s Local IPv4 Address and Subnet Mask are shown here. In most cases, you can keep the defaults. Local IP Address. Enter the IPv4 address on the LAN side. The default value is 192.168.1.1. Subnet Mask. Select the subnet mask from the drop-down menu. The default value is 255.255.255.0. IP Reserved for Internal Usage. Enter the reserved IP between 1 and 254.
Server IP Address. Starting IP Address. Enter a value for the DHCP server to start with when issuing IP addresses. This value will automatically follow your local IP address settings. Normally, you assign the first IP address for the Router (e.g. 192.168.1.1) so that you can assign an IP address to other devices starting from the 2nd IP address (e.g. 192.168.1.2). The last address in the subnet is for subnet broadcast (e.g. 192.168.1.255) so that the address cannot be assigned to any host.
Click the Save Settings button to save the network settings or click the Cancel Changes button to undo your changes.
DMZ The DMZ screen allows one local PC to be exposed to the Internet for use of a special-purpose service, such as Internet gaming and video-conferencing. DMZ hosting forwards traffic to all the ports for the specified PC simultaneously, unlike Port Range Forwarding that can only forward a maximum of 10 ranges of ports. DMZ Hosting. This feature allows one local PC to be exposed to the Internet for use of a special-purpose service such as Internet gaming and video-conferencing.
MAC Address Clone Some ISPs require that you register a MAC address. This feature clones your PC network adapter's MAC address onto the Router, and prevents you from having to call your ISP to change the registered MAC address to the Router's MAC address. The Router's MAC address is a 6-byte hexadecimal number assigned to a unique piece of hardware for identification. Mac Address Clone. Select Enabled or Disabled. Mac Address. Enter the MAC Address registered with your ISP in this field.
Advanced Routing Operating Mode Select the Operating mode in which the Router will function. Gateway. This is the normal mode of operation. This allows all devices on your LAN to share the same WAN (Internet) IP address. In the Internet Gateway mode, the NAT (Network Address Translation) mechanism is enabled. Router. You either need another Router to act as the Internet Gateway, or all PCs on your LAN must be assigned (fixed) Internet IP addresses. In Intranet Router mode, the NAT mechanism is disabled.
Static Routing Sometimes you will prefer to use static routes to build your routing table instead of using dynamic routing protocols. Static routes do not require CPU resources to exchange routing information with a peer router. You can also use static routes to reach peer routers that do not support dynamic routing protocols. Static routes can be used together with dynamic routes. Be careful not to introduce routing loops in your network.
Time You can either define your Router’s time manually or automatically through Time Server. The default is Set the local time using Network Time Protocol (NTP) Automatically. Manually Set the local time Manually If you wish to enter the time and date manually, select this option, then enter the day, month, year, hour, minutes, and seconds in the Time fields using 24-hour format. For example, for 10:00 pm, enter in the hour field, 0 in the minutes field, and 0 in the seconds field.
IP Mode IPv4 Only. Select this option to use IPv4 on the Internet and local network. Dual-Stack IP. Select this option to use IPv4 on the Internet and IPv4 and IPv6 on the local network. Then select how the IPv6 hosts will connect to the Internet: • NAPT-PT This allows an IPv6-only host on your LAN to connect to IPv4-only hosts on the WAN using address translation and protocol-translation (per RFC2766).
Wireless Tab Basic Settings Change the basic wireless network settings on this screen. Basic Settings Configure the basic Wireless Network attributes for this Wireless Router. Wireless Network Mode. Select one of the following modes. The default is B/G/N-Mixed. B-Only: All the wireless client devices can be connected to the Wireless Router at Wireless-B data rates with a maximum speed of 11Mbps.
Wireless Channel. Select the appropriate channel to be used between your Wireless Router and your client devices. The default is channel 6. You can also select Auto so that your Wireless Router will select the channel with the lowest amount of wireless interference while the system is booting up. Auto channel selection will start when you click the Save Settings button, and it will take several seconds to scan through all the channels to find the best channel.
Wireless Security Change the Wireless Router’s wireless security settings on this screen. Wireless Security Security Mode. Select the wireless security mode you want to use, WPA-Personal, WPA2-Personal, WPA2-Personal Mixed, WPA-Enterprise, WPA2-Enterprise, WPA2-Enterprise Mixed, or WEP. (WPA stands for Wi-Fi Protected Access, which is a security standard stronger than WEP encryption and forward compatible with IEEE 802.11e.
Select the type of algorithm you want to use, TKIP or AES. The default is TKIP. Shared Secret. Enter a WPA Shared Key of 8-63 characters. Key Renewal. Enter a Key Renewal Timeout period, which instructs the Wireless Router how often it should change the encryption keys. The default is 3600 seconds. WPA2-Personal Encryption. WPA2 always uses AES for data encryption. Shared Secret. Enter a WPA Shared Key of 8-63 characters. Key Renewal.
WPA-Enterprise This option features WPA used in coordination with a RADIUS server for client authentication. (This should only be used when a RADIUS server is connected to the Wireless Router.) Encryption. WPA offers you two encryption methods, TKIP and AES for data encryption. Select the type of algorithm you want to use, TKIP or AES. The default is TKIP. RADIUS Server. Enter the RADIUS server’s IP address. RADIUS Port. Enter the port number used by the RADIUS server. The default is 1812. Shared Key.
Shared Key. Enter the Shared Secret key used by the Wireless Router and RADIUS server. Key Renewal. Enter a Key Renewal Timeout period, which instructs the Wireless Router how often it should change the encryption keys. The default is 3600 seconds. WPA2-Enterprise Mixed This security mode supports the transition from WPA-Enterprise to WPA2-Enterprise. You can have client devices that use either WPA-Enterprise or WPA2-Enterprise.
Authentication Type. Choose the 802.11 authentication type as either Open System or Shared Key. The default is Open System. WEP Encryption. Select a level of WEP encryption, 40/64 bits (10 hex digits) or 104/128 bits (26 hex digits). Passphrase. If you want to generate WEP keys using a Passphrase, then enter the Passphrase in the field provided and click the Generate key. Key 1-4. If you want to manually enter WEP keys, then complete the fields provided.
Connection Control This screen allows you to configure the Connection Control List to either permit or block specific wireless client devices connecting to (associating with) the Wireless Router. Wireless Connection Control Select SSID. Select the desired SSID. Enabled/Disabled. Enable or disable wireless connection control. The default is Disabled. Connection Control There are two ways to control the connection (association) of wireless client devices.
Connection Control List MAC 01-20. Enter the MAC addresses of the wireless client devices you want to control. Change these settings as described here and click Save Settings to apply your changes, or click Cancel Changes to cancel your changes. Help information is displayed on the right-hand side of the screen.
Advanced Wireless Settings This screen allows you to configure the advanced settings for the Wireless Router. The Wireless-N Router adopts several new parameters to adjust the channel bandwidth and guard intervals to improve the data rate dynamically. Linksys recommends to let your Wireless Router automatically adjust the parameters for maximum data throughput. Advanced Settings You can change the following advanced parameters (some only for Wireless-N) for this Wireless Router. Channel Bandwidth.
Router coordinates transmission and reception to ensure efficient communication. This value should remain at its default setting of 2346. If you encounter inconsistent data flow, only minor modifications are recommended. Change these settings as described here and click Save Settings to apply your changes, or click Cancel Changes to cancel your changes. Help information is displayed on the right-hand side of the screen, and click More for additional details.
VLAN & QoS This screen allows you to configure the Qos and VLAN settings for the Access Point. The QoS (Quality of Service) feature allows you specify priorities for different traffic. Lower priority traffic will be slowed down to allow greater throughput or less delay for high priority traffic. The 802.1Q VLAN feature is allowing traffic from different sources to be segmented. Combined with the multiple SSID feature, this provides a powerful tool to control access to your LAN VLAN Enabled/Disabled VLAN.
WDS On this screen you can configure the WDS (Wireless Distribution System) settings for the device. WDS MAC Address. It displays the read-only MAC address for the WDS. Allow wireless signal to be repeated by a repeater. Select Auto or Manual as required. Remote Access Point’s MAC Address. You can either enter the MAC address directly, or, if the other AP is on-line, you can click the Site Survey button and select from a list of available APs.
Firewall The Firewall Tab allows you to configure software security features like SPI (Stateful Packet Inspection) Firewall, IP based Access List, restriction LAN users on Internet (WAN port) access, and NAPT (Network Address Port Translation) Settings (only works when NAT is enabled) to limited services to specific ports. Note that for WAN traffic, NAPT settings are applied first, then it will pass the SPI Firewall settings, followed by IP based Access List (which requires more CPU power).
• Java: Java is a programming language for websites. If you deny Java, you run the risk of not having access to Internet sites created using this programming language. • Cookies: A cookie is data stored on your PC and used by Internet sites when you interact with them, so you may not want to deny cookies. • ActiveX: ActiveX is a Microsoft (Internet Explorer) programming language for websites. If you deny ActiveX, you run the risk of not having access to Internet sites using this programming language.
IP Based ACL This screen shows a summary of configured IP based Access List. The Access List is used to restrict traffic going through the Router either from WAN or LAN port. There are two ways to restrict data traffic. You can block specific types of traffic according to your ACL definitions. Or you can allow only specific types of traffic according to your ACL definition. The ACL rules will be read according to its priority.
Time: Displays the time period this rule will be enabled (used together with Date). It can be set to Any Time. Day: Displays the days in a week this rule will be enabled (used together with Time). It can be set to Every Day. Edit button: Use this button to go to Edit IP ACL Rule screen and modify this rule. Delete button: Use this button to delete the ACL rule from the list. To add a new rule to the ACL rule table, click Add New Rule and the Edit IP ACL Rule screen appears.
Edit IP ACL Rule This Web page can be entered only through IP Based ACL Tab. You can enter this page by clicking Add New Rule button on that page. New Rule Action: Select either Allow or Deny. Default is Allow. Service: Select ALL or pre-defined (or user-defined) services from the drop-down menu. Log Select this option to log all traffic that is filtered by this rule. Log Prefix: This string will be attached in front of the log for the matched event. Source Interface: Select LAN, WAN, or ANY interface.
Change these settings as described here and click Save Settings to apply your changes, or click Cancel Changes to cancel your changes. Help information is displayed on the right-hand side of the screen, and click More for additional details. Internet Access Policy Access to the Internet can be managed by policies. A policy consists of four components.
On the List of PCs screen, you can define PCs by MAC Address or IP Address. You can also enter a range of IP Addresses if you want this policy to affect a group of PCs. To create an Internet Access policy: 1. 2. 3. 4. 5. 6. Select the desired policy number from the Internet Access Policy drop-down menu. Enter a Policy Name in the field provided. To enable this policy, select the Enable option. Click the Edit List of PCs button to select which PCs will be affected by the policy.
7. If you wish to block access to Web sites, use the Website Blocking by URL Address or Website Blocking by Keyword feature. • • 8. Website Blocking by URL Address. Enter the URL or Domain Name of the web sites you wish to block. Website Blocking by Keyword. Enter the keywords you wish to block in the fields provided. If any of these Keywords appears in the URL of a web site, access to the site will be blocked. Note that only the URL is checked, not the content of each Web page.
Single Port Forwarding This is one of the NAPT (Network Address Port Translation) feature. Use the Single Port Forwarding screen when you want to open specific services (that use single port). This allows users on the Internet to access this server by using the WAN port address and the matched external port number. When users send these types of request to your WAN port IP address via the Internet, the NAT Router will forward those requests to the appropriate servers on your LAN. Application.
Port Range Forwarding This is one of the NAPT (Network Address Port Translation) features. The Port Range Forwarding screen allows you to set up public services on your network, such as web servers, ftp servers, e-mail servers, or other specialized Internet applications that use one or multiple port numbers (e.g. video conference). The port numbers being used will not change while forwarding to the local network.
Port Range Triggering This is one of the NAPT (Network Address Port Translation) feature. Port Range Triggering is used for special applications that can request a port to be opened on demand. For this feature, the Wireless Router will watch outgoing packets for specific port numbers. This will trigger the Wireless Router to allow the incoming packets within the specified forwarding range and forward those packets to the triggering PC. One of the example applications is QuickTime.
VPN Tab Summary Tunnels Used Displays the number of tunnels used. Tunnel(s) Available Displays the number of available tunnels. Detail button Click Detail to display more tunnel information. Tunnel Status No. Displays the number of the tunnel. Name Displays the name of the tunnel, as defined by the Tunnel Name field on the VPN > IPSec VPN screen. Status Displays the tunnel’s status: Connected, Hostname Resolution Failed, Resolving Hostname, or Waiting for Connection. Phase Enc/Auth.
VPN Clients Status No. Displays the user number from 1 to 5. Username. Displays the username of the VPN Client. Status Displays the connection status of the VPN Client. Start Time Displays the start time of the most recent VPN session for the specified VPN Client. End Time Displays the end time of a VPN session if the VPN Client has disconnected. Duration Displays the total connection time of the latest VPN session.