Table of Contents
Advertisement
the data devices (IP phones are not affected). DHCP server settings on the Services Router
cannot be disabled.
IMPORTANT: The address on the WAN
interface of the SVR3000 must be
public, and not behind a device that
performs Network Address Translation
(NAT).
Firewalls and the Services Router
For the current release, placing the Services Router behind a firewall is not a supported
configuration. However, if a firewall must co-exist with the Services Router at the customer
site, this section provides information about the ports and protocols that must be allowed
access.
Ideally, all traffic should be allowed in and out of the Services Router's IP address, but the
following are mandatory:
• IP Protocol ID 50, for both inbound and outbound filters. Should be set to allow
Encapsulating Security Protocol (ESP) traffic to be forwarded
• IP Protocol ID 51, for both inbound and outbound filters. Should be set to allow
Authentication Header (AH) traffic to be forwarded
• UDP Port 500, for both inbound and outbound filters. Should be set to allow ISAKMP
traffic to be forwarded
• L2TP/IPSec traffic looks just like IPSec traffic on the wire. The firewall just has to
allow IKE (UDP 500) and IPSec ESP formatted packets (IP protocol = 50)
• ICMP
• HTTPS (Ports 51, 443 and 8443)
• For VoIP traffic to be transmitted correctly, you must open the UDP range from
16384-16483 (100 ports) (inbound and outbound).
The table on the following page lists these ports and protocols in more detail.
42
Linksys One Communications Solution
Chapter 3: Preparing for Installation
Preparing the Site
3
Advertisement
Table of Contents
Troubleshooting
